aws · CarolYeh910 · Jun 4, 2026 · Jun 4, 2026
diff --git a/tests/policy_snapshot/snapshots/20260219 b/tests/policy_snapshot/snapshots/20260219
@@ -0,0 +1,18 @@
+min version: TLS1.3
+rules:
+- Perfect Forward Secrecy: yes
+- FIPS 140-3 (2019): yes
+cipher suites:
+- TLS_AES_256_GCM_SHA384
+signature schemes:
+- mldsa87
+curves:
+certificate preferences apply locally
+certificate signature schemes:
+- mldsa87
+certificate keys:
+- mldsa_87
+pq:
+- revision: 5
+- kem groups:
+-- MLKEM1024
diff --git a/tests/policy_snapshot/snapshots/20260220 b/tests/policy_snapshot/snapshots/20260220
@@ -0,0 +1,24 @@
+min version: TLS1.2
+rules:
+- Perfect Forward Secrecy: yes
+- FIPS 140-3 (2019): yes
+cipher suites:
+- TLS_AES_256_GCM_SHA384
+- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+signature schemes:
+- mldsa87
+- ecdsa_sha384
+- rsa_pss_pss_sha384
+- rsa_pss_rsae_sha384
+- rsa_pkcs1_sha384
+curves:
+- secp384r1
+certificate signature schemes:
+- mldsa87
+- ecdsa_sha384
+- rsa_pkcs1_sha384
+pq:
+- revision: 5
+- kem groups:
+-- MLKEM1024
diff --git a/tests/policy_snapshot/snapshots/20260513 b/tests/policy_snapshot/snapshots/20260513
@@ -0,0 +1,42 @@
+min version: TLS1.3
+rules:
+- Perfect Forward Secrecy: yes
+- FIPS 140-3 (2019): yes
+cipher suites:
+- TLS_AES_256_GCM_SHA384
+signature schemes:
+- mldsa87
+- ecdsa_sha256
+- ecdsa_sha384
+- ecdsa_sha512
+- rsa_pss_pss_sha256
+- rsa_pss_pss_sha384
+- rsa_pss_pss_sha512
+- rsa_pss_rsae_sha256
+- rsa_pss_rsae_sha384
+- rsa_pss_rsae_sha512
+- rsa_pkcs1_sha256
+- rsa_pkcs1_sha384
+- rsa_pkcs1_sha512
+curves:
+- secp384r1
+certificate signature schemes:
+- mldsa87
+- rsa_pss_pss_sha256
+- rsa_pss_pss_sha384
+- rsa_pss_pss_sha512
+- rsa_pss_rsae_sha256
+- rsa_pss_rsae_sha384
+- rsa_pss_rsae_sha512
+- rsa_pkcs1_sha256
+- rsa_pkcs1_sha384
+- rsa_pkcs1_sha512
+- legacy_rsa_sha224
+- ecdsa_sha256
+- ecdsa_sha384
+- ecdsa_sha512
+- legacy_ecdsa_sha224
+pq:
+- revision: 5
+- kem groups:
+-- MLKEM1024
diff --git a/tests/unit/s2n_security_policies_test.c b/tests/unit/s2n_security_policies_test.c
@@ -15,6 +15,7 @@
 
 #include "tls/s2n_security_policies.h"
 
+#include "crypto/s2n_mldsa.h"
 #include "crypto/s2n_pq.h"
 #include "crypto/s2n_rsa_pss.h"
 #include "s2n_test.h"
@@ -994,6 +995,17 @@ int main(int argc, char **argv)
 
                 /* 20250211 > 20250414 (with p-384 cert only) */
                 EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20250211, "20250414", ecdsa_sha384_chain_and_key));
+
+                /* 20250414 > 20260513 (with either p-256 or p-384 cert) */
+                EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20250414, "20260513", ecdsa_sha384_chain_and_key));
+                EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20250414, "20260513", ecdsa_sha256_chain_and_key));
+
+                /* 20260513 also supports ML-DSA-87 certs */
+                if (s2n_mldsa_is_supported()) {
+                    DEFER_CLEANUP(struct s2n_cert_chain_and_key *mldsa87_chain_and_key = NULL, s2n_cert_chain_and_key_ptr_free);
+                    EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&mldsa87_chain_and_key, S2N_MLDSA87_CERT, S2N_MLDSA87_KEY));
+                    EXPECT_OK(s2n_test_security_policies_compatible(&security_policy_20260513, "20260513", mldsa87_chain_and_key));
+                }
             };
         };
     };

diff --git a/tls/s2n_security_policies.c b/tls/s2n_security_policies.c
@@ -1335,6 +1335,7 @@ const struct s2n_security_policy security_policy_20251117 = {
     .strongly_preferred_groups = &cnsa_1_strong_preference,
 };
 
+/* strict CNSA 2.0 policy */
 const struct s2n_security_policy security_policy_20260219 = {
     .minimum_protocol_version = S2N_TLS13,
     .cipher_preferences = &cipher_preferences_20250211,
@@ -1350,6 +1351,7 @@ const struct s2n_security_policy security_policy_20260219 = {
     },
 };
 
+/* CNSA 1.0 - 2.0 interop policy */
 const struct s2n_security_policy security_policy_20260220 = {
     .minimum_protocol_version = S2N_TLS12,
     .cipher_preferences = &cipher_preferences_20260220,
@@ -1363,6 +1365,20 @@ const struct s2n_security_policy security_policy_20260220 = {
     },
 };
 
+/* 20250414 with pure MLKEM1024 and ML-DSA-87 added, compatible with CNSA 2.0 */
+const struct s2n_security_policy security_policy_20260513 = {
+    .minimum_protocol_version = S2N_TLS13,
+    .cipher_preferences = &cipher_preferences_20250211,
+    .kem_preferences = &kem_preferences_pq_tls_1_3_cnsa2_2026_02,
+    .signature_preferences = &s2n_signature_preferences_20260513,
+    .certificate_signature_preferences = &s2n_certificate_signature_preferences_20260514,
+    .ecc_preferences = &s2n_ecc_preferences_20210816,
+    .rules = {
+            [S2N_PERFECT_FORWARD_SECRECY] = true,
+            [S2N_FIPS_140_3] = true,
+    },
+};
+
 const struct s2n_security_policy security_policy_20260520 = {
     .minimum_protocol_version = S2N_TLS10,
     .cipher_preferences = &cipher_preferences_20260520,
@@ -1675,6 +1691,9 @@ struct s2n_security_policy_selection security_policy_selection[] = {
     { .version = "20251116", .security_policy = &security_policy_20251116, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     /* the same as 20251114, but without any SHA1 HMAC ciphers */
     { .version = "20251117", .security_policy = &security_policy_20251117, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
+    { .version = "20260219", .security_policy = &security_policy_20260219, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
+    { .version = "20260220", .security_policy = &security_policy_20260220, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
+    { .version = "20260513", .security_policy = &security_policy_20260513, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     { .version = "20260520", .security_policy = &security_policy_20260520, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     { .version = "20260520_gcm", .security_policy = &security_policy_20260520_gcm, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     { .version = "20260521", .security_policy = &security_policy_20260521, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },

diff --git a/tls/s2n_security_policies.h b/tls/s2n_security_policies.h
@@ -203,6 +203,7 @@ extern const struct s2n_security_policy security_policy_20250429;
 extern const struct s2n_security_policy security_policy_20251013;
 extern const struct s2n_security_policy security_policy_20260219;
 extern const struct s2n_security_policy security_policy_20260220;
+extern const struct s2n_security_policy security_policy_20260513;
 extern const struct s2n_security_policy security_policy_20260520;
 extern const struct s2n_security_policy security_policy_20260520_gcm;
 extern const struct s2n_security_policy security_policy_20260521;

