Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhel-10.0.z
Affects Version/s: rhel-10.0
Component/s: nss
Labels:

Fixed in Build:
nss-3.112.0-4.el10_0
Regression:
No
Severity:
Low
Epic Link:
CRYPTO-15578
sprint_count:
1

AssignedTeam:
rhel-security-crypto
Sub-System Group:

ssg_security

Story Points:
3
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
Crypto25August

Acceptance Criteria:
Hide

When client offers only secp384r1mlkem1024 key share and supported group, the server negotiates that key exchange, and it interoperates with tlsfuzzer

when client sends malformed key share (either the classical part or the post-quantum part), the server detects it and aborts the connection
Show
When client offers only secp384r1mlkem1024 key share and supported group, the server negotiates that key exchange, and it interoperates with tlsfuzzer when client sends malformed key share (either the classical part or the post-quantum part), the server detects it and aborts the connection
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/152258
Gating Tests:

Not Needed
Test Coverage:

Automated

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The shipped NSS should include support for the SecP384r1MLKEM1024 key exchange group from draft-kwiatkowski-tls-ecdhe-mlkem

is related to

RHEL-106868 Enable the mlkem1024secp384r1 group for NSS

Release Pending

links to

RHEA-2025:152258 nss enhancement update

Assignee:: Robert Relyea

Reporter:: Alicja Kario

Developer:: Robert Relyea

QA Contact:: Ondrej Moris

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2024/12/10 6:27 PM

Updated:: 2025/09/08 3:27 PM

Resolved:: 2025/09/08 3:27 PM

Next Planned Release Date:: 1970/01/01

Release Date:: 2025/09/08