RusTLS 0.15.0 now with added PQC 28 mar 2025

Author: Bernard Spil | Category: Security
Tags: PQC

Rustls 0.15.0 was released earlier this week, adding PQC algorithms.

RusTLS 0.15.0 now with added PQC

Lots of stuff happening lately in the PQC world, this week it's the rustls project releasing a new version with PQC capability.

"This could have been a Fediverse update"

Correct, it could!

If you

  1. update rustls to 0.15.0
  2. then build mod_tls
  3. configure Apache to use mod_tls

you end up with a webserver that does X25519/ML-KEM768 hybrid key exchange (Xwing / X25519MLKEM768). This is considered safe even when

Verifying

If you have an OpenSSL 3.5 installed, check like so

$ :|/usr/local/bin/openssl s_client -connect brnrd.eu:443
...
Negotiated TLS1.3 group: X25519MLKEM768
...

If you have a curl version that is linked to OpenSSL 3.5, use

$ curl https://brnrd.eu/ -v -o /dev/null
...
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey
...

This blog is proudly powered by Pelican, which takes great advantage of Python.

W3 Personal Blog is a flat bootstrap responsive theme designed by W3layouts ported to a pelican by Samael500.

Creative Commons LicenseThis work is CC-BY-4.0 licensed.