Handshake Failures with Post-Quantum Certificates on SCTP & DTLS 1.2

[lakshya-chopra]

I was testing a client & server application making use of Post Quantum certificates and Kyber768 group, it ran perfectly well on a standard TLS 1.3 connection. However, I am facing problems when using an SCTP socket with DTLS 1.2. Specifically, the handshake fails due to no shared cipher between the client and the server.

• With DTLS: SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2307:

• With TLS:

Question: Is DTLS 1.2/1.3 support available for Post-Quantum certificates?

Edited: From the documentation, it does seem like PQ certificates can still not be used with DTLS. Are there any plans to add support for DTLS in the future?

[fwh-dc]

I'm currently developing DTLS 1.3 for OpenSSL in order to use PQC for DTLS. Key exchange providers can only be used with (D)TLS1.3 in OpenSSL. Let me know if you want to contribute to the development.

[baentsch]

Sounds very interesting, @fwh-dc . Where in GH are you doing that work? Any concrete issues one could take a look at to gauge whether one could contribute?

[fwh-dc]

I am doing the implementation in openssl's github. There are still some remaining features waiting to be implemented. Feel free to reach out if you're interested. I can give some additional info to help get started.

Issue: https://github.com/openssl/openssl/issues/13900 Feature branch: https://github.com/openssl/openssl/tree/feature/dtls-1.3

[lakshya-chopra]

That's great to hear, @fwh-dc . I'd like to contribute to this feature addition to openssl. It would be helpful if you could share some information about the current progress and the features that still need to be implemented. In the meantime, I'll review this branch and understand the existing code.

[fwh-dc]

Ok, I'm preparing some text and I'll let you know when I have posted it. I think I will do it in the OpenSSL DTLS 1.3 issue.

[fwh-dc]

I've added some notes to https://github.com/openssl/openssl/issues/13900