[gnutls-devel] GnuTLS | gnutls server negotiates X25519 instead of X25519MLKEM768 unless FFDHE also configured (#1828)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Mar 25 19:40:18 CET 2026 


Glenn Strauss created an issue: https://gitlab.com/gnutls/gnutls/-/work_items/1828



gnutls server negotiates X25519 instead of X25519MLKEM768 unless FFDHE also configured in priority string

Test client:
`$ openssl s_client -connect 127.0.0.1:443 2>&1 | grep -i x25519`

With priority string:<br>
`"NORMAL:-GROUP-ALL:+GROUP-X25519-MLKEM768:+GROUP-X25519"`<br>
the test client result is
`Peer Temp Key: X25519, 253 bits`

With priority string:<br>
`"NORMAL:-GROUP-ALL:+GROUP-X25519-MLKEM768:+GROUP-X25519:+GROUP-FFDHE2048"`<br>
the test client result is
`Negotiated TLS1.3 group: X25519MLKEM768`

The expected result for both cases is `Negotiated TLS1.3 group: X25519MLKEM768`

System: Fedora 43<br>
GnuTLS: gnutls 3.8.12

This issue was originally reported 9 months ago as part of https://gitlab.com/gnutls/gnutls/-/work_items/1713 but I believe this issue is worth filing separately.

I am a lighttpd developer.  In the upcoming release of lighttpd 1.4.83, lighttpd mod_gnutls default priority string includes `"-GROUP-ALL:+GROUP-X25519-MLKEM768:+GROUP-X25519:P-256:P-384:X448"` and a TLS connection uses X25519 instead of X25519MLKEM768 for the key exchange.  That is not what is intended for clients supporting PQC hybrid KEM.

The behavior with GnuTLS is different than with other TLS libraries.  With other TLS libraries using an equivalent OpenSSL syntax like `"X25519MLKEM768:X25519:P-256:P-384:X448"`, the upcoming lighttpd 1.4.83 properly negotiates X25519MLKEM768 with the client.  These other TLS libraries include OpenSSL, BoringSSL, AWS-LC, NSS, WolfSSL.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1828
You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-6tyivvvdl2jwrixax9coi34ea/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260325/a8100966/attachment-0001.html>

More information about the Gnutls-devel mailing list