| ▲ | westurner 7 hours ago | |||||||
How to configure optional or only mlkem768 with openssl.cnf and oqsprovider?
Still working on rebasing this branch of mozilla/ssl-config-generator at copilot/add-pq-ciphers-support onto tlsref/: https://github.com/westurner/ssl-config-generator/tree/copil...I added a table of tools and which versions support PQ ciphers. I had working before this merge: full test coverage, a table of versions with PQ support, e2e tests to screenshot the table working, and MLKEM768 but there's not yet a PQ revision to the TLSref guideline. LetsEncrypt is working on having PQ Merkle Tree Certificates (MTC) ready this fall early next year: "A Post-Quantum Future for Let's Encrypt - Let's Encrypt" (2026) https://letsencrypt.org/2026/06/03/pq-certs "Google’s timeline for PQC migration" ; 2029 https://blog.google/innovation-and-ai/technology/safety-secu... "Cloudflare targets 2029 for full post-quantum security" https://blog.cloudflare.com/post-quantum-roadmap/ | ||||||||
| ▲ | ameliaquining 2 hours ago | parent [-] | |||||||
The blog post is actually a bit imprecise; when it says "almost every Python program that touches cryptography goes through pyca/cryptography", that's only true if you don't count TLS. TLS in Python is usually done through the standard library's ssl module, which is mostly just a wrapper around OpenSSL. So that's basically an entirely separate workstream that doesn't really have anything to do with this post. | ||||||||
| ||||||||