Tests against test.openquantumsafe.org fail for x25519/Kyber

[randombit]

Everything works fine for pure Kyber and the NIST+Kyber hybrids, but fails with a handshake failure for X25519+Kyber

Cloudflare's X25519+Kyber seems ok testing against cloudflare.com

fyi @reneme - we should probably address this or else disable OQS X25519+Kyber before shipping 3.2.

[reneme]

I can reproduce this. Wrote a new test (#3732) in test_cli.py to automate the checks against OQS, Cloudflare and IBM (behind a new --run-online-tests switch). Now looking into it.

[reneme]

The problem is that test.openquantumsafe.org on port 443 doesn't support x25519+Kyber. If you try it with the following policy and CLI invocation the handshake succeeds.

allow_tls13 = true
allow_tls12 = false
key_exchange_groups = x25519/Kyber-768-r3

./botan tls_client --debug --policy=pqt.txt --port=6041 test.openquantumsafe.org

Nevertheless, I found some minor issues with the Group_Param allocation that I'll address in a follow-up (#3733).