On Fri, Sep 20, 2024 at 20:06:43 +1000, Viktor Dukhovni via Postfix-users wrote:
> If it is possible to test kyber768 with OpenSSL 3.0 or 3.1, please do,
> and post your findings to the list.
Tested with OpenSSL 3.0 as well now (RHEL 9 version), with oqs-provider added.
$ openssl version
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
$ ./bin/postconf mail_version
mail_version = 3.10-20240917
(built from Viktor's provider-kex branch)
$ ./bin/posttls-finger -c -o tls_eecdh_auto_curves='x25519_mlkem768
x25519_kyber768 X25519' gmail.com | grep established
posttls-finger: Untrusted TLS connection established to
gmail-smtp-in.l.google.com[2a00:1450:400c:c0b::1a]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519_mlkem768
server-signature ECDSA (prime256v1) server-digest SHA256
(Google is now supporting both x25519_kyber768 and x25519_mlkem768, both
preferred over traditional TLSv1.3 key exchanges with HRR.)
Thanks Viktor!
Geert
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
