On Mon, Dec 30, 2024 at 04:50:18AM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
> That’s great to hear, thanks! Do you know roughly when 3.5.0 is
> planned for release?
Rumour has it that a release is slated circa April '25, or more
generally ~every 6 months.
> Also, I know that many people here want Hybrids. My use case, however,
> requires “pure” ML-KEM and ML-DSA. Will they be available in 3.5? Both
> directly (like in the CLI examples you showed) and in TLS?
You mean something like this (run directly from a build in the source tree):
$ runserver=(./apps/openssl s_server -tls1_3 -groups MLKEM768 -accept 12345 \
-cert test/certs/ee-cert.pem -key test/certs/ee-key.pem \
-cert_chain test/certs/ca-cert.pem -brief)
$ ./util/wrap.pl "${runserver[@]}"
Protocol version: TLSv1.3
Client cipher list: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Ciphersuite: TLS_AES_256_GCM_SHA384
Signature Algorithms: RSA-PSS+SHA256
No peer certificate or raw public key
Supported groups: MLKEM768
[ Meanwhile in another interactive shell) ]
$ runclient=(./apps/openssl s_client -tls1_3 -groups MLKEM768 -connect localhost:12345 \
-sigalgs RSA-PSS+SHA256 -CAfile test/certs/root-cert.pem -servername server.example \
-verify_hostname server.example -brief)
$ ./util/wrap.pl "${runclient[@]}"
Connecting to ::1
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN=server.example
Hash used: SHA256
Signature type: RSA-PSS
Verification: OK
Verified peername: server.example
Negotiated TLS1.3 group: MLKEM768
[ Sigalgs restricted just to keep the output less noisy ]
> Thank you very much! And enjoy the Holidays!
Perfect opportunity to get a lot of code written...
Unsurprisingly, the non-hybrid ML-KEM got done first, and the hybrids
are next in the review pipeline...
--
Viktor.
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/Z3KonhXy1xNqPgpP%40chardros.imrryr.org.
