-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Add support for post quantum KEM (Kyber) #1051
Comments
the repo you sent just has brotli support and uses boringssl? There is no Kyber mentioned in the patch files |
Link 1 context: It uses boringssl to enable the use of Kyber - which is one approach. The second link uses a second approach with oqs-provider instead. |
It needs to be supported in OpenSSL: openssl/openssl#24622 and the be merged into QuicTLS. BoringSSL is very limited supported in nginx/freenginx and https://github.com/open-quantum-safe/oqs-provider does not look like a useable implementation |
It can stay open if you want, I will add it as soon as it is there |
Up to you :) |
I think I maybe get it working with oqs, do you know which chippers exactly need to be added? |
I have been running it on vanilla nginx+oqs with the following for TLS 1.2/1.3, Kyber, and prioritized ChaCha - adjust as you see fit: #ciphers #optional PrioritizeChaCha |
News: In addition to the ones above (hybrid draft-kyber - FIPS 203 draft) that are currently supported by browsers and used by Cloudflare: These should be added and prioritized: They are already in oqs-provider as well (and I tested adding them). which will use the NIST approved version (ML-KEM - FIPS 203 final) , and browsers are expected to move to this soon: https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html So: ssl_ecdh_curve x25519_mlkem768:p384_mlkem768:x25519_kyber768:p384_kyber768:x25519:secp384r1; With "x25519_kyber768:p384_kyber768" being currently used/supported in browsers/cloudflare/implementations - but going to be dropped in the future and "x25519_mlkem768:p384_mlkem768" becoming implemented in the future as a replacement. Quoted from the link above: |
I've compiled it in and merged it, so the only thing missing is changing the nginx config, can you maybe give me a full configuration how it sould look based on this: https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf |
It's a one-liner.
With the only change being the last line from the configuration you linked. Optionally, if you'd like since we're here - you can PrioritizeChaCha and explicitly disable less safe CCM TLSv1.3 suites, but this is unrelated to this post quantum KEM / issue - by adding the following as well:
With the resulting full config being:
Edit: changed ciphersuite order |
I just noticed that the "ssl_prefer_server_ciphers" is set to on (#281), so we actually need to order the ciphers properly and not just as generated by the mozilla. Otherwise we're server-preferring weaker ciphers for no reason.
|
can you maybe explain why you use x25519_mlkem768:p384_mlkem768:x25519_kyber768:p384_kyber768:x25519:secp384r1 ? |
so nginx uses by default "auto" to select this curve, which of the listed chipers are the "auto" ones and which the oqs ones? |
x25519_mlkem768 is a hybrid of x25519 and the final ML-KEM - will replace the draft in browsers and implementations. same concept for the p384 hybrid variants. and the vanilla non quantum safe x25519 and secp384r1 at the end.
So: OQS: x25519_mlkem768:p384_mlkem768:x25519_kyber768:p384_kyber768 I only added x25519:secp384r1 and did not explore if there are other defaults that can be used instead, only that this is enough. |
so would you say this file looks good now? https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf |
Looks good to me, and matches my current test setup; I have tested with the linked conf as-is and it works as expected, with Kyber being used and ssllabs passing as usual. |
They are disabled by default in openssl, at least in my openssl build, which is included in NPMplus |
will release tommorow |
Howdy,
This is a feature request - for enabling Post Quantum Key Agreement in the provided nginx image - particularly support for Kyber - and tweaking the default ssl ciphers to give it preference.
Example of an NPM image with Kyber support: https://github.com/olokelo/nginx-proxy-manager-bssl-brotli
And as a resource: https://blog.aegrel.ee/kyber-nginx.html
The text was updated successfully, but these errors were encountered: