Support for Kyber - post-quantum key agreement #6655
Labels
kind/feature
New features / enhancements
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Description
Clients and servers are rolling out support for the post quantum key agreement algorithm Kyber, which is currently not useable within mitmproxy. While normal fallback algorithms do exist, it would be great if mitmproxy could support this algorithm as well.
Proposal
Kyber should be supported in both directions independently, i.e. connections facing to the server as well as to the client.
As Kyber itself is currently experimental, it is likely useful to disable it by default and provide a feature flag for it.
Kyber-support can be tested on Cloudflare's test website.
Alternatives
As the post quantum algorithm eco system is quite young, there are no useable alternatives right now.
Additional context
Kyber is currently only available per default on Cloudflare and within the Zig programming language.
While other SSL libraries (Boring SSL, Botan, reference implementations), servers (nginx, Caddy) and browsers (Chrome, Firefox Nightly) do support Kyber, they usually require setting specific feature flags or must be compiled in a specific way. More details are listed on Cloudflares test website.
The text was updated successfully, but these errors were encountered: