Hi Tobias, >>> According to the upstream documentation, strongSwan's >>> OpenSSL plugin does not support ML-KEM (yet), even if the OpenSSL >>> library present would do so. >> >> Which documentation are you referring to? The plugin supports ML-KEM >> via OpenSSL 3.5+ since 6.0.2. Obviously, doesn't help if you use Debian >> stable as that ships 6.0.1, but it's definitely supported upstream and >> in Debian testing. > > I was referring to > https://docs.strongswan.org/docs/latest/config/proposals.html#_post_quantum_key_exchange_methods, > which currently states: > >> The openssl plugin currently only supports ML-KEM via AWS-LC, not via >> OpenSSL.
Ah, thanks. I've removed that note. Regards, Tobias
