Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-64740

Support ML-DSA signatures in TLS in GnuTLS

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • gnutls-3.8.9-17.el10
    • No
    • Low
    • 2
    • rhel-security-crypto
    • ssg_security
    • 21
    • 22
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25Q2, Crypto25July
    • Hide

      1. A self signed ML-DSA certificate can be used by GnuTLS server and GnuTLS client can establish a successful connection to it
      2. A GnuTLS server can be used with a typical certificate chain (CA, subCA, server cert), and GnuTLS client can establish a successful connection to it.
      3. Client certificate based authentication with ML-DSA keys and certificates works
      4. Interoperability with OpenSSL (as either server or client) is tested
      5. All three key sizes: ML-DSA-44, ML-DSA-65, and ML-DSA-87 are tested.

      Note: compatibility of the private key format is out of scope, that's handled in RHEL-97627.

      Show
      1. A self signed ML-DSA certificate can be used by GnuTLS server and GnuTLS client can establish a successful connection to it 2. A GnuTLS server can be used with a typical certificate chain (CA, subCA, server cert), and GnuTLS client can establish a successful connection to it. 3. Client certificate based authentication with ML-DSA keys and certificates works 4. Interoperability with OpenSSL (as either server or client) is tested 5. All three key sizes: ML-DSA-44, ML-DSA-65, and ML-DSA-87 are tested. Note: compatibility of the private key format is out of scope, that's handled in RHEL-97627.
    • Pass
    • Automated
    • Enhancement
    • Hide
      .GnuTLS supports ML-DSA keys in TLS connections.

      With this update, the GnuTLS library supports using X.509 certificates with Module-Lattice-Based Digital Signature Algorithm (ML-DSA) keys in TLS 1.3 connections. For resistance against attacks by quantum computers, the certificate chain and the TLS handshake must be authenticated with a post-quantum algorithm, such as ML-DSA.
      Show
      .GnuTLS supports ML-DSA keys in TLS connections. With this update, the GnuTLS library supports using X.509 certificates with Module-Lattice-Based Digital Signature Algorithm (ML-DSA) keys in TLS 1.3 connections. For resistance against attacks by quantum computers, the certificate chain and the TLS handshake must be authenticated with a post-quantum algorithm, such as ML-DSA.
    • Done
    • None

      GnuTLS should support ML-DSA signatures in TLS.

      https://github.com/bwesterb/tls-mldsa

              hkario@redhat.com Alicja Kario
              hkario@redhat.com Alicja Kario
              Daiki Ueno Daiki Ueno
              Alicja Kario Alicja Kario
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: