Hi Paul, > I've been slowly working to replace algorithms I rely on with PQC > resistant algorithms. strongSwan 6.0.0 contained optional ML-KEM > support, which we didn't enable (likely because it's an obscure looking > flag). > > I've patched strongSwan to build the ml plugin, which I added to > libstrongswan-extra-plugins, as is our convention. Attached is a > debdiff. > > I've built this on trixie and sid, and have tested[1] this for my personal > site-to-site VPN configuration. It looks good so far - from -list-sas: > > ``` > AES_GCM_16-256/PRF_HMAC_SHA2_384/ECP_384/KE1_ML_KEM_1024 > established 296s ago, rekeying in 12729s > ``` > > And the output of list-algs: > > ``` > $ swanctl --list-algs | grep -i KEM > ML_KEM_512[openssl] > ML_KEM_768[openssl] > ML_KEM_1024[openssl] > ```
I assume this is the output with sid as it clearly shows the ml plugin is not necessary because ML-KEM is provided by the openssl plugin via OpenSSL. This is supported since strongSwan 6.0.2 and OpenSSL 3.5.0. Since trixie ships 6.0.1, enabling the ml plugin could be an option. Another would be to backport the patch that added support for ML-KEM in the openssl plugin [1], as trixie ships OpenSSL 3.5.5. Regards, Tobias [1] https://github.com/strongswan/strongswan/commit/b914333ab4fdbef0c1ff251fb481ebbcc34e31b2
