Welcome! <input type=

Well. I found this article: <a href="https://blog.cloudflare.com

Hello <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-ur

Post-Quantum Key Exchange support for HTTPS about traefik HOT 3 OPEN

fzoli commented on June 24, 2024

Post-Quantum Key Exchange support for HTTPS

from traefik.

Comments (3)

fzoli commented on June 24, 2024

Well.

I found this article:
https://blog.cloudflare.com/experiment-with-pq/

Cloudflare has a Go fork that supports Kyber.

Relevant code in crypto/tls/cfkem.go:

var (
	X25519Kyber512Draft00    = CurveID(0xfe30)
	X25519Kyber768Draft00    = CurveID(0x6399)
)

I compiled it on my machine to use it to build Traefik.

In the Traefik project there is a certificate.go file in the tls module.

I added the curve IDs:

	CurveIDs = map[string]tls.CurveID{
		`secp256r1`:             tls.CurveP256,
		`CurveP256`:             tls.CurveP256,
		`secp384r1`:             tls.CurveP384,
		`CurveP384`:             tls.CurveP384,
		`secp521r1`:             tls.CurveP521,
		`CurveP521`:             tls.CurveP521,
		`x25519`:                tls.X25519,
		`X25519`:                tls.X25519,
		`X25519Kyber512Draft00`: tls.X25519Kyber512Draft00, // <<-- added
		`X25519Kyber768Draft00`: tls.X25519Kyber768Draft00, // <<-- added
	}

Then I compiled Traefik with cfgo and created a new Docker image based on the alpine one.

It seems to work with Chrome browser.
Of course it is not production ready, but at least I can play with it.

from traefik.

kevinpollet commented on June 24, 2024

Hello @fzoli and thanks for your interest in Traefik,

Sure this is something we will likely support as soon as the Go library supports it, see golang/go#64537

from traefik.

Night1 commented on June 24, 2024

Nice work, im looking to test this aswell, now that i know it can be done ill look in to it. X25519 is already supported in 3.0.0 lets see if the Kyber part can be added tooo

from traefik.

Recommend Projects