Hi Marcos, On 1/12/26 16:23, Marcos Theophylactou via dnsdist wrote:
I tested my dnsdist instance using testssl <https://github.com/testssl/ testssl.sh> and it reports that KEMs are offered (X25519MLKEM768). Using a EC 384 bits Lets Encrypt certificate. Haven't done sniffing to see whether the KEMs are actually used by clients though.FWIW, testssl also reports that dnsdist is offering Obsoleted CBC ciphers (AES, ARIA etc.)
Interesting, but note that DNSdist's default configuration doesn't override OpenSSL's defaults (unless you are using the h2o DoH provider), so it depends which version you are using (and in some cases the defaults set by your distribution).
Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
