Sebastian Andrzej Siewior via Postfix-devel:
> tls_eecdh_auto_curves contains various groups for key exchange. With
> OpenSSL 3.5+ X25519MLKEM768 is available for a hybrid MLKEM-768+X25519
> key exchange. Since X25519MLKEM768 isn't part of group, this is key
> exchange is not possible.
>
> Add X25519MLKEM768 to the default list for tls_eecdh_auto_curves.
Unfortunately that is a maintenance nightmare.
We have a better fix: deprecate explicit curve settings and
rely on the OpenSSL defaults.
Wietse
_______________________________________________
Postfix-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
