* IIRC, rumour has it that those who need a FIPS-validated stack, and have * only an older stack with P-256/P-384 validated, but ML-KEM not yet * validated, can get a validated combination via ML-KEM plus ECDSA, but * not ML-KEM with X25519 or X448.
The NIST rules for hybrid key exchange, which changed a few times, are now as long as one of the two is validated (in either first or second position) they whole exchange is okay. So yes, if you only have P256/384 validated, then you must include that in your hybrid exchange with ML-KEM.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
