Description
We are currently using PyOpenSSL in our project, bound to OpenSSL 3.5.0 (beta1 version), which includes support for post-quantum algorithms (ML-KEM and hybrid variants, plus post-quantum digital signatures). While we have successfully managed to use post-quantum certificates (with ML-DSA) created via OpenSSL and loaded them using for example the functions load_cert_chain and load_verify_locations, we have encountered issues when attempting to set the context to use ML-KEM or any key exchange other than elliptic curves.
Specifically, we want to explicitly force the use of ML-KEM, as the changes of the new version state that "The default TLS keyshares have been changed to offer X25519MLKEM768 and X25519."
Possibly, this requires the implementation of the SSL_CTX_set1_groups() function.
Is PyOpenSSL planning to integrate support for post-quantum cryptography in the short term after the release of a stable version of openssl 3.5.0? If not, are there any workarounds or temporary solutions available to achieve this functionality?
Any guidance or suggestions on how to proceed would be greatly appreciated.
Thank you!