Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add configuration snippet for post-quantum key exchange #481

Open
wants to merge 3 commits into
base: trunk
Choose a base branch
from
Open

Add configuration snippet for post-quantum key exchange #481

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f304e2b
Update ssl_howto.xml
nisbet-hubbard Sep 22, 2024
9e727a7
Update dead link to OpenSSL docs in mod_ssl.xml
nisbet-hubbard Sep 22, 2024
357fd01
Fix punctuation
nisbet-hubbard Sep 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/manual/mod/mod_ssl.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2917,7 +2917,7 @@ features are added to OpenSSL.</p>
depends on the OpenSSL version being used for <module>mod_ssl</module>
(at least version 1.0.2 is required). For a list of supported command
names, see the section <em>Supported configuration file commands</em> in the
<a href="http://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS">SSL_CONF_cmd(3)</a> manual page for OpenSSL.</p>
<a href="https://docs.openssl.org/3.0/man3/SSL_CONF_cmd/#supported-command-line-commands">SSL_CONF_cmd(3)</a> manual page for OpenSSL.</p>

<example><title>Examples</title>
<highlight language="config">
Expand Down
18 changes: 18 additions & 0 deletions docs/manual/ssl/ssl_howto.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ may require further steps to mitigate.)</p>
<li><a href="#onlystrong">How can I create an SSL server which accepts strong encryption only?</a></li>
<li><a href="#strongurl">How can I create an SSL server which accepts many types of ciphers in general, but
requires a strong cipher for access to a particular URL?</a></li>
<li><a href="#pq">How can I create an SSL server which supports post-quantum key exchange methods?</a></li>
</ul>

<section id="onlystrong">
Expand Down Expand Up @@ -156,6 +157,23 @@ SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E
&lt;/Location&gt;
</highlight>
</section>

<section id="pq">
<title>How can I create an SSL server which supports post-quantum key
exchange methods?</title>
<p>Install <a href="https://github.com/open-quantum-safe/liboqs#linux-and-mac">liboqs</a>,
export <code>liboqs_DIR</code>, and install
<a href="https://github.com/open-quantum-safe/oqs-provider?tab=readme-ov-file#basic-steps">oqs-provider</a>.
Next, activate <a href="https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md#configuration-file">oqs-provider</a>
and the <a href="https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md#configuration-parameter">KEM groups</a>
you wish to accept in <code>openssl.cnf</code>. Only <code>x25519_kyber768</code>
is currently supported by browsers. Now, add the following to your SSL
configuration:</p>
<highlight language="config">
# "Curves" is a synonym for the "Groups" command.
SSLOpenSSLConfCmd Curves x25519_kyber768:x25519:P-256:P-384
</highlight>
</section>
</section>
<!-- /ciphersuites -->

Expand Down