Merge pull request #5021 from wso2/hwupathum-patch-2

himeshsiriwardana · web-flow · commit 815a606f52d1 · 2025-02-06T13:08:12.000+05:30
Update post-quantum TLS configuration documentation
diff --git a/en/includes/deploy/security/configure-post-quantum-tls.md b/en/includes/deploy/security/configure-post-quantum-tls.md
@@ -1,7 +1,13 @@
 # Configure Post-Quantum TLS
 
+{% if is_version == "7.0.0" %}
+To overcome the quantum threat on traditional cryptographic techniques, WSO2 Identity Server integrates post-quantum cryptography with the current traditional methods. Specifically, it adopts the [X25519+Kyber](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/) key agreement algorithm for inbound TLS communications, ensuring robust protection against quantum threats. To configure TLS with post-quantum security, WSO2 Identity Server should be configured to utilize OpenSSL 3.x as the JSSE provider, along with [liboqs](https://openquantumsafe.org/liboqs/) library to support post-quantum algorithms.
+
+{% else %}
 To overcome the quantum threat on traditional cryptographic techniques, {{product_name}} integrates post-quantum cryptography with the current traditional methods. Specifically, it adopts the [X25519MLKEM768](https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/03/) key agreement algorithm for inbound TLS communications, ensuring robust protection against quantum threats. To configure TLS with post-quantum security, {{product_name}} should be configured to utilize OpenSSL 3.x as the JSSE provider, along with [liboqs](https://openquantumsafe.org/liboqs/) library to support post-quantum algorithms.
 
+{% endif %}
+
 Post-quantum TLS is **disabled** by default on {{product_name}}.
 
 !!! note
@@ -149,6 +155,17 @@ Follow the instructions given below to install the required runtime dependencies
 
 1. Shut down the {{product_name}} instance if it's running.
 2. Add the following configurations to the `<IS_HOME>/repository/conf/deployment.toml` file.
+   
+    {% if is_version == "7.0.0" %}
+    ``` toml
+    [transport.https.openssl]
+    enabled = true
+    named_groups="x25519_kyber768:x25519"
+    [transport.https.sslHostConfig.properties]
+    protocols="TLSv1+TLSv1.1+TLSv1.2+TLSv1.3"
+    ```
+
+    {% else %}
     ``` toml
     [transport.https.openssl]
     enabled = true
@@ -157,6 +174,7 @@ Follow the instructions given below to install the required runtime dependencies
     [transport.https.sslHostConfig.properties]
     protocols="TLSv1+TLSv1.1+TLSv1.2+TLSv1.3"
     ```
+    {% endif %}
 3. Restart {{product_name}}.
 
 
