[dnsdist] X25519MLKEM768 support in dnsdist?
Remi Gacogne
remi.gacogne at powerdns.com
Mon Jan 12 15:27:24 UTC 2026
Hi Marcos,
On 1/12/26 16:23, Marcos Theophylactou via dnsdist wrote:
> I tested my dnsdist instance using testssl <https://github.com/testssl/
> testssl.sh> and it reports that KEMs are offered (X25519MLKEM768). Using
> a EC 384 bits Lets Encrypt certificate. Haven't done sniffing to see
> whether the KEMs are actually used by clients though.
>
> FWIW, testssl also reports that dnsdist is offering Obsoleted CBC
> ciphers (AES, ARIA etc.)
Interesting, but note that DNSdist's default configuration doesn't
override OpenSSL's defaults (unless you are using the h2o DoH provider),
so it depends which version you are using (and in some cases the
defaults set by your distribution).
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20260112/1db6b949/attachment.sig>
More information about the dnsdist
mailing list