[dnsdist] X25519MLKEM768 support in dnsdist?
Christoph
cm at appliedprivacy.net
Fri Jan 9 23:42:52 UTC 2026
Hi,
someone reached out to us and asked whether we could support
post-quantum safe TLS 1.3 options on our public resolvers.
Since most browsers have support for X25519MLKEM768
https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-support/
and openssl 3.5 in debian stable supports it,
I was wondering how to enable it in dnsdist
but I didn't find any parameter in addDOHLocal()
to configure ECDHE curves?
https://www.dnsdist.org/reference/config.html#addDOHLocal
Is this currently supported?
example config from nginx:
ssl_ecdh_curve X25519MLKEM768;
best regards,
Christoph
More information about the dnsdist
mailing list