libnbd & nbdkit use gnutls for supporting NBD over TLS. It is likely that they don't support Post-Quantum Cryptography (PQC) algorithms and certificates, since there are some known bugs in gnutls, and maybe the packages themselves have to be fixed.

This bug is a placeholder to look into this for nbdkit when gnutls is fixed. It may be that this package itself needs further fixes, and most likely that we will need to add new regression tests upstream.

—

To test an NBD over TLS connection, you will need to create some certificates. An easy way to do this is to simply compile libnbd or nbdkit from source, and during testing a directory of certificates gets created under tests/pki:

$ ls tests/pki/
ca-cert.pem  ca-key.pem       client.info     server-cert.pem  server-key.pem
ca.info      client-cert.pem  client-key.pem  server.info

Once you have a directory containing these certificates you can simply run this command to test both libnbd & nbdkit at the same time. A lot of debug output will be printed, including details of the algorithms used.

nbdkit -v -p 10809 \
         --tls=require --tls-certificates=$HOME/d/nbdkit/tests/pki \
         -D nbdkit.tls.log=4 -D nbdkit.tls.session=1 \
         null 1k \
         --run 'LIBNBD_DEBUG=1 nbdinfo "$uri"'