Test server symmetric cipher status log, static linkage

[psheer-spirent]

.

[baentsch]

Hi!

We are using oqs-provider for a commercial project. I have build oqs-provider-0.5.1 against openssl-3.2.0-alpha1.
I am using static linkage and have modified the openssl app code to initialize the oqs provider inside apps_startup().

static int apps_startup(void)
{
.....
#ifndef PREFER_VIRGIN_CODE
OSSL_LIB_CTX *libctx;

libctx = OSSL_LIB_CTX_new();
assert (libctx != NULL);

OSSL_LIB_CTX_set0_default(libctx);

OSSL_PROVIDER_add_builtin(libctx, "oqs", oqs_provider_init);
OSSL_PROVIDER_load(libctx, "oqs");
OSSL_PROVIDER_load(libctx, "default");

#endif

I have successfully connected to test.openquantumsafe.org as shown in the terminal dump below: "Successfully connected using dilithium2-frodo640shake!".
So this appears to work correctly. However I am confused by the status log "New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384".
Since this is quantum-safe, surely this connection should instead report "New, TLSv1.3, Cipher is TLS_SOME_QUANTUM_SAFE_AES_ALG" ??

No, why? PQ crypto is used for checking signatures/certs and PQ crypto is used for establishing the (AES) session key (via a PQ KEM). AES itself is not "quantum-threatened" -- well maybe the keys should be longer :) but the alg is OK/doesn't need changing -- at least AFAIK and for now.

[psheer-spirent]

Thanks

[baentsch]

@psheer-spirent UW. But may I ask why you removed the text of your inquiry? The deprives other people with the same question (in the future) of benefiting from it (and the answer) by way of the "search" function.