You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Clients and servers are rolling out support for the post quantum key agreement algorithm Kyber, which is currently not useable within mitmproxy. While normal fallback algorithms do exist, it would be great if mitmproxy could support this algorithm as well.
Proposal
Kyber should be supported in both directions independently, i.e. connections facing to the server as well as to the client.
As Kyber itself is currently experimental, it is likely useful to disable it by default and provide a feature flag for it.
As the post quantum algorithm eco system is quite young, there are no useable alternatives right now.
Additional context
Kyber is currently only available per default on Cloudflare and within the Zig programming language.
While other SSL libraries (Boring SSL, Botan, reference implementations), servers (nginx, Caddy) and browsers (Chrome, Firefox Nightly) do support Kyber, they usually require setting specific feature flags or must be compiled in a specific way. More details are listed on Cloudflares test website.
The text was updated successfully, but these errors were encountered:
Problem Description
Clients and servers are rolling out support for the post quantum key agreement algorithm Kyber, which is currently not useable within mitmproxy. While normal fallback algorithms do exist, it would be great if mitmproxy could support this algorithm as well.
Proposal
Kyber should be supported in both directions independently, i.e. connections facing to the server as well as to the client.
As Kyber itself is currently experimental, it is likely useful to disable it by default and provide a feature flag for it.
Kyber-support can be tested on Cloudflare's test website.
Alternatives
As the post quantum algorithm eco system is quite young, there are no useable alternatives right now.
Additional context
Kyber is currently only available per default on Cloudflare and within the Zig programming language.
While other SSL libraries (Boring SSL, Botan, reference implementations), servers (nginx, Caddy) and browsers (Chrome, Firefox Nightly) do support Kyber, they usually require setting specific feature flags or must be compiled in a specific way. More details are listed on Cloudflares test website.
The text was updated successfully, but these errors were encountered: