[Pkg-swan-devel] Bug#1121988: strongswan: Please enable the ML-KEM plugin
Tobias Brunner
tobias at strongswan.org
Fri Dec 5 16:48:11 GMT 2025
Hi Tobias,
>>> According to the upstream documentation, strongSwan's
>>> OpenSSL plugin does not support ML-KEM (yet), even if the OpenSSL
>>> library present would do so.
>>
>> Which documentation are you referring to? The plugin supports ML-KEM
>> via OpenSSL 3.5+ since 6.0.2. Obviously, doesn't help if you use Debian
>> stable as that ships 6.0.1, but it's definitely supported upstream and
>> in Debian testing.
>
> I was referring to https://docs.strongswan.org/docs/latest/config/proposals.html#_post_quantum_key_exchange_methods,
> which currently states:
>
>> The openssl plugin currently only supports ML-KEM via AWS-LC, not via OpenSSL.
Ah, thanks. I've removed that note.
Regards,
Tobias
More information about the Pkg-swan-devel
mailing list