On 2025-10-12 15:47:38 [-0400], Wietse Venema wrote: > Sebastian Andrzej Siewior via Postfix-devel: > > tls_eecdh_auto_curves contains various groups for key exchange. With > > OpenSSL 3.5+ X25519MLKEM768 is available for a hybrid MLKEM-768+X25519 > > key exchange. Since X25519MLKEM768 isn't part of group, this is key > > exchange is not possible. > > > > Add X25519MLKEM768 to the default list for tls_eecdh_auto_curves. > > Unfortunately that is a maintenance nightmare. True
> We have a better fix: deprecate explicit curve settings and > rely on the OpenSSL defaults. Do you suggest DEF_TLS_EECDH_AUTO/ tls_eecdh_auto_curves should become an empty string by default or did I missunderstood? > Wietse Sebastian _______________________________________________ Postfix-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
