Change #271222
| Category | curl |
| Changed by | Tobias Frauenschläger <tobias@wolfssl.com> |
| Changed at | Mon 15 Jun 2026 22:18:29 |
| Repository | https://github.com/curl/curl.git |
| Project | curl |
| Branch | master |
| Revision | 50ffc359e943b2b55268b6c8507524fb0c23dc9c |
Comments
tls: wolfssl: fixes for PQC key shares This PR makes the wolfssl TLS backend work properly for PQC key exchanges. The following issues are fixed: * WOLFSSL_HAVE_KYBER is not present anymore in upstream wolfssl (for a long time actually), so it has no use and the ML-KEM functionality was never turned on properly. * Key share group selection (via --curves) is now handled via the generic wolfSSL_CTX_set1_groups_list() method instead of the prior wolfSSL_CTX_set1_curves_list() and the additonal PQC handling. This removes a lot of PQC related special handling and the behavior now matches the OpenSSL backend. * The default QUIC group setting has been removed. For QUIC, the key share as well as the list in the supported_groups extension is now handled all within wolfssl. This also supports --curves properly now. Closes #22030
Changed files
- lib/vtls/wolfssl.c