Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-91292

Support specifying key_shares to send [rhel-9.7]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • rhel-9.7
    • crypto-policies
    • None
    • No
    • Low
    • 1
    • rhel-security-crypto
    • ssg_security
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Crypto25Q2
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      New version of OpenSSL, the 3.5, supports a new syntax for specifying which of the advertised/supported key exchange groups should be sent in the ClientHello.key_share extension.

      If the new syntax is not used, only the very first group in the list will be included in key_share. Since we will have a post-quantum policy in RHEL-9.7 that enables a hybrid post-quantum groups as highest priority, that will mean that all connections to servers supporting only classic algorithms (X25519, P-256, etc.) will end up with increased latency for the connection (because of HelloRetryRequest mechanism).

      Crypto-policies should allow specifying which of the key exchange groups should be included in the key_share extension.

              asosedki@redhat.com Alexander Sosedkin
              hkario@redhat.com Alicja Kario
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: