Classical TLS in OpenSSL
OpenSSL is a widely-used toolkit that offers classically secure implementations of SSL and TLS. In theory, these protocols secure data transmitted over the internet by encrypting it, ensuring that sensitive information like passwords and credit card numbers remain confidential. However, OpenSSL does not have an inbuilt provision for PQC.
Post-quantum TLS enablement
While it doesn’t offer post-quantum primitives, OpenSSL 3.20 does include support for PQC digital signatures and key encapsulation mechanisms in its implementation of TLS 1.3. This means it is possible to build a quantum-safe solution using PQSDK, PQShield’s software development kit. PQSDK registers its implementations of ML-KEM and ML-DSA within TLS 1.3 in OpenSSL, enabling users to achieve a quantum-safe TLS handshake. Additionally, the kit includes hybrid (PQ/T) implementations of ML-KEM with OpenSSL’s implementation of X25519, and also supports further combinations.
