https://test.openquantumsafe.org:6000 does not accept x25519_kyber768

[wangweij]

https://test.openquantumsafe.org:6000 does not accept x25519_kyber768:

Successfully connected using
ecdsap256-x25519!

Client-side KEM algorithm(s) indicated:
x25519_kyber768:x25519:secp256r1:secp384r1:secp521r1:x448

Only https://test.openquantumsafe.org:6041 does:

Successfully connected using
ecdsap256-x25519_kyber768!

Client-side KEM algorithm(s) indicated:
x25519_kyber768:x25519:secp256r1:secp384r1:secp521r1:x448

IIUC, https://test.openquantumsafe.org:6000 should accept all key exchange algorithms, it does accept Kyber512 and secp256r1kyber512.

[baentsch]

One could be of this opinion (just reading the "*" in the test server documentation), but the test server is (or at least should be --I cannot validate as only IBM has access to the test server--) driven off this config and that does not specify "x25519_kyber768" (nor most of the other KEMs generally supported) for the case of "default" (not specifically specified) KEM on this port (or any other "KEM=*" port).

I do agree that at least a documentation clarification would be sensible. Thanks for pointing out this ambiguity, @wangweij . We'll improve this.

[wangweij]

Sorry I didn't read the config file. And yes it's the "*" that makes me think that it would support all key changes. Thanks for the explanation.

[aes512]

Phew, thankfully this isn't just something limited to my machine. Almost lost my mind last night on this exact issue!