Home Dashboard GitHub

Crypto Agility Layer + Hybrid PQC TLS Foundation

2026-03-18

crypto-agilitytlspqc

What We Built

A cryptographic agility abstraction layer that enables config-driven algorithm selection across key exchange, signature, and hash families. Includes OpenSSL version detection for PQC capability (3.5+), automatic hybrid X25519+ML-KEM-768 TLS curve selection when available, and graceful fallback to classical algorithms on older OpenSSL.

How It Works

The algorithm registry maps 10 algorithms across 3 families. At init, it probes OpenSSL to determine which PQC algorithms are available. getTlsEcdhCurve() returns X25519:X25519MLKEM768 on OpenSSL 3.5+ or X25519 on older versions. Operators configure preferences via security.crypto.keyExchange, security.crypto.signature, and security.crypto.hash.

Lockstep Checklist

  • [x] API Routes: No changes.
  • [x] TS SDK: No changes needed.
  • [x] Python SDK: No changes needed.
  • [x] MCP Schemas: No changes needed.
  • [x] Master Record: N/A — security infrastructure.