[ISSUE] Firefox 132 does not support post-quantum ML-KEM in TLS

[ISSUE] Firefox 132 does not support post-quantum ML-KEM in TLS

[notramo]

[-- Attachment #1: Type: text/plain, Size: 871 bytes --]

New issue by notramo on void-packages repository

https://github.com/void-linux/void-packages/issues/52852

Description:
### Is this a new report?

Yes

### System Info

Void 6.11.5_1 x86_64-musl GenuineIntel uptodate rrnFF

### Package(s) Affected

firefox-132.0_1

### Does a report exist for this bug with the project's home (upstream) and/or another distro?

No, it's probably a Void packaging bug (probably incorrect build options).

### Expected behaviour

Since version 132, Firefox supports post-quantum cryptography in TLS.
https://www.mozilla.org/en-US/firefox/132.0/releasenotes/

It's enabled in `about:config` value `security.tls.enable_kyber`.
The https://isitquantumsafe.info/ page should indicate that it's quantum safe.

### Actual behaviour

It's not quantum safe.

### Steps to reproduce

1. Install Firefox
2. Go to https://isitquantumsafe.info/

Re: Firefox 132 does not support post-quantum ML-KEM in TLS

[jschanck]

[-- Attachment #1: Type: text/plain, Size: 341 bytes --]

New comment by jschanck on void-packages repository

https://github.com/void-linux/void-packages/issues/52852#issuecomment-2455513885

Comment:
Looks like a problem with https://isitquantumsafe.info/. Try https://crypto.cloudflare.com/cdn-cgi/trace, or browse to any Google or Cloudflare domain and check the request details using devtools.

Re: [ISSUE] [CLOSED] Firefox 132 does not support post-quantum ML-KEM in TLS

[notramo]

[-- Attachment #1: Type: text/plain, Size: 874 bytes --]

Closed issue by notramo on void-packages repository

https://github.com/void-linux/void-packages/issues/52852

Description:
### Is this a new report?

Yes

### System Info

Void 6.11.5_1 x86_64-musl GenuineIntel uptodate rrnFF

### Package(s) Affected

firefox-132.0_1

### Does a report exist for this bug with the project's home (upstream) and/or another distro?

No, it's probably a Void packaging bug (probably incorrect build options).

### Expected behaviour

Since version 132, Firefox supports post-quantum cryptography in TLS.
https://www.mozilla.org/en-US/firefox/132.0/releasenotes/

It's enabled in `about:config` value `security.tls.enable_kyber`.
The https://isitquantumsafe.info/ page should indicate that it's quantum safe.

### Actual behaviour

It's not quantum safe.

### Steps to reproduce

1. Install Firefox
2. Go to https://isitquantumsafe.info/

Re: Firefox 132 does not support post-quantum ML-KEM in TLS

[notramo]

[-- Attachment #1: Type: text/plain, Size: 254 bytes --]

New comment by notramo on void-packages repository

https://github.com/void-linux/void-packages/issues/52852#issuecomment-2458080749

Comment:
It's enabled indeed when connecting to Cloudflare or Google. Closing the issue as it's an issue with the page.

Re: Firefox 132 does not support post-quantum ML-KEM in TLS

[notramo]

[-- Attachment #1: Type: text/plain, Size: 478 bytes --]

New comment by notramo on void-packages repository

https://github.com/void-linux/void-packages/issues/52852#issuecomment-2647857208

Comment:
Turns out it was not an issue with the page. Firefox 135 added support for ML-KEM in QUIC. Before that, it was only supported in non-QUIC connections. In Firefox 135, the above page shows that the connection is quantum-safe, even when connecting via QUIC.

But it was not a Void packaging issue either, so no changes required in Void.