On Fri, Dec 27, 2024 at 09:19:12AM -0500, Michael Denney via mailop wrote:
> I need to go make my coffee before I keep responding so I can boot my
> brain up fully.
While you're making coffee, as a brief respite from contemplating the
pain inflicted on SOHO email operators by the TBTF email providers, I
can confirm that GMail supports interoperable hybrid post-quantum TLS
(X25519MLKEM768) on their MX hosts:
Dec 27 22:42:55 amnesiac postfix/smtp[3037377]:
Untrusted TLS connection established to
aspmx.l.google.com[64.233.170.26]:25:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519MLKEM768
server-signature ECDSA (prime256v1)
server-digest SHA256
The client-side TLS stack is the bleeding edge, still under review to be
merged into feature/ml-kem branch, to later undergo another review to be
merged into the master branch, ... X25519 + ML-KEM hybrid for OpenSSL,
expected to be part of the upcoming OpenSSL 3.5.
Other than Google's MX's and two Postfix machines I operate, I am not
yet aware of any others that support PQ TLS.
--
Viktor.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
