This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 8f10a7d04224 CAMEL-23745: Cover both PQC layers in the security guide
Post-Quantum section (#23989)
8f10a7d04224 is described below
commit 8f10a7d04224a1343addd32a954bdd6025cc24b4
Author: Andrea Cosentino <[email protected]>
AuthorDate: Fri Jun 12 13:45:19 2026 +0200
CAMEL-23745: Cover both PQC layers in the security guide Post-Quantum
section (#23989)
The security page's Post-Quantum subsection covered only transport-layer
(TLS) PQC and linked the JSSE page generally. Broaden it to 'Post-Quantum
Cryptography' covering both layers: deep-link the JSSE PQC TLS Configuration
section, and add message-layer PQC via the PQC component and PQC data format
(ML-KEM/ML-DSA/SLH-DSA). Docs-only.
Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
---
docs/user-manual/modules/ROOT/pages/security.adoc | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/docs/user-manual/modules/ROOT/pages/security.adoc
b/docs/user-manual/modules/ROOT/pages/security.adoc
index 61a1c09359b4..da6512831e5c 100644
--- a/docs/user-manual/modules/ROOT/pages/security.adoc
+++ b/docs/user-manual/modules/ROOT/pages/security.adoc
@@ -63,12 +63,19 @@ ability to secure payloads as well as provide
authentication/authorization capabilities at endpoints created using the
components.
-=== Post-Quantum TLS
-
-Camel supports Post-Quantum Cryptography (PQC) at the TLS transport layer.
-On JDK 25+, Camel automatically configures hybrid post-quantum key exchange
-(`X25519MLKEM768`) to protect connections against harvest-now-decrypt-later
attacks.
-See xref:camel-configuration-utilities.adoc[JSSE Utility] for configuration
details.
+=== Post-Quantum Cryptography
+
+Camel provides Post-Quantum Cryptography (PQC) protection at two complementary
layers:
+
+* *Transport layer (TLS).* On JDK 25+, Camel automatically configures hybrid
post-quantum key
+exchange (`X25519MLKEM768`) on all `SSLContextParameters` to protect
connections against
+harvest-now-decrypt-later attacks. See
+xref:camel-configuration-utilities.adoc#_post_quantum_cryptography_pqc_tls_configuration[PQC
TLS Configuration]
+for the full configuration guide.
+* *Message layer.* The xref:components::pqc-component.adoc[PQC component] and
+xref:components:dataformats:pqc-dataformat.adoc[PQC data format] encrypt and
sign message
+payloads using post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA, and more),
protecting data
+independently of the transport.
== Configuration Security
