On 01/11/2025 06:18, Viktor Dukhovni via Exim-users wrote: > By the way, probing more closely, I encounter TLS handshake timeouts > with mail[12].polisen.se only over IPv6, otherwise identical IPv4 TLS > handshakes with X25519MLKEM768 keyshares succeed.
Ok, didn't try that. I only recognized that they are limited to TLS1.2 anyway. And I just checked my logs for TLS troubles after upgrading to OpenSSL 3.5 and found them as the one destination of importance (most likely for our international students). I didn't contact them actively and concentrated on learning a lot about real world PQC with 3.5 and configuring our end in a way to just work even with such hosts. In the end I added Groups = X25519MLKEM768:*x25519:secp256r1:x448:secp384r1:secp521r1:ffdhe2048:ffdhe3072 to openssl.cnf to keep what I read as default from a client hello tcpdump, but without the initial keyshare as you wrote here already. Is there a commandline way to get this ordered default list from openssl? "openssl list -tls1_X -tls-groups" only outputs a list of supported groups. I can live with the additional "change cipher spec" round trip. And I don't see any issues with outgoing handshakes since. Greetings, Wolfgang -- Wolfgang Breyha <[email protected]> | https://www.blafasel.at/ Vienna University Computer Center | Austria -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
