Closed Bug 1941041 Opened 1 month ago Closed 1 month ago

Enable mlkem768x25519 in h3 in release

Categories

(Core :: Networking, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
136 Branch
Tracking Status
relnote-firefox --- 135+
firefox135 --- fixed
firefox136 --- fixed

People

(Reporter: jschanck, Assigned: jschanck)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(2 files)

No description provided.
Whiteboard: [necko-triaged]
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4c2b06dc9c4e enable mlkem768x25519 in h3 in release. r=kershaw
Status: ASSIGNED → RESOLVED
Closed: 1 month ago
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch
Attachment #9459505 - Flags: approval-mozilla-beta?

beta Uplift Approval Request

  • User impact if declined: A security feature will be delayed by one release cycle.
  • Code covered by automated testing: yes
  • Fix verified in Nightly: yes
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: n/a
  • Risk associated with taking this patch: none
  • Explanation of risk level: The pref is currently enabled in early beta.
  • String changes made/needed: none
  • Is Android affected?: no
Attachment #9459505 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Did we want to call this out the Fx135 relnotes? Please nominate if so.

Flags: needinfo?(jschanck)

Release Note Request (optional, but appreciated)
[Why is this notable]: This feature secures our users' communications against advanced / long-term threats.
[Affects Firefox for Android]: No
[Suggested wording]: Added support for a post-quantum key exchange mechanism (mlkem768x25519) for Http/3.
[Links (documentation, blog post, etc)]:

relnote-firefox: --- → ?
Flags: needinfo?(jschanck)
Regressions: 1942160
No longer regressions: 1942160

Added to the Fx135 relnotes.

Do we need to make a change to the neqo demo client and server so their behavior is identical to Firefox?

Duplicate of this bug: 1943471

We need to be a little careful here because I assumed here that the default configuration did not include ML-KEM. If you add ML-KEM to this list, then the neqo_glue code won't be able to disable it. I'll work up a patch so we make fewer assumptions in the neqo_glue code.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: