On 07.04.26 14:29, Yves-Alexis Perez wrote: > On Tue, 2026-04-07 at 06:52 -0400, Paul Tagliamonte wrote: >>> This is supported since strongSwan 6.0.2 and OpenSSL 3.5.0. >>> Since trixie ships 6.0.1, enabling the ml plugin could be an option. >>> Another would be to backport the patch that added support for ML-KEM in >>> the openssl plugin [1], as trixie ships OpenSSL 3.5.5. > > Ah, now I actually remember seeing the release notes and thinking that I > didn't have to do anything - neat -. > > About hybridation, the French national cybersecurity agency published > (https://messervices.cyber.gouv.fr/documents-guides/transition_post_quantique_ipsec.pdf > in French only, sorry) a support document. It seems to indicate strongSwan > - already supports draft RFC 9370 for hybrid key-exchange but I'm not sure if > I need to enable something in the package > - doesn't have support for hybrid signature authentication because there's > simply no standard on it. > > Is that correct?
Yes, since 6.0.0, multiple key exchanges according to RFC 9370 may be configured. Any supported key exchange algorithm can be used for that and it doesn't require any special build options. However, to use ML-KEM, you additionally need a plugin that provides it. Before 6.0.2, the openssl plugin only supported it via AWS-LC, so the ml plugin could be built as it has no third-party dependencies. Alternatively, the patch that added support for ML-KEM via OpenSSL 3.5.0+ to the openssl plugin may be backported. Regarding the signatures, ML-DSA is currently not supported as the draft for IKEv2 is not yet fully stable and there are also some issues with third-party libraries (the ASN.1 encoding for private keys has changed and not all libraries support the proper encoding yet). There is a branch in our repository, and another for hybrid signature schemes, but not sure yet when those will be ready for release. >> I'll leave that up to corsac, both options there have some impugned >> work, I will say, a third option that would "scratch my itch" is to have >> a backport -- the package "as-is" in sid does backport cleanly -- >> less work than a full stable point release, it'll be around for users >> who need it fairly easily, and taget forky (as he mentioned in his last >> email he was shooting for) > >> Thank you very much, Tobias and corsac! appreciate you both! > > Yeah, I guess backporting might make sense here.I think the patch should > apply cleanly to 6.0.1. Regards, Tobias
