[dnsdist] X25519MLKEM768 support in dnsdist?
Remi Gacogne
remi.gacogne at powerdns.com
Mon Jan 12 14:17:31 UTC 2026
Hi Christoph,
On 1/10/26 00:42, Christoph via dnsdist wrote:
> someone reached out to us and asked whether we could support
> post-quantum safe TLS 1.3 options on our public resolvers.
>
> Since most browsers have support for X25519MLKEM768
> https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-
> support/
> and openssl 3.5 in debian stable supports it,
> I was wondering how to enable it in dnsdist
> but I didn't find any parameter in addDOHLocal()
> to configure ECDHE curves?
> https://www.dnsdist.org/reference/config.html#addDOHLocal
>
> Is this currently supported?
I don't think we have any way to configure this today, no. I opened an
issue [1] on our bug tracker. If it's as easy as it seems to be I would
be ready to backport this change to 2.0.x.
[1]: https://github.com/PowerDNS/pdns/issues/16715
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20260112/678879bb/attachment.sig>
More information about the dnsdist
mailing list