No support for Post Quantum Curves?

[WhoAmI0501]

I recently configured the webserver, which serves my Nextcloud (and therefore CalDAV and CardDAV server), to only accept the post quantum curve x25519mlkem768.

Since i've applied this config change, DAVx5 only shows I/O Errors ("Failure in SSL library, usually a protocol failure" / "HANDSHAKE_FAILURE_ON_CLIENT_HELLO") and doesn't work anymore.

I am not sure whether i can generalize that - but it seems a little bit like that the SSL/TLS library of DAVx5 doesn't support post quantum secured curves? Is there any plan to change that or is it something Android related, that cannot be changed by the DAVx5 Devs?

I am using DAVx5 4.5.9-ose and Android 16 on a Pixel 8a (Graphene OS, Build 2026021201).

[devvv4ever]

Does your Android version support this cipher?

[ArnyminerZ]

To expand on this, the SSL certificate management is managed by the system through Conscrypt. In theory Android 16 has support for ML-KEM-768 (and Kyber-768), but it's determined by your system. Can you verify that you can access websites with those algorithms? For example through https://pq.cloudflareresearch.com/

And also, are you sure that your server is properly configured?

I have tried to access this website through DAVx⁵ (which of course, isn't a valid DAV server), and the SSL works fine. Running original ROM on Pixel 8a (Android 16).

[WhoAmI0501]

Well this is pretty interesting. I can access the site via Fennec (actually Firefox) and Pirvacy Browser, which is actually based on the system native WebView. All of them are stating a secured connection.

I recently saw, that the Nextcloud App itself is also not working - i didnt saw that yesterday.

To be clear: The website you've posted is also available with other curves/algorithms, but it will show you another result then (which is done by a javascript based check). If you use DAVx5 to fetch explicitely https://pq.cloudflareresearch.com/cdn-cgi/trace you will see in the protocols section, that it returns kex=X25519. And if i open it in my normal browser, it returns kex=X25519MLKEM768. Can you confirm this with the stock ROM?

I personally dont think, that Graphene OS has patched a modern curve/key exchange algorithm out...

[ArnyminerZ]

The website you've posted is also available with other curves/algorithms, but it will show you another result then (which is done by a javascript based check).

My bad, I am actually not an expert on this topic, so I just used the first thing I found.

Can you confirm this with the stock ROM?

On the browser I get kex=X25519MLKEM768, on DAVx⁵ I actually get kex=X25519 as you've said.

So there's definitively something up with the certificates on DAVx⁵.

[rfc2822]

I am not sure whether i can generalize that - but it seems a little bit like that the SSL/TLS library of DAVx5 doesn't support post quantum secured curves? Is there any plan to change that or is it something Android related, that cannot be changed by the DAVx5 Devs?

We use the latest version of Conscrypt, which is the de-facto standard (provided by Google) for apps that need a compatible TLS stack.

You can see its supported protocols/ciphers here: https://github.com/google/conscrypt/blob/master/CAPABILITIES.md

As soon as they add other ciphers, they will be available in DAVx5, too.

I don't know whether the ciphers available in native Android are additionally available to the Concrypt ones (but I guess so). Is x25519mlkem768 available natively in your Android build?

[WhoAmI0501]

I just had a look and it seems like x25519mlkem768 is in general available in conscrypt (if its used in normal Java context), but not yet available on Android (google/conscrypt#1452).

[rfc2822]

Good to know. As soon as a new Conscrypt version is available, it will be used in DAVx5 (@dependabot should notify us).