kem-alg

This command specifies the list of PQC KEM algorithms that the TLS server profile advertises and supports.

Syntax

kem-alg algorithm

Parameters

algorithm

Specifies the KEM algorithm to advertise and support. The following algorithms are supported.

MLKEM512: NIST ML-KEM-512
MLKEM768: NIST ML-KEM-768
X25519MLKEM768: Hybrid ML-KEM-768 with X25519 key exchange
SecP256r1MLKEM768: Hybrid ML-KEM-768 with P-256 prime field curve
MLKEM1024: NIST ML-KEM-1024
SecP384r1MLKEM1024: Hybrid ML-KEM-1024 with P-384 prime field curve
classical: Classical algorithms of P-256, P-384, P-521, X25519, X448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, and ffdhe8192

Guidelines

The kem-alg command specifies the PQC (post-quantum cryptography) KEM (key encryption mechanism) algorithms that the TLS profile advertises and supports. PQC is alternatively known as QSC (quantum-safe cryptography). By default, no algorithms are associated with the profile, which is an empty list that signifies the use of non-PQC (classical) algorithms.

Note: PQC is for TLS 1.3, but classical is between TLS 1.2 and TLS 1.3.

The National Institute of Standards and Technology (NIST) FIPS 203 standard specifies a key-encapsulation mechanism that uses modular lattices. The order in increasing security strength and decreasing performance are ML-KEM-512, ML-KEM-768, and ML-KEM-1024. In addition to the three NIST approved algorithms, you can configure TLS profiles that advertise and support hybrid algorithms.

To specify multiple KEM algorithms, run this command for each algorithm.

Attention: Support for PQC KEM algorithms was introduced as a technology preview in 10.6.2. In 10.6.4, PQC KEM algorithms are fully supported. The following table shows the changes for the supported KEM algorithms between these releases.

Table 1. Supported KEM algorithms between 10.6.2 and 10.6.4
10.6.2	10.6.4	Change
`mlkem512`	`MLKEM512`	Renamed
`p256_mlkem512`		Deleted
`x25519_mlkem512`		Deleted
`mlkem768`	`MLKEM768`	Renamed
`p384_mlkem768`		Deleted
`x448_mlkem768`		Deleted
`X25519MLKEM768`	`X25519MLKEM768`	None
`SecP256r1MLKEM768`	`SecP256r1MLKEM768`	None
`mlkem1024`	`MLKEM1024`	Renamed
`p521_mlkem1024`		Deleted
`p384_mlkem1024`	`SecP384r1MLKEM1024`	Renamed
`classical`	`classical`	None

Examples

Use NIST ML-KEM-768 if available. Otherwise, fall back to classical if unsupported.
```
# kem-alg MLKEM768
# kem-alg classical
```
Use classical but negotiate NIST ML-KEM-768 if it is all that is supported.
```
# kem-alg classical
# kem-alg MLKEM768
```