OpenSSL Algorithm Support - crt26/pqc-evaluation-tools GitHub Wiki
Algorithm Support Summary
OpenSSL 3.5.0 introduces native support for the NIST-standardised PQC algorithms ML-KEM, ML-DSA, and SLH-DSA. This project integrates these algorithms for TLS benchmarking where possible. However, some limitations affect their usage in performance testing and handshake scenarios:
Known Limitations
-
ML-DSA and SLH-DSA are currently not supported by the OpenSSL
speedutility, making them unavailable for cryptographic performance benchmarking. -
SLH-DSA while supported at the provider level (e.g., for certificate generation), has not yet been integrated into OpenSSL's TLS stack (
s_client,s_server,speed). Its inclusion in TLS 1.3 is under consideration via this IETF draft. Until then, SPHINCS+ from the OQS-Provider will be used as a placeholder for stateless hash-based signatures in TLS tests. -
The X448MLKEM1024 Hybrid-PQC KEM is implemented and supported by OpenSSL's
speedtool, but not registered as a TLS group. It is excluded from handshake testing, though it remains available for TLS speed testing within this project.
Classical Algorithm Benchmarks
To provide performance baselines for comparison, classical algorithms are also included in TLS benchmarking:
- RSA-2048, RSA-3072, RSA-4096
- prime256v1, secp384r1, secp521r1
These schemes help assess the overhead and feasibility of PQC adoption in real-world contexts.
Supported KEM Algorithms
| Algorithm Name | Hybrid Algorithm (*) | TLS Handshake Test Support (*) | OpenSSL Speed Test Support (*) |
|---|---|---|---|
| MLKEM512 | * | * | |
| MLKEM768 | * | ||
| MLKEM1024 | * | * | |
| X25519MLKEM768 | * | * | * |
| X448MLKEM1024 | * | * | |
| SecP256r1MLKEM768 | * | * | * |
| SecP384r1MLKEM1024 | * | * | * |
Supported Digital Signature Algorithms
| Algorithm Name | Hybrid Algorithm (*) | TLS Handshake Test Support (*) | OpenSSL Speed Test Support (*) |
|---|---|---|---|
| MLDSA44 | * | ||
| MLDSA65 | * | ||
| MLDSA87 | * |
Supported Classical Algorithms
| Algorithm Name | TLS Handshake Test Support (*) | OpenSSL Speed Test Support (*) |
|---|---|---|
| RSA-2048 | * | * |
| RSA-3072 | * | * |
| RSA-4096 | * | * |
| prime256v1 | * | * |
| secp384r1 | * | * |
| secp521r1 | * | * |