bneradt commented on issue #12622: URL: https://github.com/apache/trafficserver/issues/12622#issuecomment-3468616702
Thanks for the feedback @masaori335! I've implemented a fix that adds dynamic TLS group registration (commit c5af89e21). The changes include: 1. **Added missing KEM groups** to the hardcoded list: X448MLKEM1024 and SecP384r1MLKEM1024 2. **Implemented dynamic registration**: When an unknown group is encountered during handshake, it's automatically registered as a metric. This ensures forward-compatibility with any new groups OpenSSL might add in the future. This should resolve the issue where KEMs were showing up as "OTHER" instead of their actual group names like X25519MLKEM768. Regarding `SSL_CTX_get0_implemented_groups`: I attempted to use this function to dynamically discover all supported groups at initialization (similar to how BoringSSL uses `SSL_get_all_group_names`), but I'm having difficulty getting it to work correctly. Could you provide an example of how to use `SSL_CTX_get0_implemented_groups` properly? The macro signature suggests it takes a STACK_OF(OPENSSL_CSTRING) but I'm getting segfaults when trying to use it. In the meantime, the dynamic registration approach should handle the issue effectively. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
