RusTLS 0.15.0 now with added PQC 28 mar 2025

Rustls 0.15.0 was released earlier this week, adding PQC algorithms.

RusTLS 0.15.0 now with added PQC

Lots of stuff happening lately in the PQC world, this week it's the rustls project releasing a new version with PQC capability.

"This could have been a Fediverse update"

Correct, it could!

If you

  1. update rustls to 0.15.0
  2. then build mod_tls
  3. configure Apache to use mod_tls

you end up with a webserver that does X25519/ML-KEM768 hybrid key exchange (Xwing / X25519MLKEM768). This is considered safe even when

Verifying

If you have an OpenSSL 3.5 installed, check like so

$ :|/usr/local/bin/openssl s_client -connect brnrd.eu:443
...
Negotiated TLS1.3 group: X25519MLKEM768
...

If you have a curl version that is linked to OpenSSL 3.5, use

$ curl https://brnrd.eu/ -v -o /dev/null
...
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey
...