Hi Christoph, On 1/10/26 00:42, Christoph via dnsdist wrote:
someone reached out to us and asked whether we could support post-quantum safe TLS 1.3 options on our public resolvers.Since most browsers have support for X25519MLKEM768https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc- support/and openssl 3.5 in debian stable supports it, I was wondering how to enable it in dnsdist but I didn't find any parameter in addDOHLocal() to configure ECDHE curves? https://www.dnsdist.org/reference/config.html#addDOHLocal Is this currently supported?
I don't think we have any way to configure this today, no. I opened an issue [1] on our bug tracker. If it's as easy as it seems to be I would be ready to backport this change to 2.0.x.
[1]: https://github.com/PowerDNS/pdns/issues/16715 Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
