-
Notifications
You must be signed in to change notification settings - Fork 574
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removing Kyber r3 TLS ciphersuites #4403
Milestone
Comments
Given the imminent patch release: #4404, should we already mark those suites as "deprecated" in 3.6.1 with a clear statement that they won't stay until Botan4? |
randombit
added a commit
that referenced
this issue
Oct 24, 2024
The TLS ecosystem is rapidly moving to the standarized variant of Kyber (FIPS 203 ML-KEM), which we also already support. Supporting the pre-standard/experimental r3 ciphersuites through the entire Botan3 lifetime is not reasonable. GH #4403
randombit
added a commit
that referenced
this issue
Oct 24, 2024
The TLS ecosystem is rapidly moving to the standarized variant of Kyber (FIPS 203 ML-KEM), which we also already support. Supporting the pre-standard/experimental r3 ciphersuites through the entire Botan3 lifetime is not reasonable. GH #4403
randombit
added a commit
that referenced
this issue
Oct 24, 2024
The TLS ecosystem is rapidly moving to the standarized variant of Kyber (FIPS 203 ML-KEM), which we also already support. Supporting the pre-standard/experimental r3 ciphersuites through the entire Botan3 lifetime is not reasonable. GH #4403
randombit
added a commit
that referenced
this issue
Oct 25, 2024
The TLS ecosystem is rapidly moving to the standarized variant of Kyber (FIPS 203 ML-KEM), which we also already support. Supporting the pre-standard/experimental r3 ciphersuites through the entire Botan3 lifetime is not reasonable. GH #4403
randombit
added a commit
that referenced
this issue
Oct 25, 2024
The TLS ecosystem is rapidly moving to the standarized variant of Kyber (FIPS 203 ML-KEM), which we also already support. Supporting the pre-standard/experimental r3 ciphersuites through the entire Botan3 lifetime is not reasonable. GH #4403
larssilven
pushed a commit
to larssilven/botan
that referenced
this issue
Nov 17, 2024
The TLS ecosystem is rapidly moving to the standarized variant of Kyber (FIPS 203 ML-KEM), which we also already support. Supporting the pre-standard/experimental r3 ciphersuites through the entire Botan3 lifetime is not reasonable. GH randombit#4403
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Chrome 131 (eta next month) is going to remove support for Kyber r3 suites and switch to ML-KEM only
https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
IMO we should do the same for Botan 3.7.0
This is as fast moving area and I don't think it makes sense to continue to support Kyber r3 suites for the entire life of Botan3, which is already committed to another 3 years of support (through 2027) and may well live longer depending on circumstances.
The text was updated successfully, but these errors were encountered: