Loading...

XML

Word

Printable

Acceptance Criteria:
Hide

X25519MLKEM768 (TLS code point 4588) and SecP256r1MLKEM768 (TLS code point 4587) are supported

should be automatically enabled if MLKEM768X25519 and MLKEM768SECP256 is turned on in the allow portion of /etc/crypto-policies/back-ends/nss.config
Show
X25519MLKEM768 (TLS code point 4588) and SecP256r1MLKEM768 (TLS code point 4587) are supported should be automatically enabled if MLKEM768X25519 and MLKEM768SECP256 is turned on in the allow portion of /etc/crypto-policies/back-ends/nss.config
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/142281
Test Coverage:
None

Release Note Type:
Feature
Release Note Text:

Hide
Feature, enhancement:
NSS now support ml-kem hybrid mechanisms in TLS.
Reason:
As part of the transition to post quantum algorithms, ml-kem hybrid support in TLS allows for transitions to a quantum safe algorthims while maintaining the safetly our existing algorithms. This will protect against 'record now decrypt later' attacks on their tls sessions.
Result:
Customers can begin to transition to PQ in their deployments to gain the quantum safe protections.

Show
Feature, enhancement: NSS now support ml-kem hybrid mechanisms in TLS. Reason: As part of the transition to post quantum algorithms, ml-kem hybrid support in TLS allows for transitions to a quantum safe algorthims while maintaining the safetly our existing algorithms. This will protect against 'record now decrypt later' attacks on their tls sessions. Result: Customers can begin to transition to PQ in their deployments to gain the quantum safe protections.
Release Note Status:
Proposed

NSS should not implement Kyber/Dilithium/etc but ML-KEM/ML-DSA

is cloned by

RHEL-58246 GnuTLS: respin for MLKEM

links to

RHBA-2024:142281 nss bug fix and enhancement update