Frank DENIS random thoughts.

How to enable post-quantum key exchange and AEGIS in Nginx

TLS1.3 is evolving to meet new security challenges.

Two recent developments are post-quantum key exchange and the proposed AEGIS-based TLS cipher suites.

With OpenSSL 3.5 (including specialized branches that enable AEGIS), you can easily compile and run Nginx with these features.

Let’s see how to build Nginx with X25519MLKEM768 and AEGIS.

Prerequisites

  1. Build tools like make, gcc (or clang), and perl (for OpenSSL).
  2. PCRE libraries for Nginx (if building with the recommended modules).
  3. Git (to clone the AEGIS-enabled OpenSSL repository).
  4. Nginx source tarball from nginx.org.

Step 1: Extract the Nginx source code

tar xzf nginx-*.tar.gz
cd nginx-*

Step 2: Clone the AEGIS-enabled OpenSSL source code

git clone --branch=openssl-3.5.0-beta1-aegis --depth=1 \
  https://github.com/aegis-aead/openssl.git /tmp/openssl-src

This branch includes:

  • The post-quantum key exchange mechanis, (X25519MLKEM768)
  • AEGIS cipher suites such as TLS_AEGIS_128L_SHA256 and TLS_AEGIS_128X2_SHA256

Step 3: Configure Nginx to use the custom OpenSSL

From the extracted Nginx source directory:

./configure \
  --prefix=/opt/nginx \
  --conf-path=/etc/nginx/nginx.conf \
  --user=www-data --group=www-data \
  --with-openssl=/tmp/openssl-src \
  --with-http_ssl_module \
  --with-http_v3_module \
  --with-http_v2_module \
  --with-http_realip_module \
  --with-http_mp4_module \
  --with-http_gzip_static_module \
  --with-pcre-jit \
  --with-http_stub_status_module

You can adjust:

  • --prefix (where Nginx will be installed)
  • --conf-path (location of the main Nginx configuration file)
  • --user and --group (system user/group for Nginx to run under)

Finally, build and install:

make && make install

Note that OpenSSL will only be statically linked into Nginx. It will not be installed, nor will it overwrite any existing OpenSSL installation.

Step 4: Enable AEGIS in Your Nginx Configuration

Open your Nginx configuration file (usually /etc/nginx/nginx.conf) and add the following line inside the http block:

ssl_conf_command Ciphersuites "TLS_AEGIS_128L_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384";

This line instructs Nginx (through OpenSSL) to use AEGIS-128L first, falling back to AES-based ciphers if needed. For testing, you can also try TLS_AEGIS_128X2_SHA256 though it may not yet have an officially assigned TLS identifier.

Step 5: Restart and Test

Restart Nginx with your new configuration. Then, test connectivity with a client that supports the new features. For example, using BoringSSL’s bssl client (or any PQ-enabled TLS client):

bssl client -connect libsodium.org -curves X25519MLKEM768

You should see a successful handshake similar to:

Connected.
  Version: TLSv1.3
  Resumed session: no
  Cipher: TLS_AEGIS_128L_SHA256
  ECDHE group: X25519MLKEM768
  Signature algorithm: ecdsa_secp256r1_sha256
  Secure renegotiation: yes
  ...

You have successfully enabled AEGIS encryption and the post-quantum key exchange mechanism.

Your Nginx server can now negotiate forward-looking, secure TLS sessions as soon as clients start adopting these new features.