bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

Add ML-DSA support for TLSv1.3 (draft-tls-westerbaan-mldsa-00)

Open yuhh0328 opened this issue 10 months ago • 1 comments

This PR adds support for ML-DSA in TLSv1.3.

Validation and certificate testing are required, but currently, it's not possible to generate ML-DSA certificates using the released gnutls certtool. Therefore, these tests have not been included in this PR.

If you have any suggestions or alternatives for generating ML-DSA certificates, please let me know.

yuhh0328 avatar Mar 11 '25 08:03 yuhh0328

Merged with changes; in particular ML-DSA is still disabled until we finish changes to prevent negotiation before TLS 1.3.

I generated ML-DSA certificates for TLS testing a few months ago. They are available in the bc-test-data repository which would usually be setup side-by-side with bc-java (https://github.com/bcgit/bc-test-data/tree/main/tls/credentials).

peterdettman avatar Sep 05 '25 09:09 peterdettman