Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Minor
Fix Version/s: rhel-10.0.z
Affects Version/s: rhel-10.0
Component/s: nss
Labels:

Regression:
No
Severity:
Low
Epic Link:
CRYPTO-17097
sprint_count:
2

AssignedTeam:
rhel-security-crypto-clubs
Sub-System Group:

ssg_security

Internal Target Milestone:
28
Story Points:
1
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
Crypto25August, Crypto25September

Acceptance Criteria:

Hide

AC1) NSS server prioritizes x25519lkem768 and secp256r1mlkem768 over x25519 when clients sends x25519 key share

Show
AC1) NSS server prioritizes x25519lkem768 and secp256r1mlkem768 over x25519 when clients sends x25519 key share
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/152258
Gating Tests:

Enabled
Test Coverage:

Automated

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

nss-3.101.0-13.el10.x86_64

NSS server group selection is weird, on RHEL-10.1, when client advertises the following groups (with '*' meaning send a key_share for it too), we get the following results:

*X25519MLKEM768:SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384:*X25519:ffdhe2048:ffdhe3072 = X25519MLKEM768 (GOOD)
*X25519MLKEM768:SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384:*X25519 = X25519MLKEM768 (GOOD)
X25519MLKEM768:*SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384:*X25519 = X25519 (BAD)
X25519MLKEM768:*SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384:X25519 = X25519MLKEM768 (OK, but suboptimal, means a HRR)
*SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384:X25519 = SecP256r1MLKEM768 (GOOD)
*SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384:*X25519 = X25519 (BAD, worst)
X25519MLKEM768:SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384:X25519 = X25519MLKEM768 (GOOD)
*SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384 = SecP256r1MLKEM768 (GOOD)
*SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384:ffdhe2048:*ffdhe3072 = SecP256r1MLKEM768 (GOOD)
X25519MLKEM768:SECP256R1MLKEM768:SECP384R1MLKEM1024:*P-256:P-384 = X25519MLKEM768 (GOOD)

links to

RHEA-2025:152258 nss enhancement update

Assignee:: Robert Relyea

Reporter:: Alicja Kario

Developer:: Robert Relyea

QA Contact:: Ondrej Moris

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2025/06/04 4:29 PM

Updated:: 2025/09/09 1:22 PM

Resolved:: 2025/09/08 3:27 PM

Next Planned Release Date:: 1970/01/01

Release Date:: 2025/09/08

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide