By now, anyone who tracks security protocols has heard ad nauseum about the White House Executive Order 14412 regarding post-quantum cryptography (PQC). In case you’ve been hiding under a rock, it can be found here.
The TL;DR is that all High Value Assets (HVAs) must use PQC key establishment by 2030 and PQC digital signatures by 2031. The main point of this post is not to add to the chorus of everyone else saying the same thing, but to show that we here at wolfSSL are already ready for 2031! The best way to guarantee PQC key establishment (ML-KEM) and PQC digital signatures (ML-DSA) in (D)TLS 1.3 is to not even have classical public key algorithms (RSA, DH, ECC) compiled in and we can already do that.
Go ahead and try it out! You can download our recently released version 5.9.2 and apply these two patches:
- https://gist.github.com/anhu/1618e391e7a012c47a2787e9d93203e8
- https://gist.github.com/anhu/0810a0985e696b2b405107e2b4172e1b
Then build the wolfSSL library:
./build.sh
Run the example server like this:
./server.sh
Run the example client like this:
./client.sh
Output highlights:
Server:
listening on port 11111 Using Post-Quantum KEM: ML_KEM_512 SSL version is TLSv1.3 SSL cipher suite is TLS_AES_256_GCM_SHA384 Client message: GET /index.html HTTP/1.0
Client:
connecting to 127.0.0.1:11111 Using Post-Quantum KEM: ML_KEM_512 SSL version is TLSv1.3 SSL cipher suite is TLS_AES_256_GCM_SHA384 SSL connect ok, sending GET... I hear you fa shizzle!
As you can see, in 2026 we here at wolfSSL are ready for 2031!!
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

