5.2 TLS 1.3 con Algoritmi PQ

Configurazione della crittografia di trasporto.

Algoritmi Supportati

Funzione	Algoritmo	Standard NIST
Key Exchange	ML-KEM-768¹⁾	FIPS 203
Firma	ML-DSA-65²⁾	FIPS 204
Firma Backup	SLH-DSA³⁾	FIPS 205

TLS 1.3

Transport Layer Security 1.3⁴⁾ e la versione attuale del protocollo di crittografia per comunicazioni di rete sicure.

Modalita Ibrida

Per il periodo di transizione: Classico + PQ combinati⁵⁾.

Key Exchange: X25519((Curve25519: https://cr.yp.to/ecdh.html)) + ML-KEM-768
Firma: ECDSA + ML-DSA-65

Configurazione .NET

builder.WebHost.ConfigureKestrel(options =>
{
    options.ConfigureHttpsDefaults(https =>
    {
        https.SslProtocols = SslProtocols.Tls13;
        https.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
    });
});

Cipher Suites

Cipher Suites TLS 1.3 raccomandate⁶⁾ con PQ:

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

Validazione

# Testare connessione TLS
openssl s_client -connect gateway.intern:443 -tls1_3

Libreria PQ-Crypto

Per l'implementazione programmatica di PQ Key Exchange vedere:

Fonti

¹⁾

FIPS 203 (ML-KEM): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf

²⁾

FIPS 204 (ML-DSA): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf

³⁾

FIPS 205 (SLH-DSA): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf

⁴⁾

IETF RFC 8446 (TLS 1.3): https://datatracker.ietf.org/doc/html/rfc8446

⁵⁾

IETF Hybrid Key Exchange: https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/

⁶⁾

IANA TLS Cipher Suites: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4