White House EO 14412

By now, anyone who tracks security protocols has heard ad nauseum about the White House Executive Order 14412 regarding post-quantum cryptography (PQC). In case you’ve been hiding under a rock, it can be found here.

The TL;DR is that all High Value Assets (HVAs) must use PQC key establishment by 2030 and PQC digital signatures by 2031. The main point of this post is not to add to the chorus of everyone else saying the same thing, but to show that we here at wolfSSL are already ready for 2031! The best way to guarantee PQC key establishment (ML-KEM) and PQC digital signatures (ML-DSA) in (D)TLS 1.3 is to not even have classical public key algorithms (RSA, DH, ECC) compiled in and we can already do that.

Go ahead and try it out! You can download our recently released version 5.9.2 and apply these two patches:

Then build the wolfSSL library:

./build.sh

Run the example server like this:

./server.sh

Run the example client like this:

./client.sh

Output highlights:
Server:

  listening on port 11111
  Using Post-Quantum KEM: ML_KEM_512
  SSL version is TLSv1.3
  SSL cipher suite is TLS_AES_256_GCM_SHA384
  Client message: GET /index.html HTTP/1.0

Client:

  connecting to 127.0.0.1:11111
  Using Post-Quantum KEM: ML_KEM_512
  SSL version is TLSv1.3
  SSL cipher suite is TLS_AES_256_GCM_SHA384
  SSL connect ok, sending GET...
  I hear you fa shizzle!

As you can see, in 2026 we here at wolfSSL are ready for 2031!!

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now