Add support for hybrid key exchange protocol x25519mlkem768#6107
Open
anavarr wants to merge 5 commits into
Open
Add support for hybrid key exchange protocol x25519mlkem768#6107anavarr wants to merge 5 commits into
anavarr wants to merge 5 commits into
Conversation
…r fluent API), renamed useHybrid useHybridKeyExchangeProtocol added tests
Author
Contributor
|
We ported something similar ourselves by bumping tcnatuve, are the extra methods really needed instead of simply setting/adding the curve to sslconfig when creating netclient/httpclient |
vietj
reviewed
May 11, 2026
vietj
reviewed
May 11, 2026
vietj
reviewed
May 11, 2026
vietj
reviewed
May 13, 2026
vietj
reviewed
May 13, 2026
| CompletableFuture<Boolean> cf1 = new CompletableFuture<>(); | ||
| CompletableFuture<Boolean> cf2 = new CompletableFuture<>(); | ||
|
|
||
| client.request(HttpMethod.GET, DEFAULT_HTTPS_PORT, DEFAULT_HTTPS_HOST, "/").onComplete(onSuccess(req -> { |
Member
There was a problem hiding this comment.
instead use request/response composition with await() on the future to avoid usage of CompletableFuture and make the test simpler
Member
There was a problem hiding this comment.
you can look at how other tests are doing, e.g.:
Buffer body = client.request(new RequestOptions(requestOptions).setMethod(PUT))
.compose(req -> req
.send(expected)
.expecting(HttpResponseExpectation.SC_OK)
.compose(HttpClientResponse::body))
.await();
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
The rise of quantum computers threatens traditional asymmetric key exchange protocol due to their ability to break private keys.
Post-quantum cryptography must use problems that quantum computers can't solve as quickly. Module-lattice-based problems have been found to resist quantum computers. ML-KEM, for module-lattice-based key encapsulation mechanism, is an instance of a key exchange protocol resistant to quantum computers. Due to its relative short existence, it has been recommended to use it alongside traditional Diffie-Hellman with elliptic curve.
Thus, the new hybrid key exchange protocol x25519mlkem768 uses both Diffie-Hellman with elliptic curve 25519 and ML-KEM. Its has been integrated in OpenSsl starting with version 3.5.
Changes:
This features relies on the netty-tcnative-openssl-dynamic bound to version 3.6 of openssl at runtime, and netty-tcnative-classes at build-time.