On Sat, Nov 01, 2025 at 04:24:39PM +0100, Wolfgang Breyha via Exim-users wrote:
> In the end I added
>
> Groups =
> X25519MLKEM768:*x25519:secp256r1:x448:secp384r1:secp521r1:ffdhe2048:ffdhe3072
>
> to openssl.cnf to keep what I read as default from a client hello
> tcpdump, but without the initial keyshare as you wrote here already.
>
> Is there a commandline way to get this ordered default list from openssl?
> "openssl list -tls1_X -tls-groups" only outputs a list of supported groups.
There isn't currently a command-line that directly lists the default
groups list, perhaps that should be added. However you can keep the
default essentially as-is and simply turn off the PQ keyshare, by
setting the group list to "X25519MLKEM768 : DEFAULT".
That initial element does not have an associated keyshare and subsequent
instances of the same group are ignored.
> I can live with the additional "change cipher spec" round trip. And I don't
> see any issues with outgoing handshakes since.
You meant "Hello Retry Request" (HRR) round-trip, but sure the cost is
generally not a significant issue for SMTP clients.
--
Viktor. 🇺🇦 Слава Україні!
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
