Krishean Draconis1d ago

looks like you can enable post quantum cryptography in apache on @almalinux 9 and up with one simple config change1

with the ssl config generated by mozilla's tool2 change the line:

SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1

to:

SSLOpenSSLConfCmd Curves X25519MLKEM768:X25519:prime256v1:secp384r1

and restart the httpd service with sudo systemctl restart httpd, that's it! (a reload may work as well and you wouldn't have any service downtime, but i'm not certain, i would have to test it)

AlmaLinux 9 ships with OpenSSL 3.5.1 by default3 , so you should be all set for PQC

1 https://brnrd.eu/security/2025-03-22/openssl-35-is-pqc-enabled-and-an-lts-release.html
2 https://ssl-config.mozilla.org/#server=apache&version=2.4.62&config=modern&openssl=3.5.0&guideline=5.7
3 https://distrowatch.com/table.php?distribution=alma

#AlmaLinux #AlmaLinux9 #Linux #Apache #OpenSSL #PQC

OpenSSL 3.5 is PQC enabled, and an LTS release.

OpenSSL 3.5 is soon to be released, and brings new Post-Quantum Cryptographic protocols.

brnrd - Bernard Spil
Show threadKrishean Draconis

the same config from the above post should also work on debian 13 (trixie) and higher, as that ships with OpenSSL 3.5.1 by default as well: https://distrowatch.com/table.php?distribution=debian

#Debian #Debian13 #Linux #Apache #OpenSSL #PQC

DistroWatch.com: Debian

News and feature lists of Linux and BSD distributions.

Apr 8 at 12:14amWeb