Update KMS PQ integration test to assert ML-KEM

### Problem:

The KMS PQ integration test started failing because an unexpected KEM group was being negotiated. See https://github.com/aws/s2n-tls/pull/5082. It appears that some KMS hosts have been updated with a new security policy that supports ML-KEM, and the resulting kyber KEM group preference changed as a result of that.

Ideally we would update the integration test to negotiate ML-KEM and assert that ML-KEM was negotiated, but this was flaky when I tried it. I think some of the KMS hosts still only support the draft KEM groups. For now, the test just asserts that _any_ KEM group was negotiated.

### Solution:

After ML-KEM is fully supported, we should [update the test](https://github.com/aws/s2n-tls/blob/c6b41ef06d539d040315208fd9edeba221093fa7/bindings/rust/standard/integration/src/network/tls_client.rs#L48) to assert that ML-KEM was specifically negotiated.

[//]: #  (NOTE: If you believe this might be a security issue, please email aws-security@amazon.com instead of creating a GitHub issue. For more details, see the AWS Vulnerability Reporting Guide: https://aws.amazon.com/security/vulnerability-reporting/ )


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update KMS PQ integration test to assert ML-KEM #5086

Problem:

Solution:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development