tls: Add a flag to use ML-KEM instead of Kyber #1112
Merged
Commits on Oct 7, 2024
-
tls: Add a flag to use ML-KEM instead of Kyber
The flag is disabled by default for now. We'll enable it by default after server early adopters have had time to deploy the new codepoint. ML-KEM and Kyber are very similar, so the compatibility and performance risks between the two are expected to be identical. Thus, to minimize interruption to enterprise administrators, ML-KEM is still gated on the same flags as Kyber was. The new flag changes the meaning of the old flags to gate Kyber instead. See https://chromium-review.googlesource.com/c/chromium/src/+/5823718 and https://boringssl-review.googlesource.com/c/boringssl/+/70547. Related to #935.
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.