@[email protected] -- Vinny here is the change for H2O to use ML-KEM algorithms.

@kazuho - Let us know if you need anything modified here. Also, is there a way in h2o configuration to select what algorithm to use as the preferred algorithm on the Server? E.g. if I want ML-KEM 1024 to be the preferred algo in a set of capabilities.

@kazuho @vparla

Question: If you want to configure an H2O server to only allow a specific Group/KEM or a list of Group/KEMs it is configured via the config file's SSL section under the parameter: key-exchange-tls1.3
and the values should be from here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8

Is that correct?

Thank you for the pull request.

@rsith71 That is correct.

By using the key-exchange-tls1.3 attribute, it is possible to select any KEM available in ptls_openssl_key_exchanges_all. The names used for specifying the KEMs can be found in picotls.h, I believe they are consistent with the names defined in the IANA registry.

Regarding this pull request, my understanding is that it enables the use of hybrid KEM by default, but I'm not sure if we are already at the moment to do so. To paraphrase, I'm leaning towards keeping this pull request as parked, until it support for hybrid by default becomes necessary.

WDYT?

I can see this waiting. It just means that it is a configuration change in your H2O.conf file right now.

By the way I was doing some testing and saw this issue. #3505

I just created it and didn't have time to look into it. Let me know if you have seen this before or need more information.

Thank you.