When OpenSSL 3.5.x will be integrated in order, for Kong, to be PQC safe for TLS/mTLS ? #14576
Replies: 2 comments 1 reply
-
|
Sorry, as far as I know that we have no clear planning about it. |
Beta Was this translation helpful? Give feedback.
-
|
I think that we could build kong with openssl 3.5 by ourself. |
Beta Was this translation helpful? Give feedback.
-
|
judging by the existence of this file in the openresty repo, i assume that the latest versions of openresty already support openssl v3.5+. i'm not sure how openresty / openssl is integrated into kong. but hopefully it won't be a big effort to pull in a pqc-capable version of openssl. 🤞 since quantum computers are not yet capable of breaking anything but "toy" examples of public key crypto, the main concern right now are "harvest now, decrypt later" attacks. ...and this is why it is important for everyone to start protecting the exchange of symmetric session keys as soon as possible. symmetric encryption of data is not susceptible to quantum computer-aided cryptanalysis. but the keys used for this symmetric encryption are (currently) exchanged using pqc-vulnerable public key algorithms. amazon, cloudflare, google, mozilla, etc. have all rolled out openssh has been using so, yeah, i would love to see kong pull in an openssl version that supports at least some of the new pqc algorithms. 😍 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello everyone,
As far as I know, the latest Kong version (eg 3.9) integrates Nginx 1.25.3 and uses TLS library OpenSSL 3.2.3.
In order, for Kong, to be PQC safe, it has, at least, to integrate OpenSSL 3.5.x.
When OpenSSL 3.5.x will be integrated in next Kong releases ? Is there any roadmap on this topic ?
Best Regards.
Beta Was this translation helpful? Give feedback.
All reactions