diff --git a/src/libstrongswan/crypto/key_exchange.c b/src/libstrongswan/crypto/key_exchange.c
index 74107cec4d..cbf01d2811 100644
--- a/src/libstrongswan/crypto/key_exchange.c
+++ b/src/libstrongswan/crypto/key_exchange.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2010-2020 Tobias Brunner
+ * Copyright (C) 2016-2024 Andreas Steffen
+ * Copyright (C) 2010-2024 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  *
@@ -36,7 +37,7 @@ ENUM_NEXT(key_exchange_method_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
 	"ECP_256",
 	"ECP_384",
 	"ECP_521");
-ENUM_NEXT(key_exchange_method_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
+ENUM_NEXT(key_exchange_method_names, MODP_1024_160, ML_KEM_1024, ECP_521_BIT,
 	"MODP_1024_160",
 	"MODP_2048_224",
 	"MODP_2048_256",
@@ -47,8 +48,13 @@ ENUM_NEXT(key_exchange_method_names, MODP_1024_160, CURVE_448, ECP_521_BIT,
 	"ECP_384_BP",
 	"ECP_512_BP",
 	"CURVE_25519",
-	"CURVE_448");
-ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, CURVE_448,
+	"CURVE_448",
+	"GOST3410_256",
+	"GOST3410_512",
+	"ML_KEM_512",
+	"ML_KEM_768",
+	"ML_KEM_1024");
+ENUM_NEXT(key_exchange_method_names, MODP_NULL, MODP_NULL, ML_KEM_1024,
 	"MODP_NULL");
 ENUM_NEXT(key_exchange_method_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
 	"NTRU_112",
@@ -76,7 +82,7 @@ ENUM_NEXT(key_exchange_method_names_short, MODP_2048_BIT, ECP_521_BIT, MODP_1536
 	"ecp256",
 	"ecp384",
 	"ecp521");
-ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT,
+ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, ML_KEM_1024, ECP_521_BIT,
 	"modp1024s160",
 	"modp2048s224",
 	"modp2048s256",
@@ -87,8 +93,13 @@ ENUM_NEXT(key_exchange_method_names_short, MODP_1024_160, CURVE_448, ECP_521_BIT
 	"ecp384bp",
 	"ecp512bp",
 	"curve25519",
-	"curve448");
-ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, CURVE_448,
+	"curve448",
+	"gost256",
+	"gost512",
+	"mlkem512",
+	"mlkem768",
+	"mlkem1024");
+ENUM_NEXT(key_exchange_method_names_short, MODP_NULL, MODP_NULL, ML_KEM_1024,
 	"modpnull");
 ENUM_NEXT(key_exchange_method_names_short, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
 	"ntru112",
@@ -610,6 +621,24 @@ bool key_exchange_is_ecdh(key_exchange_method_t ke)
 		case ECP_512_BP:
 		case CURVE_25519:
 		case CURVE_448:
+		case GOST3410_256:
+		case GOST3410_512:
+			return TRUE;
+		default:
+			return FALSE;
+	}
+}
+
+/*
+ * Described in header
+ */
+bool key_exchange_is_kem(key_exchange_method_t ke)
+{
+	switch (ke)
+	{
+		case ML_KEM_512:
+		case ML_KEM_768:
+		case ML_KEM_1024:
 			return TRUE;
 		default:
 			return FALSE;
@@ -670,11 +699,20 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
 		case CURVE_448:
 			valid = value.len == 56;
 			break;
+		case GOST3410_256:
+			valid = value.len == 64;
+			break;
+		case GOST3410_512:
+			valid = value.len == 128;
+			break;
 		case NTRU_112_BIT:
 		case NTRU_128_BIT:
 		case NTRU_192_BIT:
 		case NTRU_256_BIT:
 		case NH_128_BIT:
+		case ML_KEM_512:
+		case ML_KEM_768:
+		case ML_KEM_1024:
 			/* verification currently not supported, do in plugin */
 			valid = FALSE;
 			break;
diff --git a/src/libstrongswan/crypto/key_exchange.h b/src/libstrongswan/crypto/key_exchange.h
index 4aa4e264b2..5efbb9ac3c 100644
--- a/src/libstrongswan/crypto/key_exchange.h
+++ b/src/libstrongswan/crypto/key_exchange.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2010-2020 Tobias Brunner
+ * Copyright (C) 2016-2024 Andreas Steffen
+ * Copyright (C) 2010-2024 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  *
@@ -40,6 +41,8 @@ typedef struct diffie_hellman_params_t diffie_hellman_params_t;
  * ECP groups are defined in RFC 4753 and RFC 5114.
  * ECC Brainpool groups are defined in RFC 6954.
  * Curve25519 and Curve448 groups are defined in RFC 8031.
+ * GOST R 34.10-2012 groups are defined in RFC 9385.
+ * ML-KEM methods are defined in draft-ipsecme-ml-kem-ikev2.
  */
 enum key_exchange_method_t {
 	KE_NONE       =  0,
@@ -65,18 +68,23 @@ enum key_exchange_method_t {
 	ECP_512_BP    = 30,
 	CURVE_25519   = 31,
 	CURVE_448     = 32,
+	GOST3410_256  = 33,
+	GOST3410_512  = 34,
+	ML_KEM_512    = 35,
+	ML_KEM_768    = 36,
+	ML_KEM_1024   = 37,
 	/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
-	MODP_NULL = 1024,
-	/** MODP group with custom generator/prime */
+	MODP_NULL     = 1024,
 	/** Parameters defined by IEEE 1363.1, in PRIVATE USE */
-	NTRU_112_BIT = 1030,
-	NTRU_128_BIT = 1031,
-	NTRU_192_BIT = 1032,
-	NTRU_256_BIT = 1033,
-	NH_128_BIT   = 1040,
+	NTRU_112_BIT  = 1030,
+	NTRU_128_BIT  = 1031,
+	NTRU_192_BIT  = 1032,
+	NTRU_256_BIT  = 1033,
+	NH_128_BIT    = 1040,
+	/** MODP group with custom generator/prime */
 	/** internally used DH group with additional parameters g and p, outside
 	 * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
-	MODP_CUSTOM = 65536,
+	MODP_CUSTOM   = 65536,
 };
 
