@@ -887,6 +887,33 @@ const struct s2n_security_policy security_policy_pq_20231215 = {
887887 },
888888};
889889
890+ /* Same as security_policy_aws_crt_sdk_tls_10_06_23 but with (IETF-standardized) ML-KEM Support */
891+ const struct s2n_security_policy security_policy_aws_crt_sdk_tls_10_07_25_pq = {
892+ .minimum_protocol_version = S2N_TLS10 ,
893+ .cipher_preferences = & cipher_preferences_aws_crt_sdk_default ,
894+ .kem_preferences = & kem_preferences_pq_tls_1_3_ietf_2025_07 ,
895+ .signature_preferences = & s2n_signature_preferences_20200207 ,
896+ .ecc_preferences = & s2n_ecc_preferences_20230623 ,
897+ };
898+
899+ /* Same as security_policy_aws_crt_sdk_tls_12_06_23 but with (IETF-standardized) ML-KEM Support */
900+ const struct s2n_security_policy security_policy_aws_crt_sdk_tls_12_07_25_pq = {
901+ .minimum_protocol_version = S2N_TLS12 ,
902+ .cipher_preferences = & cipher_preferences_aws_crt_sdk_default ,
903+ .kem_preferences = & kem_preferences_pq_tls_1_3_ietf_2025_07 ,
904+ .signature_preferences = & s2n_signature_preferences_20200207 ,
905+ .ecc_preferences = & s2n_ecc_preferences_20230623 ,
906+ };
907+
908+ /* Same as security_policy_aws_crt_sdk_tls_13_06_23 but with (IETF-standardized) ML-KEM Support */
909+ const struct s2n_security_policy security_policy_aws_crt_sdk_tls_13_07_25_pq = {
910+ .minimum_protocol_version = S2N_TLS13 ,
911+ .cipher_preferences = & cipher_preferences_aws_crt_sdk_tls_13 ,
912+ .kem_preferences = & kem_preferences_pq_tls_1_3_ietf_2025_07 ,
913+ .signature_preferences = & s2n_signature_preferences_20200207 ,
914+ .ecc_preferences = & s2n_ecc_preferences_20230623 ,
915+ };
916+
890917/* Same as security_policy_aws_crt_sdk_tls_12_06_23 but with ML-KEM Support */
891918const struct s2n_security_policy security_policy_aws_crt_sdk_tls_12_06_23_pq = {
892919 .minimum_protocol_version = S2N_TLS12 ,
@@ -1347,11 +1374,14 @@ struct s2n_security_policy_selection security_policy_selection[] = {
13471374 { .version = "AWS-CRT-SDK-TLSv1.3" , .security_policy = & security_policy_aws_crt_sdk_tls_13 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13481375 { .version = "AWS-CRT-SDK-SSLv3.0-2023" , .security_policy = & security_policy_aws_crt_sdk_ssl_v3_06_23 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13491376 { .version = "AWS-CRT-SDK-TLSv1.0-2023" , .security_policy = & security_policy_aws_crt_sdk_tls_10_06_23 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
1377+ { .version = "AWS-CRT-SDK-TLSv1.0-2025-PQ" , .security_policy = & security_policy_aws_crt_sdk_tls_10_07_25_pq , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13501378 { .version = "AWS-CRT-SDK-TLSv1.1-2023" , .security_policy = & security_policy_aws_crt_sdk_tls_11_06_23 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13511379 { .version = "AWS-CRT-SDK-TLSv1.2-2023" , .security_policy = & security_policy_aws_crt_sdk_tls_12_06_23 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13521380 { .version = "AWS-CRT-SDK-TLSv1.2-2023-PQ" , .security_policy = & security_policy_aws_crt_sdk_tls_12_06_23_pq , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13531381 { .version = "AWS-CRT-SDK-TLSv1.2-2025" , .security_policy = & security_policy_aws_crt_sdk_tls_30_06_25 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
1382+ { .version = "AWS-CRT-SDK-TLSv1.2-2025-PQ" , .security_policy = & security_policy_aws_crt_sdk_tls_12_07_25_pq , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13541383 { .version = "AWS-CRT-SDK-TLSv1.3-2023" , .security_policy = & security_policy_aws_crt_sdk_tls_13_06_23 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
1384+ { .version = "AWS-CRT-SDK-TLSv1.3-2025-PQ" , .security_policy = & security_policy_aws_crt_sdk_tls_13_07_25_pq , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13551385 /* KMS TLS Policies*/
13561386 { .version = "KMS-TLS-1-0-2018-10" , .security_policy = & security_policy_kms_tls_1_0_2018_10 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
13571387 { .version = "KMS-TLS-1-0-2021-08" , .security_policy = & security_policy_kms_tls_1_0_2021_08 , .ecc_extension_required = 0 , .pq_kem_extension_required = 0 },
0 commit comments