]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96075a6) | patch
Add hybrid ML-KEM based groups to default TLS groups
authorViktor Dukhovni <openssl-users@dukhovni.org>
Mon, 17 Feb 2025 15:41:51 +0000 (02:41 +1100)
committerTomas Mraz <tomas@openssl.org>
Tue, 25 Feb 2025 14:34:23 +0000 (15:34 +0100)
commit63a70d63e273cb419eb875ea30c2ac1864737c28
tree6285894ba1ab27104e08294ad86ccd062197d17ctree | snapshot
parent96075a6a4061eab8274fc27f5f10959ddae433e5commit | diff
Add hybrid ML-KEM based groups to default TLS groups

- send two key shares by default
- trim down the list of default groups

The default TLS group list setting is now:
?*X25519MLKEM768 / ?*X25519:?secp256r1 / ?X448:?secp384r1:?secp521r1 / ?ffdhe2048:?ffdhe3072

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26801)
ssl/ssl_lib.c diff | blob | blame | history
ssl/ssl_local.h diff | blob | blame | history
ssl/t1_lib.c diff | blob | blame | history
test/clienthellotest.c diff | blob | blame | history
test/recipes/70-test_tls13cookie.t diff | blob | blame | history
test/sslapitest.c diff | blob | blame | history
test/tls13groupselection_test.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git