Skip to content

ML-DSA certificates cannot be used with QUIC and HTTP/3 #119641

New issue
New issue
Open
Open
ML-DSA certificates cannot be used with QUIC and HTTP/3#119641
Labels
area-System.Net.Quictracking-external-issueThe issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly
Milestone
11.0.0
@rzikm

Description

@rzikm
rzikm
opened on Sep 12, 2025

Discoverd during #119265.

On linux, statically linked libssl does not recognize ML-DSA certificates as valid for TLS purposes. This introduces situation on OpenSSL 3.5.0+ systems where HTTP/1.1 and HTTP/2 can use ML-DSA certs (as they go through system libssl), but not with QUIC and by extension HTTP/3 (as they go through statically linked quictls which is pre 3.5.0 fork of OpenSSL.

This should get eventually resolved with MsQuic builds that use system libssl, as those expose APIs necessary to support MsQUic without need for a fork.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-System.Net.Quictracking-external-issueThe issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions