Allow disabling post-quantum key agreement in TLS

USAGE.txt

@@ -97,3 +97,7 @@ Options:
   --ssl-key-log-file=<path>
 
     Saves SSL keys for Wireshark inspection.
+
+  --no-post-quantum
+
+    Overrides the default and disables post-quantum key agreement.

src/net/tools/naive/naive_config.cc

@@ -192,6 +192,10 @@ bool NaiveConfig::Parse(const base::Value::Dict& value) {
     }
   }
 
+  if (const base::Value* v = value.Find("no-post-quantum")) {
+    no_post_quantum = true;
+  }
+
   return true;
 }
 

src/net/tools/naive/naive_config.h

@@ -54,6 +54,8 @@ struct NaiveConfig {
 
   base::FilePath ssl_key_log_file;
 
+  std::optional<bool> no_post_quantum;
+
   NaiveConfig();
   NaiveConfig(const NaiveConfig&);
   ~NaiveConfig();

src/net/tools/naive/naive_proxy_bin.cc

@@ -212,6 +212,21 @@ std::unique_ptr<URLRequestContext> BuildURLRequestContext(
       config.extra_headers,
       std::vector<PaddingType>{PaddingType::kVariant1, PaddingType::kNone}));
 
+  if (config.no_post_quantum == true) {
+    struct NoPostQuantum : public SSLConfigService {
+      SSLContextConfig GetSSLContextConfig() override {
+        SSLContextConfig config;
+        config.post_quantum_override = false;
+        return config;
+      }
+
+      bool CanShareConnectionWithClientCerts(std::string_view) const override {
+        return false;
+      }
+    };
+    builder.set_ssl_config_service(std::make_unique<NoPostQuantum>());
+  }
+
   auto context = builder.Build();
 
   if (!config.proxy_url.empty() && !config.proxy_user.empty() &&
@@ -358,6 +373,7 @@ int main(int argc, char* argv[]) {
                  "--log[=<path>]             Log to stderr, or file\n"
                  "--log-net-log=<path>       Save NetLog\n"
                  "--ssl-key-log-file=<path>  Save SSL keys for Wireshark\n"
+                 "--no-post-quantum          No post-quantum key agreement\n"
               << std::endl;
     exit(EXIT_SUCCESS);
   }