On Wed, Sep 18, 2024 at 14:02:32 +0200, Geert Hendrickx via Postfix-users wrote:
> On Wed, Sep 18, 2024 at 21:29:07 +1000, Viktor Dukhovni via Postfix-users
> wrote:
> > You should initially test with "posttls-finger",
>
> `posttls-finger -L ssl-debug` shows succesful TLS negotiation, but without
> much detail on the TLS options. I can tell from wireshark that the client
> (s_client) advertises x25519_kyber768, but the server doesn't select it (as
> it already logged on startup that it doesn't know this "group").
For clarity, posttls-finger also starts with:
> posttls-finger: warning: ignoring unknown key exchange group "x25519_kyber768"
But here also, strace shows it is reading my openssl.cnf and linking the
oqs-provider.so module.
main.cf:
> tls_eecdh_auto_curves = x25519_kyber768 X25519 P-256 P-384
Geert
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
