Add support for hybrid key exchange protocol x25519mlkem768#6107
Conversation
|
We ported something similar ourselves by bumping tcnatuve, are the extra methods really needed instead of simply setting/adding the curve to sslconfig when creating netclient/httpclient |
…r fluent API), renamed useHybrid useHybridKeyExchangeProtocol added tests
…tainer of ubuntu 26.04 where openSsl >= 3.5 is available
…ith openssl >= 3.5 for these tests
|
thanks for the great contribution @anavarr |
|
Now that JDK 27 introduced I don't really get why we can't "simply" follow this doc and do (either using OpenSSL, JDK27 or BouncyCastle, though the naming of the algorithm may change I guess): ServerSSLOptions options = new ServerSSLOptions().
setKeyCertOptions(keyStoreOptions).
addEnabledCipherSuite("X25519MLKEM768") // if we really want to only permit this algorithm, otherwise will be part of the allowed algorithms |
|
Sorry for answering so late.
It is a bit more involved. Using OpenSSL is possible through netty-tcnative. Netty-tcnative-classes provides Java classes with native method declarations (JNI). Netty-tcnative-boringssl-static provides the native implementation of those methods and bundles BoringSSL within the JAR. A dynamic variant would instead link against the host's SSL library at runtime. However, netty-tcnative provides neither a static version of openssl>=3.5, nor a dynamic one working with OpenSSL >= 3.5, hence the need to maintain smallrye-openssl ourselves. This artifact provides a dynamic version of netty-tcnative-openssl that can be used with versions of OpenSSL >= 3.5 (the artifacts provided by netty-tcnative-openssl-dynamic only work against OpenSSL 1.x). Regarding JDK27, my guess is that we need a PQC solution quickly, and we can't expect Vert.x users to run JDK27 (which will be GA in September) right now? |
|
Even with a smallrye requirement, just like for most features tcnative is a requirement and thats quite obvious with the engineOptions, aren't all the extra code changes for just adding Imho, why not simply add an option to setCurves in the engineOptions instead |
|
We actually didn't do much more than adding an option on |
|
Maybe we should also simply add a method directly in OpenSSLEngineOptions (and others if allowed) to set curvesList so similar changes in the future are plain configurable instead of keeping the curvesList hidden in internals |
|
FYI I just tried to run a simple Vert.x client/server using JDK 27 EA and they automatically end up using (for the record you can see this by adding Indeed its GA is expected in September but that's not that far away, and |
|
we'll keep an eye on that, thanks for the feedback |
|
If people are aware they even need this, they already know what curve/group to set. I think actually exposing the proper control lets people control many things, not just this. alot of LOC for one use, where I feel simply curves list setting should of been exposed Additionally this invents “custom” ways to do things over such a standardised thing as SSL. Everyone knows universally no matter what language or SSL library you use, the language is the same, cipher lists, name groups, signing algorithms. All the setters are practically universal. Now someone goes to vertx and wants to set this from another language, he has to read the docs and find this special toggle instead of vertx sticking to convention. |
|
FYI, I've created an issue on Netty to add nameGroup support in their SslContextBuilder: netty/netty#16999 so vert.x could then have a similar configuration item. |
|
A new API was proposed here.
|
Motivation:
The rise of quantum computers threatens traditional asymmetric key exchange protocol due to their ability to break private keys.
Post-quantum cryptography must use problems that quantum computers can't solve as quickly. Module-lattice-based problems have been found to resist quantum computers. ML-KEM, for module-lattice-based key encapsulation mechanism, is an instance of a key exchange protocol resistant to quantum computers. Due to its relative short existence, it has been recommended to use it alongside traditional Diffie-Hellman with elliptic curve.
Thus, the new hybrid key exchange protocol x25519mlkem768 uses both Diffie-Hellman with elliptic curve 25519 and ML-KEM. Its has been integrated in OpenSsl starting with version 3.5.
Changes:
This features relies on the netty-tcnative-openssl-dynamic bound to version 3.6 of openssl at runtime, and netty-tcnative-classes at build-time.