Skip to content

Enable and use ML-KEM by default #9732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Frauschi wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Enable and use ML-KEM by default #9732

Frauschi wants to merge 1 commit into from
+941 −799

Conversation

@Frauschi
Copy link
Contributor

@Frauschi Frauschi commented Feb 2, 2026
edited
Loading

This PR changes the following:

  • Enable ML-KEM by default
  • Only allow three to-be-standardized hybrid PQ/T combinations by default (SECP256R1MLKEM768, X25519MLKEM768, SECP384R1MLKEM1024).
  • Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user does not override that) if Curve25519 is enabled. Otherwise, use SECP384MLKEM1024 or SECP256MLKEM768.
  • Disable standalone ML-KEM in supported groups by default (enable with --enable-tls-mlkem-standalone)
  • Disable extra OQS-based hybrid PQ/T curves by default and gate behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
  • Reorder the SupportedGroups extension to reflect the preferences
  • Reorder the preferredGroup array to also reflect the same preferences

This also reflects the same behavior as OpenSSL has since version 3.5.

Currently a draft, as some tests regarding DTLS 1.3 and fragmentation fail.

@Frauschi Frauschi requested review from anhu, dgarske and douzzer February 2, 2026 16:10
@Frauschi Frauschi force-pushed the pqc_first branch 4 times, most recently from a7c733c to 664c9e7 Compare February 3, 2026 16:05
@Frauschi
Enable and use ML-KEM by default
007a0c3 
* Enable ML-KEM by default
* Only allow three to-be-standardized hybrid PQ/T combinatations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that)
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Enable DTLS1.3 ClientHello fragmentation by default when both DTLS1.3
  and ML-KEM are enabled
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anhu anhu Awaiting requested review from anhu

@dgarske dgarske Awaiting requested review from dgarske

@douzzer douzzer Awaiting requested review from douzzer

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Frauschi