-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, 2026-04-07 at 06:52 -0400, Paul Tagliamonte wrote: > > This is supported since strongSwan 6.0.2 and OpenSSL 3.5.0. > > Since trixie ships 6.0.1, enabling the ml plugin could be an option. > > Another would be to backport the patch that added support for ML-KEM in > > the openssl plugin [1], as trixie ships OpenSSL 3.5.5.
Ah, now I actually remember seeing the release notes and thinking that I didn't have to do anything - neat -. About hybridation, the French national cybersecurity agency published (https://messervices.cyber.gouv.fr/documents-guides/transition_post_quantique_ipsec.pdf in French only, sorry) a support document. It seems to indicate strongSwan - - already supports draft RFC 9370 for hybrid key-exchange but I'm not sure if I need to enable something in the package - - doesn't have support for hybrid signature authentication because there's simply no standard on it. Is that correct? > > I'll leave that up to corsac, both options there have some impugned > work, I will say, a third option that would "scratch my itch" is to have > a backport -- the package "as-is" in sid does backport cleanly -- > less work than a full stable point release, it'll be around for users > who need it fairly easily, and taget forky (as he mentioned in his last > email he was shooting for) > > Thank you very much, Tobias and corsac! appreciate you both! Yeah, I guess backporting might make sense here. Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmnU+J4ACgkQ3rYcyPpX RFvb5Af+MbxOrvhrVpV9T9csGbcCgQHakV2icYDcOCtZVUtbjJObIAA8HZHwg4zL b3UgN07Zb79nFgiRfB07+CfeqdS2g+N68onPbSvanxUh3rIeABOh2s7Kl+5+/TSc 1+ag0TYvZ+avuAjS7UhAYWK3eAtSYbLAS32bgGnKc+NA/8VyvdQAvEHk9/MIX2Q2 e76zh9IxcBw1DZXKyvg0FLk6AmaxqrxfUlbUw6i1WT+4HkAIynZ4AcsK/zLX3Jqq 64MCr+5L+VIvQDEKEKPHcVv4BTOb7jR3W+Yab8BQJWBpNf5BKfkCHiwnCcjTwqTC FQJLLzxW94cGaN6mqouhnIAky88E6Q== =ERwT -----END PGP SIGNATURE-----
