Sergey Kandaurov
August 21, 2023 11:04AM
> On 21 Aug 2023, at 06:36, Gentry Deng via nginx <> wrote:
> Hello there,
> Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115. Cloudflare, the world's leading CDN provider, has been supporting Hybrid Kyber KEM since last year.
> I would like to know if nginx with BoringSSL can support X25519Kyber768Draft00?

It does, you can test it with BoringSSL itself.

ssl_ecdh_curve prime256v1:X25519Kyber768Draft00;

server {
listen 8443 ssl;
server_name localhost;

return 200 "$ssl_curve\n";

$ printf "GET / HTTP/1.0\n\n" | ./install/bin/bssl client -connect 127.1:8443 -curves X25519Kyber768Draft00
Connecting to
Version: TLSv1.3
Resumed session: no
Cipher: TLS_AES_128_GCM_SHA256
ECDHE group: X25519Kyber768Draft00
Signature algorithm: rsa_pss_rsae_sha256
Secure renegotiation: yes
Extended master secret: yes
Next protocol negotiated:
ALPN protocol:
OCSP staple: no
SCT list: no
Early data: no
Encrypted ClientHello: no
Cert subject: CN = localhost
Cert issuer: CN = localhost
HTTP/1.1 200 OK
Server: nginx/1.25.2
Date: Mon, 21 Aug 2023 14:58:40 GMT
Content-Type: text/plain
Content-Length: 23
Connection: close


Sergey Kandaurov
nginx mailing list
Subject Author Posted

About X25519Kyber768Draft00

Gentry Deng via nginx August 20, 2023 10:38PM

Re: About X25519Kyber768Draft00

Sergey Kandaurov August 21, 2023 11:04AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 116
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready