Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-91144

Support specifying key_shares to send [rhel-10.1]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • rhel-10.1
    • crypto-policies
    • None
    • No
    • Low
    • 1
    • rhel-security-crypto
    • ssg_security
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Crypto25Q2
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      New version of OpenSSL, the 3.5, supports a new syntax for specifying which of the advertised/supported key exchange groups should be sent in the ClientHello.key_share extension.

      If the new syntax is not used, only the very first group in the list will be included in key_share. Since for DEFAULT in RHEL-10.1 that is a hybrid post-quantum group, that will mean that all connections to servers supporting only classic algorithms (X25519, P-256, etc.) will end up with increased latency for the connection (because of HelloRetryRequest mechanism).

      Crypto-policies should allow specifying which of the key exchange groups should be included in the key_share extension.

              asosedki@redhat.com Alexander Sosedkin
              hkario@redhat.com Alicja Kario
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: