Recently, in our 5.7.4 release we fixed a bug in our TLS 1.3 post-quantum key exchange implementation. The bug was that when users wanted to use post-quantum Kyber (ML-KEM) for key establishment in TLS, the security level the user picked was being ignored by the wolfSSL library.
The fix can be found here.
With this simple fix, you can be assured that you are negotiating post-quantum key establishment at the desired security level. This is true for both Kyber (ML-KEM) on its own as well as hybridized with ECDH.
Users building with –enable-kyber and enabling PQC cipher suites with TLS 1.3 connections are recommended to update the version of wolfSSL used.
Big thanks to Daniel Correa for finding and reporting the bug.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now