 /**
@@ -104,7 +112,7 @@ struct key_exchange_t {
 		__attribute__((warn_unused_result));
 
 	/**
-	 * Sets the public key from the peer.
+	 * Sets the public key received from the peer.
 	 *
 	 * @note This operation should be relatively quick. Costly public key
 	 * validation operations or key derivation should be implemented in
@@ -206,6 +214,13 @@ diffie_hellman_params_t *diffie_hellman_get_params(key_exchange_method_t ke);
  */
 bool key_exchange_is_ecdh(key_exchange_method_t ke);
 
+/**
+ * Check if the key exchange method is a Key Encapsulation Mechanism (KEM).
+ *
+ * @return				TRUE if KEM used
+ */
+bool key_exchange_is_kem(key_exchange_method_t ke);
+
 /**
  * Check if a public key is valid for given key exchange method.
  *
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index 8456fe4ea0..4365b37a3b 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -176,6 +176,11 @@ curve25519,       KEY_EXCHANGE_METHOD, CURVE_25519,                0
 x25519,           KEY_EXCHANGE_METHOD, CURVE_25519,                0
 curve448,         KEY_EXCHANGE_METHOD, CURVE_448,                  0
 x448,             KEY_EXCHANGE_METHOD, CURVE_448,                  0
+gost256,          KEY_EXCHANGE_METHOD, GOST3410_256,               0
+gost512,          KEY_EXCHANGE_METHOD, GOST3410_512,               0
+mlkem512,         KEY_EXCHANGE_METHOD, ML_KEM_512,                 0
+mlkem768,         KEY_EXCHANGE_METHOD, ML_KEM_768,                 0
+mlkem1024,        KEY_EXCHANGE_METHOD, ML_KEM_1024,                0
 ntru112,          KEY_EXCHANGE_METHOD, NTRU_112_BIT,               0
 ntru128,          KEY_EXCHANGE_METHOD, NTRU_128_BIT,               0
 ntru192,          KEY_EXCHANGE_METHOD, NTRU_192_BIT,               0