On Wed, Nov 26, 2025 at 12:32 PM Muhammad Usama Sardar < [email protected]> wrote:
> On 26.11.25 20:51, Eric Rescorla wrote: > > It's mandatory to implement per: > https://www.rfc-editor.org/rfc/rfc8446#section-9.1 > > A TLS-compliant application MUST support key exchange with secp256r1 > (NIST P-256) and SHOULD support key exchange with X25519 [RFC7748]. > > Thanks Ekr for clarification. I might have missed that as implementer's > issue. I now see that section 9.2 marks key_share extension as MUST. > Right, though it's important to be clear on what that means: - You have to support key_share, but you don't necessarily need to send it (e.g., if you're doing pure PSK without any DH). - The requirement for key_share doesn't require you to do ECC, just to support the extension generally. You'd be in compliance with this particular MUST if you supported pure MLKEM, though of course not with the MUST to support P-256. -Ekr -Usama >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
