diff --git a/neqo-crypto/min_version.txt b/neqo-crypto/min_version.txt
index eaa18a6df7..d6d4e5562c 100644
--- a/neqo-crypto/min_version.txt
+++ b/neqo-crypto/min_version.txt
@@ -1 +1 @@
-3.103
+3.105
diff --git a/neqo-crypto/src/constants.rs b/neqo-crypto/src/constants.rs
index daef3d3c56..93228f8e14 100644
--- a/neqo-crypto/src/constants.rs
+++ b/neqo-crypto/src/constants.rs
@@ -63,6 +63,7 @@ remap_enum! {
         TLS_GRP_EC_SECP521R1 = ssl_grp_ec_secp521r1,
         TLS_GRP_EC_X25519 = ssl_grp_ec_curve25519,
         TLS_GRP_KEM_XYBER768D00 = ssl_grp_kem_xyber768d00,
+        TLS_GRP_KEM_MLKEM768X25519 = ssl_grp_kem_mlkem768x25519,
     }
 }
 
diff --git a/neqo-crypto/src/lib.rs b/neqo-crypto/src/lib.rs
index be57ee6d21..1816440d63 100644
--- a/neqo-crypto/src/lib.rs
+++ b/neqo-crypto/src/lib.rs
@@ -146,13 +146,6 @@ fn init_once(db: Option<PathBuf>) -> Res<NssLoaded> {
     };
 
     secstatus_to_res(unsafe { nss::NSS_SetDomesticPolicy() })?;
-    secstatus_to_res(unsafe {
-        p11::NSS_SetAlgorithmPolicy(
-            p11::SECOidTag::SEC_OID_XYBER768D00,
-            p11::NSS_USE_ALG_IN_SSL_KX,
-            0,
-        )
-    })?;
 
     #[cfg(debug_assertions)]
     enable_ssl_trace()?;
diff --git a/neqo-transport/src/crypto.rs b/neqo-transport/src/crypto.rs
index 3a6d890cde..d20e8e9bbb 100644
--- a/neqo-transport/src/crypto.rs
+++ b/neqo-transport/src/crypto.rs
@@ -21,7 +21,7 @@ use neqo_crypto::{
     TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_CT_HANDSHAKE,
     TLS_EPOCH_APPLICATION_DATA, TLS_EPOCH_HANDSHAKE, TLS_EPOCH_INITIAL, TLS_EPOCH_ZERO_RTT,
     TLS_GRP_EC_SECP256R1, TLS_GRP_EC_SECP384R1, TLS_GRP_EC_SECP521R1, TLS_GRP_EC_X25519,
-    TLS_GRP_KEM_XYBER768D00, TLS_VERSION_1_3,
+    TLS_GRP_KEM_MLKEM768X25519, TLS_VERSION_1_3,
 };
 
 use crate::{
@@ -78,9 +78,10 @@ impl Crypto {
         ])?;
         match &mut agent {
             Agent::Server(c) => {
-                // Clients do not send xyber shares by default, but servers should accept them.
+                // Clients do not send mlkem768x25519 shares by default, but servers should accept
+                // them.
                 c.set_groups(&[
-                    TLS_GRP_KEM_XYBER768D00,
+                    TLS_GRP_KEM_MLKEM768X25519,
                     TLS_GRP_EC_X25519,
                     TLS_GRP_EC_SECP256R1,
                     TLS_GRP_EC_SECP384R1,
diff --git a/neqo-transport/tests/connection.rs b/neqo-transport/tests/connection.rs
index c3a43dfb50..6b670cdc3c 100644
--- a/neqo-transport/tests/connection.rs
+++ b/neqo-transport/tests/connection.rs
@@ -275,12 +275,12 @@ fn overflow_crypto() {
 }
 
 #[test]
-fn handshake_xyber() {
+fn handshake_mlkem768x25519() {
     let mut client = default_client();
     let mut server = default_server();
 
     client
-        .set_groups(&[neqo_crypto::TLS_GRP_KEM_XYBER768D00])
+        .set_groups(&[neqo_crypto::TLS_GRP_KEM_MLKEM768X25519])
         .ok();
     client.send_additional_key_shares(0).ok();
 
@@ -289,10 +289,10 @@ fn handshake_xyber() {
     assert_eq!(*server.state(), State::Confirmed);
     assert_eq!(
         client.tls_info().unwrap().key_exchange(),
-        neqo_crypto::TLS_GRP_KEM_XYBER768D00
+        neqo_crypto::TLS_GRP_KEM_MLKEM768X25519
     );
     assert_eq!(
         server.tls_info().unwrap().key_exchange(),
-        neqo_crypto::TLS_GRP_KEM_XYBER768D00
+        neqo_crypto::TLS_GRP_KEM_MLKEM768X25519
     );
 }