Add support for ML-KEM in Post-Quantum TLS Config (aws#5870)

* Add support for ML-KEM in Post-Quantum TLS

* Remove TODO

Author: alexw91

.changes/next-release/feature-AWSCRTHTTPClient-7ff47eb.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS CRT HTTP Client",
+    "contributor": "alexw91",
+    "description": "Add support for ML-KEM in Post-Quantum TLS Config"
+}

http-clients/aws-crt-client/src/main/java/software/amazon/awssdk/http/crt/internal/AwsCrtConfigurationUtils.java

@@ -58,8 +58,7 @@ public static TlsCipherPreference resolveCipherPreference(Boolean postQuantumTls
             return defaultTls;
         }
 
-        // TODO: change this to the new PQ TLS Policy that stays up to date when it's ready
-        TlsCipherPreference pqTls = TlsCipherPreference.TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05;
+        TlsCipherPreference pqTls = TlsCipherPreference.TLS_CIPHER_PQ_DEFAULT;
         if (!pqTls.isSupported()) {
             log.warn(() -> "Hybrid post-quantum cipher suites are not supported on this platform. The SDK will use the system "
                            + "default cipher suites instead");

http-clients/aws-crt-client/src/test/java/software/amazon/awssdk/http/crt/internal/AwsCrtConfigurationUtilsTest.java

@@ -16,7 +16,7 @@
 package software.amazon.awssdk.http.crt.internal;
 
 import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
-import static software.amazon.awssdk.crt.io.TlsCipherPreference.TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05;
+import static software.amazon.awssdk.crt.io.TlsCipherPreference.TLS_CIPHER_PQ_DEFAULT;
 import static software.amazon.awssdk.crt.io.TlsCipherPreference.TLS_CIPHER_SYSTEM_DEFAULT;
 
 import java.time.Duration;
@@ -43,14 +43,14 @@ public static void tearDown() {
     @MethodSource("cipherPreferences")
     void resolveCipherPreference_pqNotSupported_shouldFallbackToSystemDefault(Boolean preferPqTls,
                                                                               TlsCipherPreference tlsCipherPreference) {
-        Assumptions.assumeFalse(TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05.isSupported());
+        Assumptions.assumeFalse(TLS_CIPHER_PQ_DEFAULT.isSupported());
         assertThat(AwsCrtConfigurationUtils.resolveCipherPreference(preferPqTls)).isEqualTo(tlsCipherPreference);
     }
 
     @Test
     void resolveCipherPreference_pqSupported_shouldHonor() {
-        Assumptions.assumeTrue(TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05.isSupported());
-        assertThat(AwsCrtConfigurationUtils.resolveCipherPreference(true)).isEqualTo(TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05);
+        Assumptions.assumeTrue(TLS_CIPHER_PQ_DEFAULT.isSupported());
+        assertThat(AwsCrtConfigurationUtils.resolveCipherPreference(true)).isEqualTo(TLS_CIPHER_PQ_DEFAULT);
     }
 
     private static Stream<Arguments> cipherPreferences() {

pom.xml

@@ -124,7 +124,7 @@
         <rxjava.version>2.2.21</rxjava.version>
         <commons-codec.verion>1.17.1</commons-codec.verion>
         <jmh.version>1.37</jmh.version>
-        <awscrt.version>0.33.9</awscrt.version>
+        <awscrt.version>0.34.1</awscrt.version>
 
         <!--Test dependencies -->
         <junit5.version>5.10.0</junit5.version>