Satellite should fully support Post-Quantum Cryptography. The requirement comes from CNSA 2.0, Commercial National Security Algorithm Suite 2.0. It's a document by the NSA to use PQC by the end of 2025.

For RHEL 10.1 the crypto-policy will by default support PQC, RHEL 9.7 users can opt into PQC by switching to the DEFAULT:PQ policy.

The first phase is to support just PQC key exchanges. With all the work that has been put into using PROFILE=SYSTEM on all services this should work out of the box, but must be verified.

The second phase is to use PQC certificates. Supporting ML-DSA certificates besides RSA will require changes throughout the stack.