Hi,
Correct. I am on Debian 13 (trixie) that provides openssl 3.5.4 our of the box. BR, Marcos ---- On Mon, 12 Jan 2026 17:27:24 +0200 Remi Gacogne via dnsdist <[email protected]> wrote --- Hi Marcos, On 1/12/26 16:23, Marcos Theophylactou via dnsdist wrote: > I tested my dnsdist instance using testssl < https://github.com/testssl/ > testssl.sh> and it reports that KEMs are offered (X25519MLKEM768). Using > a EC 384 bits Lets Encrypt certificate. Haven't done sniffing to see > whether the KEMs are actually used by clients though. > > FWIW, testssl also reports that dnsdist is offering Obsoleted CBC > ciphers (AES, ARIA etc.) Interesting, but note that DNSdist's default configuration doesn't override OpenSSL's defaults (unless you are using the h2o DoH provider), so it depends which version you are using (and in some cases the defaults set by your distribution). Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ dnsdist mailing list mailto:[email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.
_______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
