TLS defaults are outdated including missing X25519MLKEM768
4 views
Skip to first unread message
zandoodle (zandoodle)
Jun 4, 2026, 2:21:02 AM (5 days ago) Jun 4
to prosody-dev
Since version 5.7 of the server side TLS recommended configurations (https://wiki.mozilla.org/Security/Server_Side_TLS) there has been several changes including:
- Removal of the old profile
- Removal of DHE (not ECDHE) ciphers from the intermediate profile
- Addition of X25519MLKEM768 as a curve to both remaining profiles
Matthew Wild
Jun 4, 2026, 5:05:46 AM (5 days ago) Jun 4
to proso...@googlegroups.com
Hi,
On Thu, 4 Jun 2026 at 07:21, zandoodle (zandoodle)
<maxoscar...@gmail.com> wrote:
>
> Since version 5.7 of the server side TLS recommended configurations (https://wiki.mozilla.org/Security/Server_Side_TLS) there has been several changes including:
>
> Removal of the old profile
> Removal of DHE (not ECDHE) ciphers from the intermediate profile
> Addition of X25519MLKEM768 as a curve to both remaining profiles
Thanks, yes. The TLS profiles will certainly be updated in the next
major release (you can see our current candidate patch at
https://hg.prosody.im/timber/rev/b0ad022b69c5 ).
We considered whether to make this change in one of the recent minor
releases on the 13.0 branch, but we didn't want to introduce potential
client connectivity disruption in a security release, as this could
deter people from updating.
However this also prompted further discussion about potentially
versioning the TLS profiles. Originally we had expected that Mozilla
would introduce new profiles as e.g. "modern" and shift the old
"modern" to become the new "intermediate". However they haven't done
this, and instead completely revised each profile.
Maybe we include tls_profile_version = "5.7", etc. and track it that
way. If we do this, we'll make the mechanism and new profiles
available in 13.0.
Regards,
Matthew
On Thu, 4 Jun 2026 at 07:21, zandoodle (zandoodle)
<maxoscar...@gmail.com> wrote:
>
> Since version 5.7 of the server side TLS recommended configurations (https://wiki.mozilla.org/Security/Server_Side_TLS) there has been several changes including:
>
> Removal of the old profile
> Removal of DHE (not ECDHE) ciphers from the intermediate profile
> Addition of X25519MLKEM768 as a curve to both remaining profiles
major release (you can see our current candidate patch at
https://hg.prosody.im/timber/rev/b0ad022b69c5 ).
We considered whether to make this change in one of the recent minor
releases on the 13.0 branch, but we didn't want to introduce potential
client connectivity disruption in a security release, as this could
deter people from updating.
However this also prompted further discussion about potentially
versioning the TLS profiles. Originally we had expected that Mozilla
would introduce new profiles as e.g. "modern" and shift the old
"modern" to become the new "intermediate". However they haven't done
this, and instead completely revised each profile.
Maybe we include tls_profile_version = "5.7", etc. and track it that
way. If we do this, we'll make the mechanism and new profiles
available in 13.0.
Regards,
Matthew
Reply all
Reply to author
Forward
0 new messages