On Wed, Jul 1, 2026 at 2:59 PM Andrew Lee <[email protected]> wrote:
> On Jul 1, 2026, at 2:22 PM, Kevin Milner <[email protected]> wrote: > > several very widely deployed libraries and applications are already > implementing pure ML-KEM (I believe several have been cited previously in > the discussion of this draft, by both sides), and I suspect more will over > time. > > Do you happen to have a few examples or a link to this so-called wall of > shame? > I'm afraid you will have pretty much all mainstream TLS libraries on your "wall of shame". As far as I can tell, at least the following libraries implement pure ML-KEM support in TLS according to this specification: - OpenSSL (ML-KEM-512/768/1024) - BoringSSL (ML-KEM-1024) - AWS-LC (ML-KEM-512/768/1024) - Rustls (ML-KEM-768/1024) - s2n-tls (ML-KEM-1024) - Bouncy Castle (ML-KEM-512/768/1024) - Botan (ML-KEM-512/768/1024) - GnuTLS (ML-KEM-768/1024) - WolfSSL (ML-KEM-512/768/1024) I believe that, with the exception of WolfSSL all these libraries do not require compile-time feature flags to enable pure ML-KEM support. Worth noting that as far as I can tell none of these libraries enable pure ML-KEM in the default TLS configuration, they require users to make an explicit choice to enable it. Hope this helps. -yaroslav -- This communication (including any attachments) is intended for the sole use of the intended recipient and may contain confidential, non-public, and/or privileged material. Use, distribution, or reproduction of this communication by unintended recipients is not authorized. If you received this communication in error, please immediately notify the sender and then delete all copies of this communication from your system.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
