How to enable post-quantum key exchange and AEGIS in Nginx

TLS 1.3 keeps getting better.

Two recent developments: post-quantum key exchange and AEGIS-based TLS cipher suites.

With OpenSSL 3.5 (including specialized branches that enable AEGIS), you can compile and run Nginx with these features.

Here’s how to build Nginx with X25519MLKEM768 and AEGIS.

Prerequisites

  1. Build tools like make, gcc (or clang), and perl (for OpenSSL).
  2. PCRE libraries for Nginx (if building with the recommended modules).
  3. Git (to clone the AEGIS-enabled OpenSSL repository).
  4. Nginx source tarball from nginx.org.

Step 1: extract the Nginx source code

tar xzf nginx-*.tar.gz
cd nginx-*

Step 2: clone the AEGIS-enabled OpenSSL source code

git clone --branch=openssl-3.5.0-beta1-aegis --depth=1 \
  https://github.com/aegis-aead/openssl.git /tmp/openssl-src

This branch includes:

  • The post-quantum key exchange mechanism (X25519MLKEM768)
  • AEGIS cipher suites like TLS_AEGIS_128L_SHA256 and TLS_AEGIS_128X2_SHA256

Step 3: configure Nginx to use the custom OpenSSL

From the extracted Nginx source directory:

./configure \
  --prefix=/opt/nginx \
  --conf-path=/etc/nginx/nginx.conf \
  --user=www-data --group=www-data \
  --with-openssl=/tmp/openssl-src \
  --with-http_ssl_module \
  --with-http_v3_module \
  --with-http_v2_module \
  --with-http_realip_module \
  --with-http_mp4_module \
  --with-http_gzip_static_module \
  --with-pcre-jit \
  --with-http_stub_status_module

Build and install:

make && make install

OpenSSL statically links into Nginx and won’t overwrite existing installations.

Step 4: enable AEGIS in your Nginx configuration

Add this line to the http block in your Nginx configuration:

ssl_conf_command Ciphersuites "TLS_AEGIS_128L_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384";

This uses AEGIS-128L first, falling back to AES-based ciphers if needed.

Step 5: restart and test

Restart Nginx and test with a client that supports the new features:

bssl client -connect libsodium.org -curves X25519MLKEM768

You should see:

Connected.
  Version: TLSv1.3
  Resumed session: no
  Cipher: TLS_AEGIS_128L_SHA256
  ECDHE group: X25519MLKEM768
  Signature algorithm: ecdsa_secp256r1_sha256
  Secure renegotiation: yes
  ...

Done. Your Nginx server can now negotiate post-quantum key exchange and AEGIS encryption.