Viktor Dukhovni via Exim-users wrote on 29.05.2025 4:06: > On Wed, May 28, 2025 at 11:05:45PM +0300, Viktor Ustiuhov via Exim-users > wrote: > >> There has been a lot of discussion on this list about the risks of using >> legacy TLS protocol versions. But what about supporting new TLS >> features, such as hybrid post-quantum key exchange? >> >> System-wide configuration of TLS groups (e.g., via openssl.cnf) is >> already possible, and that may be sufficient in many cases. However, as >> Viktor Dukhovni pointed out in [email protected], there are >> interoperability issues with some MX hosts when hybrid TLS groups are used. >> >> This makes it highly desirable to have per-transport TLS group control >> in Exim — specifically in the remote_smtp transport. For outgoing mail, >> this would allow selecting different sets of elliptic curves and >> post-quantum or hybrid TLS groups depending on the destination. In >> practice, this would involve using the SSL_set1_groups_list() function, >> which supports both classic curves (e.g., X25519, secp256r1) and newer >> hybrid/post-quantum groups (e.g., X25519MLKEM768, mlkem768, etc.). >> >> For incoming mail, it may also be useful to support such groups. In this >> case, OpenSSL requires the use of SSL_CTX_set1_groups_list() (rather >> than SSL_CTX_set1_groups()) to specify TLS groups that do not have a >> numeric identifier (NID). > > One approach that is likely to work-around PQ-impedance is to set the > protocol version to TLSv1.2 (fixed or ceiling). In that case, PQ > keyshares aren't sent and STARTTLS works with "boeing.com" (still > hangs with default TLS 1.3 connections under OpenSSL 3.5). >
By the way, I’ve found that it’s possible to connect to the MX hosts of the boeing.com domain using mlkem512: openssl s_client -connect clt-mbsin-01.mbs.boeing.net:25 -servername clt-mbsin-01.mbs.boeing.net -starttls smtp -groups mlkem512 Apparently, the connection doesn’t hang in this case because the ClientHello is smaller than when using X25519MLKEM768, mlkem768, or mlkem1024. However, it’s surprising that I don’t see the key_share extension in the ServerHello. -- Best wishes Viktor Ustiuhov mailto:[email protected] -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
