mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-05-05 12:16:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

tailcfg: add node attribute to trigger PQC (ML-KEM-768 wg handshake)

Browse Source 
Signed-off-by: Adriano Sela Aviles <adriano@tailscale.com>
This commit is contained in:
Adriano Sela Aviles 2026-05-01 15:03:09 -07:00
parent 290a6cc03c
commit c7302d5a3c
No known key found for this signature in database
GPG Key ID: 28128631BCCBB1BB
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tailcfg/tailcfg.go
View File

@ -2788,6 +2788,13 @@ const (
// that does not originate from the Tailscale network interface.
// This enables access to off-tailnet endpoints within that IP range.
NodeAttrDisableLinuxCGNATDropRule NodeCapability = "disable-linux-cgnat-drop-rule"
// NodeAttrPostQuantumCrypto enables the hybrid ML-KEM-768 + Noise_IKpsk2
// WireGuard handshake (FIPS 203) on this node. When set, the node uses
// message types 5 and 6 instead of the standard types 1 and 2. All
// nodes in the tailnet must have this attribute set identically; no
// mixed-mode operation is supported.
NodeAttrPostQuantumCrypto NodeCapability = "post-quantum-crypto"
)
const (