diff --git a/tls/s2n_signature_scheme.c b/tls/s2n_signature_scheme.c
@@ -877,3 +877,65 @@ const struct s2n_signature_preferences s2n_certificate_signature_preferences_202
     .count = s2n_array_len(s2n_cert_sig_scheme_pref_list_20260220),
     .signature_schemes = s2n_cert_sig_scheme_pref_list_20260220,
 };
+
+/* 20240501 with ML-DSA-87 added */
+const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20260513[] = {
+    /* CNSA 2.0 */
+    &s2n_mldsa87,
+
+    /* ECDSA */
+    &s2n_ecdsa_sha256,
+    &s2n_ecdsa_sha384,
+    &s2n_ecdsa_sha512,
+
+    /* RSA-PSS */
+    &s2n_rsa_pss_pss_sha256,
+    &s2n_rsa_pss_pss_sha384,
+    &s2n_rsa_pss_pss_sha512,
+
+    /* RSA */
+    &s2n_rsa_pss_rsae_sha256,
+    &s2n_rsa_pss_rsae_sha384,
+    &s2n_rsa_pss_rsae_sha512,
+
+    /* Legacy RSA with PKCS1 */
+    &s2n_rsa_pkcs1_sha256,
+    &s2n_rsa_pkcs1_sha384,
+    &s2n_rsa_pkcs1_sha512,
+};
+
+const struct s2n_signature_preferences s2n_signature_preferences_20260513 = {
+    .count = s2n_array_len(s2n_sig_scheme_pref_list_20260513),
+    .signature_schemes = s2n_sig_scheme_pref_list_20260513,
+};
+
+/* 20201110 with ML-DSA-87 added */
+const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20260514[] = {
+    /* CNSA 2.0 */
+    &s2n_mldsa87,
+
+    /* RSA PSS */
+    &s2n_rsa_pss_pss_sha256,
+    &s2n_rsa_pss_pss_sha384,
+    &s2n_rsa_pss_pss_sha512,
+    &s2n_rsa_pss_rsae_sha256,
+    &s2n_rsa_pss_rsae_sha384,
+    &s2n_rsa_pss_rsae_sha512,
+
+    /* RSA PKCS1 */
+    &s2n_rsa_pkcs1_sha256,
+    &s2n_rsa_pkcs1_sha384,
+    &s2n_rsa_pkcs1_sha512,
+    &s2n_rsa_pkcs1_sha224,
+
+    /* ECDSA */
+    &s2n_ecdsa_sha256,
+    &s2n_ecdsa_sha384,
+    &s2n_ecdsa_sha512,
+    &s2n_ecdsa_sha224,
+};
+
+const struct s2n_signature_preferences s2n_certificate_signature_preferences_20260514 = {
+    .count = s2n_array_len(s2n_sig_scheme_pref_list_20260514),
+    .signature_schemes = s2n_sig_scheme_pref_list_20260514,
+};
diff --git a/tls/s2n_signature_scheme.h b/tls/s2n_signature_scheme.h
@@ -96,12 +96,14 @@ extern const struct s2n_signature_preferences s2n_signature_preferences_20250821
 extern const struct s2n_signature_preferences s2n_signature_preferences_20251113;
 extern const struct s2n_signature_preferences s2n_signature_preferences_20260219;
 extern const struct s2n_signature_preferences s2n_signature_preferences_20260220;
+extern const struct s2n_signature_preferences s2n_signature_preferences_20260513;
 extern const struct s2n_signature_preferences s2n_signature_preferences_default_fips;
 extern const struct s2n_signature_preferences s2n_signature_preferences_null;
 extern const struct s2n_signature_preferences s2n_signature_preferences_test_all_fips;
 extern const struct s2n_signature_preferences s2n_signature_preferences_all;
 extern const struct s2n_signature_preferences s2n_signature_preferences_20250813;
 
+extern const struct s2n_signature_preferences s2n_certificate_signature_preferences_20260514;
 extern const struct s2n_signature_preferences s2n_certificate_signature_preferences_20260220;
 extern const struct s2n_signature_preferences s2n_certificate_signature_preferences_20251113;
 extern const struct s2n_signature_preferences s2n_certificate_signature_preferences_20250512;