diff --git a/Cargo.lock b/Cargo.lock
index 3652b63..f5d0a0b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -572,6 +572,7 @@ dependencies = [
  "futures-util",
  "memchr",
  "regex",
+ "rustls-post-quantum",
  "sslrelay",
  "static_cell",
  "tokio",
@@ -856,6 +857,17 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "rustls-post-quantum"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0da3cd9229bac4fae1f589c8f875b3c891a058ddaa26eb3bde16b5e43dc174ce"
+dependencies = [
+ "aws-lc-rs",
+ "rustls",
+ "rustls-webpki",
+]
+
 [[package]]
 name = "rustls-webpki"
 version = "0.103.7"
diff --git a/Cargo.toml b/Cargo.toml
index f653e43..1cdac68 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,6 +11,7 @@ env_logger = "0.11.8"
 futures-util = "0.3.31"
 memchr = "2.7.6"
 regex = "1.12.2"
+rustls-post-quantum = { version = "0.2.4", features = ["aws-lc-rs-unstable"] }
 sslrelay = { path = "../sslrelay" }
 static_cell = "2.1.1"
 tlsh = { package = "fast-tlsh", version = "0.1.10", features = ["easy-functions"] }
diff --git a/src/main.rs b/src/main.rs
index 02d2b47..2c7a41e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -178,6 +178,15 @@ async fn main() {
 						"SECP384R1" => prov
 							.kx_groups
 							.push(tokio_rustls::rustls::crypto::aws_lc_rs::kx_group::SECP384R1),
+						"X25519MLKEM768" => prov.kx_groups.push(
+							tokio_rustls::rustls::crypto::aws_lc_rs::kx_group::X25519MLKEM768,
+						),
+						"SECP256R1MLKEM768" => prov.kx_groups.push(
+							tokio_rustls::rustls::crypto::aws_lc_rs::kx_group::SECP256R1MLKEM768,
+						),
+						"MLKEM768" => prov
+							.kx_groups
+							.push(tokio_rustls::rustls::crypto::aws_lc_rs::kx_group::MLKEM768),
 						other => {
 							println!("Unknown kex `{other}`")
 						}