DKIM issue with ed25519 selector

One of our customers is encountering the following DKIM issue. Emails from two suppliers are consistently being quarantined due to DKIM verification. The selectors are as follows:

s=strato-dkim-0003 c=relaxed/relaxed a=ed25519-sha256 b=512
s=strato-dkim-0002 c=relaxed/relaxed a=rsa-sha256 b=2048

On the selector "strato-dkim-0003," the XG firewall reports a "fail," and the email is quarantined (presumably because of the message: "Sophos Firewall quarantines DKIM-signed emails that use RSA SHA-1 or have key length less than 1024 or more than 2048 bits.").

However, shouldn't the XG firewall fall back to the "strato-dkim-0002" selector, which is accepted?

The customer is experiencing this issue with two suppliers who both use the same provider. For now, I have implemented a workaround by excluding the mail servers of the provider from DKIM checks, but I don't consider this a proper solution.

The version is: XG310 (SFOS 19.5.3 MR-3-Build652)

Added TAGs
[edited by: Erick Jan at 9:59 AM (GMT -7) on 28 Sep 2023]