Skip to content

Add ML-DSA support for TLSv1.3 (draft-tls-westerbaan-mldsa-00) #2020

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yuhh0328 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add ML-DSA support for TLSv1.3 (draft-tls-westerbaan-mldsa-00) #2020

yuhh0328 wants to merge 2 commits into from

Conversation

@yuhh0328
Copy link
Contributor

@yuhh0328 yuhh0328 commented Mar 11, 2025

This PR adds support for ML-DSA in TLSv1.3.

Validation and certificate testing are required, but currently, it's not possible to generate ML-DSA certificates using the released gnutls certtool. Therefore, these tests have not been included in this PR.

If you have any suggestions or alternatives for generating ML-DSA certificates, please let me know.
@peterdettman
Copy link
Collaborator

peterdettman commented Sep 5, 2025

Merged with changes; in particular ML-DSA is still disabled until we finish changes to prevent negotiation before TLS 1.3.

I generated ML-DSA certificates for TLS testing a few months ago. They are available in the bc-test-data repository which would usually be setup side-by-side with bc-java (https://github.com/bcgit/bc-test-data/tree/main/tls/credentials).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants

@yuhh0328 @peterdettman @yu-2h