Question around BoringSSL
#20742
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
So we are trying to end up with being able to turn on hybrid X25519/MLKEM768 key exchange on the WebSocket server. This is supported in BoringSSL, although digging through the source it looks like it is building in oven-sh/boringssl, which is about 7 months behind the google repo (although has a number of patches from electron).
When we run node:crypto.getCurves, we see:
[ "secp224r1", "prime256v1", "secp384r1", "secp521r1" ]And in the included uSockets module, it appears only to be using OpenSSL, which we know provides the underlying socket for the uWebSockets module used in bun.serve. Expect we're missing something here so any guidance or help very much appreciated.
Happy to help test and validate things, as this capability is key for supporting post quantum cryptography. Not sure if there's also a way of using a more recent BoringSSL build either.
Thanks
Rob
Beta Was this translation helpful? Give feedback.
All reactions