Skip to content

Fix/update for post-quantum cryptography in TLS #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vcrhonek wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix/update for post-quantum cryptography in TLS #212

vcrhonek wants to merge 2 commits into from

Conversation

@vcrhonek
Copy link
Contributor

@vcrhonek vcrhonek commented Jun 16, 2025

Hi,

OpenSSL 3.5 offers post quantum cryptography (PQC) support:

  • default TLS keyshares have been changed to offer X25519MLKEM768
  • support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)

See https://github.com/openssl/openssl/releases for more info.

Additional info can be found in these drafts:
https://datatracker.ietf.org/doc/html/draft-kwiatkowski-tls-ecdhe-mlkem-03
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-07

a)
openwsman DOESN'T use post-quantum key exchange by default if the peer supports it:

# openssl s_client  -connect localhost:5986 </dev/null
[...]
Peer signing digest: SHA256
Peer signature type: rsa_pss_rsae_sha256
Peer Temp Key: ECDH, prime256v1, 256 bits
[...]

This is because 'EC_KEY_new_by_curve_name()' usage. Patch removes this function, which is deprecated since OpenSSL 3.0 anyway. See https://docs.openssl.org/3.0/man3/EC_KEY_new/

TLS 1.3 and the X25519MLKEM768 key exchange is used by default if the peer supports it then:

# openssl s_client  -connect localhost:5986 </dev/null
[...]
Peer signing digest: SHA256
Peer signature type: rsa_pss_rsae_sha256
Negotiated TLS1.3 group: X25519MLKEM768
[...]

b)
This change makes 'owsmangencert.sh' generate ML-DSA certificate:

# patch /etc/openwsman/owsmangencert.sh << 'EOF'
--- /etc/openwsman/owsmangencert.sh.orig	2025-05-27 00:50:50.131071368 -0400
+++ /etc/openwsman/owsmangencert.sh	2025-05-27 00:52:30.239071368 -0400
@@ -26,7 +26,7 @@
 # certificate is created
 
 openssl req -days 365 $@ -config $CNFFILE \
-  -new -x509 -nodes -out $CERTFILE \
+  -newkey mldsa65 -x509 -nodes -out $CERTFILE \
   -keyout $KEYFILE
 chmod 600 $KEYFILE

EOF

If one wants to use a TLS certificate using ML-DSA , then connection works as expected (assuming 'EC_KEY_new_by_curve_name()' was already removed):

# openssl x509 -in /etc/openwsman/servercert.pem --text --noout
[...]
Signature Algorithm: ML-DSA-65
[...]
Public Key Algorithm: ML-DSA-65
[...]
# openssl s_client  -connect localhost:5986 -CAfile /etc/openwsman/servercert.pem </dev/null
[...]
Peer signature type: mldsa65
Negotiated TLS1.3 group: X25519MLKEM768
[...]
Verify return code: 0 (ok)
[...]
# echo $?
0

But openwsman DOESN'T support an ML-DSA certificate and classic certificate chain (fall back for clients not having access to PQC) at the same time. There's no configuration or option to load more than one certificate in the server. This could be useful and the rest of the patch implements this functionality.

vcrhonek added 2 commits June 16, 2025 13:50
@vcrhonek
Fix for post-quantum cryptography in TLS
39439c8 
Remove deprecated 'EC_KEY_new_by_curve_name' and add configuration
option for fall back certificate/key pair.

Signed-off-by: Vitezslav Crhonek <vcrhonek@redhat.com>
@vcrhonek
Fix SSL fallback error reporting
0d5b149 
- Use _shttpd_report_ssl_error instead of _shttpd_elog
- Fix bug where 'pem' parameter was used instead of actual file paths

Signed-off-by: Vitezslav Crhonek <vcrhonek@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vcrhonek