aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

postfix/dovecot: support SecP256r1MLKME768 key exchange

Browse Source 
Added support means we allow it, but for now we don't prefer it, since it
has not seen much use yet. For Postfix that means it lands below the two
groups that already send a key share and save us a roundtrip.

https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html
This commit is contained in:
Martin Weinelt
2026-04-25 15:29:06 +02:00
parent 7909eabac2
commit ecbe707330
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mail-server/dovecot.nix
+1
View File
@@ -312,6 +312,7 @@ in
ssl_curve_list = lib.concatStringsSep ":" [ ssl_curve_list = lib.concatStringsSep ":" [
"X25519MLKEM768" "X25519MLKEM768"
"X25519" "X25519"
"SecP256r1MLKEM768"
"prime256v1" "prime256v1"
"secp384r1" "secp384r1"
]; ];
mail-server/postfix.nix
+1
View File
@@ -436,6 +436,7 @@ in
Groups = mkGroupString [ Groups = mkGroupString [
[ "*X25519MLKEM768" ] [ "*X25519MLKEM768" ]
[ "*X25519" ] [ "*X25519" ]
[ "SecP256r1MLKEM768" ]
[ [
"P-256" "P-256"
"P-384" "P-384"