This release adds the following Validation Authority features.
Support for Thales TCT (ATEAM-18526)
This release adds support for the Thales TCT (Trusted Cyber Technologies) HSM (Hardware Security Module).
See HSM requirements for all the supported Hardware Security Modules.
Post-quantum cryptography support (ATEAM-18750)
This release supports Luna and nShield HSMs (Hardware Security Modules) with PQC (Post-quantum cryptography) drivers.
- See evactl create-key for instructions on selecting a Module-Lattice-Based Digital Signature Algorithm when creating the key for signing OCSP responses.
- See HSM requirements for all the supported Hardware Security Modules.
Support for RSA-PSS (ATEAM-18753)
New Use RSA-PSS option to enable RSA-PSS (Probabilistic Signature Scheme) when signing OCSP responses.
See OCSP Responder for details on this option.