1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 09:06:39 +02:00
Files
unrealircd/doc
Bram Matthys 11ba1edff1 Update release notes on the Post-quantum cryptography (PQC) enhancements:
* [set::tls](https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols):
    Rename `ecdh-curves` to `groups` (the old name will continue to work)
  * Add (and prefer) the `X25519MLKEM768` hybrid group, which is a mix
    of `X25519` that is commonly used today and quantum-safe `ML-KEM-768`.
    This to protect against
    ["harvest now, decrypt later"](https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later).
  * To benefit from this, OpenSSL 3.5.0 or later (released April 2025)
    is required on the server, and similarly a client that supports this.
    At the time of writing, almost all Linux distros don't have such an
    OpenSSL version yet (which is not a problem, this new feature will simply
    not be available). Notably Debian 13 (when released in August
    2025) will have it. LibreSSL does not support it either yet, so our
    Windows build does not have this feature.
  * Also, change the TLS information on-connect and in WHOIS etc. from
    something like `TLSv1.3-TLS_CHACHA20_POLY1305_SHA256` to
    `TLSv1.3/X25519/TLS_CHACHA20_POLY1305_SHA256`. In other words: using
    slashes as separators and showing the group / key exchange in the middle.
    The group is only shown on newer OpenSSL versions. If someone would
    use the new PQC hybrid group mentioned above then their TLS info would
    start with `TLSv1.3/X25519MLKEM768/`.
  * TL;DR: better secrecy against future quantum attacks, even though
    not many clients or servers support it at the moment.

[skip ci]
2025-07-24 16:00:03 +02:00
..
2025-07-13 11:39:00 +02:00
2022-12-14 15:24:19 +00:00
2010-07-14 18:54:52 +00:00
2025-07-13 11:39:00 +02:00
2000-02-28 22:45:44 +00:00