diff --git a/crypto-policies.spec b/crypto-policies.spec
index 4ec4d5e..9260114 100644
--- a/crypto-policies.spec
+++ b/crypto-policies.spec
@@ -1,5 +1,5 @@
-%global git_date 20241105
-%global git_commit 978ac269655ae739f577a8fc78e6b672c78524f8
+%global git_date 20241106
+%global git_commit 1bdaba3df8bd2d98367958fd2b1b5c8eee8bb1ee
 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
 
 %global _python_bytecompile_extra 0
@@ -30,10 +30,10 @@ BuildRequires: make
 BuildRequires: systemd-rpm-macros
 
 Conflicts: openssl-libs < 1:3.2
-Conflicts: nss < 3.101
+Conflicts: nss < 3.101.0-9
 Conflicts: libreswan < 4.12
 Conflicts: openssh < 9.9p1
-Conflicts: gnutls < 3.8.5
+Conflicts: gnutls < 3.8.8
 
 %description
 This package provides pre-built configuration files with
@@ -82,6 +82,12 @@ sed -i "s/'NSS_NO_TLS_REQUIRE_EMS', '0'/'NSS_NO_TLS_REQUIRE_EMS', '1'/" \
 sed -i "s/:TLS-REQUIRE-EMS:/:/" tests/outputs/*FIPS*.txt
 %endif
 
+%if 0%{?rhel} == 11
+# currently ELN NSS doesn't support mlkem768secp256r1
+sed -i '/P256-MLKEM768/d' python/policygenerators/nss.py
+sed -i "s/:mlkem768secp256r1:/:/" tests/outputs/*:TEST-PQ-nss.txt
+%endif
+
 %make_build
 
 %install
@@ -251,6 +257,10 @@ exit 0
 
 
 %changelog
+* Wed Nov 06 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241106-1.git1bdaba3
+- gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
+- nss: add mlkem768x25519 and mlkem768secp256r1
+
 * Tue Nov 05 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241105-1.git978ac26
 - gnutls: `allow-rsa-pkcs1-encrypt = false` everywhere but in LEGACY
 
diff --git a/sources b/sources
index 9bcbf39..ade6231 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (crypto-policies-git978ac26.tar.gz) = 23eb51a863a5b750e5ee724d4d8bd998b1ac2c90b378297bcb7f94cf278023833f95f8e36335807cbd66198e18ced3236e38fa8f60972a2dc44690b50fe37546
+SHA512 (crypto-policies-git1bdaba3.tar.gz) = f9b722338f69cb6a0712938ea2ba80592a0a74803ce3430d64dbe30643dc9d0360522ad9c248efa8c335a8c2a8df7e0776e68e1f6eb5a229371e64c0635b5437