tls: support both of mlkem and kyber at server side

it is done by pq.cloudflare.com first.

src/net/ssl_server_socket.cpp

@@ -36,11 +36,17 @@ SSLServerSocket::SSLServerSocket(asio::io_context* io_context, asio::ip::tcp::so
     int ret = SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups));
     CHECK_EQ(ret, 1) << "SSL_set1_group_ids failure";
   } else if (absl::GetFlag(FLAGS_enable_post_quantum_kyber)) {
-    const uint16_t postquantum_group =
-        absl::GetFlag(FLAGS_use_ml_kem) ? SSL_GROUP_X25519_MLKEM768 : SSL_GROUP_X25519_KYBER768_DRAFT00;
-    const uint16_t kGroups[] = {postquantum_group, SSL_GROUP_X25519, SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1};
-    int ret = SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups));
-    CHECK_EQ(ret, 1) << "SSL_set1_group_ids failure";
+    if (absl::GetFlag(FLAGS_use_ml_kem)) {
+      const uint16_t kGroups[] = {SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_X25519,
+                                  SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1};
+      int ret = SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups));
+      CHECK_EQ(ret, 1) << "SSL_set1_group_ids failure";
+    } else {
+      const uint16_t kGroups[] = {SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_X25519, SSL_GROUP_SECP256R1,
+                                  SSL_GROUP_SECP384R1};
+      int ret = SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups));
+      CHECK_EQ(ret, 1) << "SSL_set1_group_ids failure";
+    }
   }
 }