fixed -1 6.0.2-1 thanksApologies for the noise! I've marked this bug as fixed by 6.0.2-1 - happy to have this bug be -done'd if things are tidy, depending on your intent, corsac.
More words below: On Tue, Apr 07, 2026 at 02:29:18PM +0200, Yves-Alexis Perez wrote:
Ah, now I actually remember seeing the release notes and thinking that I didn't have to do anything - neat -.
Sure enough! From a sid system, running the package in sid: ``` $ swanctl --list-algs | grep ML ML_KEM_512[openssl] ML_KEM_768[openssl] ML_KEM_1024[openssl] ```Well, there it is! ML-KEM is already good on strongSwan 0.6.2+ -- my fault. I saw stable had the same major/minor and didn't bother checking to see what state sid was in after doing a search for libstrongswan-ml.so. I should have tried it out in side.
This means, as Tobias points out, that my rebuild worked not because of my patch, but merely due to the build of current strongSwan on stable.
It also means this attached patch should likely _not_ be applied in sid. It gets us nothing. Thank you very much, Tobias.
About hybridation, the French national cybersecurity agency published (https://messervices.cyber.gouv.fr/documents-guides/transition_post_quantique_ipsec.pdf in French only, sorry) a support document. It seems to indicate strongSwan - - already supports draft RFC 9370 for hybrid key-exchange but I'm not sure if I need to enable something in the package - - doesn't have support for hybrid signature authentication because there's simply no standard on it.
Yeah. It's been pretty tough RFC-wise for IPSec + PQC for a while. I think OpenBSD iked landed sntrup761x25519 recently (mostly pulled from OpenSSH's implementation, I was told), which is also not formalized
in an RFC AFAIK[citation needed].
Yeah, I guess backporting might make sense here.
My server(s) that are running IPSec are stable, so I am still interested in this change for stable, but I don't want to do anything at your expense. I'm content to put this in a local repo for myself, but it would make me feel good to help update this for others too.
I'd be happy to send backports to stable-backports if you're OK with it -- I can offer to help maintain it for the rest of stable's lifetime and
any related noise (bug triage for stable-backport bugs, etc).I'd also be happy to talk with you and the RT if I can be any help and there's interest in a stable update. I realize this is likely the most work if they're not interested in sid's source going to stable, since if my attached patch doesn't work as-is on stable sources, I think (as was indicated on an older bug), we may need to, as Tobias says, cherry-pick the ML-KEM OpenSSL patchset and apply that, which seems ... touchy.
fondly, paultag -- ⢀⣴⠾⠻⢶⣦⠀ Paul Tagliamonte <paultag> ⣾⠁⢠⠒⠀⣿⡁ https://people.debian.org/~paultag | https://pault.ag/ ⢿⡄⠘⠷⠚⠋ Debian, the universal operating system. ⠈⠳⣄⠀⠀ 4096R / FEF2 EB20 16E6 A856 B98C E820 2DCD 6B5D E858 ADF3
signature.asc
Description: PGP signature
