On Tue, Mar 03, 2026 at 01:26:24PM -0500, Jan Schaumann wrote:
> > On the Web, yes. On the Internet as a whole? I’m not so sure.
>
> Yeah. For example, only about 0.26% of mail servers
> (of the Top 1M Domains) support PQC for STARTTLS as of
> January 2026.
The top 1M "domains" are of course the top 1M websites, and so not a
representative sample of email-receving domains (or associated SMTP
servers). Two things to note.
- The vast majority of SMTP servers (by number of servers, not
domains or users) run Postfix or Exim, with OpenSSL (or also
sometimes GnuTLS in the case of Exim) as the TLS stack.
- Hybrid ML-KEM in OpenSSL (3.5) is barely a year old, OS updates
take some time.
- The Postfix default TLS supported group configuration changes to
essentially the underlying OpenSSL default (therefore including
hybrid X25519 + ML-KEM) in version 3.11.0, which will be released
likely this week.
Therefore, it is far from surprising that ML-KEM in SMTP is
comparatively rare *this* year. Though, already the operators of
"exim.org" have made the necessary upgrades:
$ posttls-finger -c -Lsummary exim.org
posttls-finger: Verified TLS connection established
to cumin.exim.org[2a00:11c0:5f:34c1::2]:25:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519MLKEM768
server-signature RSA-PSS (4096 bits)
server-digest SHA256
> Of the big ones, it's Google and Yahoo, but none of
> the other major mail providers.
>
> https://www.netmeister.org/blog/smtp-pqc.html
Things should look noticeably different circa 2028.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
