From stefan.winter at restena.lu  Mon Feb 16 10:08:15 2026
From: stefan.winter at restena.lu (Stefan Winter)
Date: Mon, 16 Feb 2026 11:08:15 +0100
Subject: [Pkg-swan-devel] Bug#803787: 2026 Status of this bug?
References: <20151102193606.GA12681@localhost>
Message-ID: <f992fe14-5b0d-429d-97e6-c763f4cab4cb@restena.lu>

Hello,


I see the last update to this bug was in 2020. A lot of things happened 
regarding PQC in that time, including the finalised standardisation of 
ML-KEM.

The strongswan Android app already supports ML-KEM and strongswan 6 
server itself also does in principle, with a simple flag ( ?--enable-ml 
 ????????????enable Module-Lattice-based crypto (ML-KEM) plugin.
)

With client and server having the same algorithm suite configured, they 
agree, but then:

charon: 14[IKE] negotiated key exchange method ML_KEM_768?not supported

Since the client sends the corresponding proposal, it looks very much 
like the server lacks compiled-in support for ML-KEM.

Is there still a reason in 2026 not to include PQC support?


Greetings,


Stefan Winter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-swan-devel/attachments/20260216/ddd6cd88/attachment.htm>

From tobias at strongswan.org  Mon Feb 16 11:14:30 2026
From: tobias at strongswan.org (Tobias Brunner)
Date: Mon, 16 Feb 2026 12:14:30 +0100
Subject: [Pkg-swan-devel] Bug#803787: 2026 Status of this bug?
In-Reply-To: <f992fe14-5b0d-429d-97e6-c763f4cab4cb@restena.lu>
References: <20151102193606.GA12681@localhost>
 <f992fe14-5b0d-429d-97e6-c763f4cab4cb@restena.lu>
 <20151102193606.GA12681@localhost>
Message-ID: <f850a3b6-6d9e-4c4f-94b0-bc612f71fd55@strongswan.org>

Hi Stefan,
> I see the last update to this bug was in 2020. A lot of things happened
> regarding PQC in that time, including the finalised standardisation of
> ML-KEM.
> 
> The strongswan Android app already supports ML-KEM and strongswan 6
> server itself also does in principle, with a simple flag (???--enable-ml
> ????????????enable Module-Lattice-based crypto (ML-KEM) plugin.
> )
> 
> With client and server having the same algorithm suite configured, they
> agree, but then:
> 
> charon: 14[IKE] negotiated key exchange method ML_KEM_768?not supported
> 
> Since the client sends the corresponding proposal, it looks very much
> like the server lacks compiled-in support for ML-KEM.
> 
> Is there still a reason in 2026 not to include PQC support?

Please refer to Bug#1121988 [1].

Regards,
Tobias

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121988