LibreSSL >= 4.3.0 supports MLKEM768, but Tor does not make use of it
After sending the PQC status email to tor-relays@, I checked the LibreSSL's ChangeLog and it looks like they did release a version that supports the MLKEM768/X25519 hybrid handshake for PQC. Unfortunately, it doesn't work out of the box with C Tor right now. While just testing this, I tried the following and that does indeed make the connection use the new handshake type: ```patch diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index d18a112325..846e8ede9d 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -573,6 +573,9 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, OPENSSL_V_SERIES(3,5,0), "?*X25519MLKEM768 / ?SecP256r1MLKEM768 / *P-256:?X25519:P-224" }, +#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x40300000 + { 0, "X25519MLKEM768" }, +#endif { 0, "P-256:X25519:P-224" }, { 0, "P-256:P-224" }, }; ``` We likely have to be careful with our versioning macros here given that the libressl versioning is now >= than the OpenSSL one.
issue