[Pkg-swan-devel] Bug#1121988: strongswan: Please enable the ML-KEM plugin
Tobias Westerhever
tobias.westerhever at skyline.link38.eu
Fri Dec 5 16:33:00 GMT 2025
Hello Tobias,
and thank you for your fast response.
>> According to the upstream documentation, strongSwan's
>> OpenSSL plugin does not support ML-KEM (yet), even if the OpenSSL
>> library present would do so.
>
> Which documentation are you referring to? The plugin supports ML-KEM
> via OpenSSL 3.5+ since 6.0.2. Obviously, doesn't help if you use Debian
> stable as that ships 6.0.1, but it's definitely supported upstream and
> in Debian testing.
I was referring to https://docs.strongswan.org/docs/latest/config/proposals.html#_post_quantum_key_exchange_methods,
which currently states:
> The openssl plugin currently only supports ML-KEM via AWS-LC, not via OpenSSL.
Best regards,
Tobias
More information about the Pkg-swan-devel
mailing list