diff --git a/.crypto-policies.metadata b/.crypto-policies.metadata
index 7d189c5..cf3f1a9 100644
--- a/.crypto-policies.metadata
+++ b/.crypto-policies.metadata
@@ -1 +1 @@
-bf586ce8a5b85e71c528d508094b567ad926c74e SOURCES/crypto-policies-git978ac26.tar.gz
+396b36b6eeb89a6bbf532110a65e030a2a5f990d SOURCES/crypto-policies-git7073416.tar.gz
diff --git a/.gitignore b/.gitignore
index f873958..fed05db 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/crypto-policies-git978ac26.tar.gz
+SOURCES/crypto-policies-git7073416.tar.gz
diff --git a/SPECS/crypto-policies.spec b/SPECS/crypto-policies.spec
index 4ec4d5e..e0cf6e4 100644
--- a/SPECS/crypto-policies.spec
+++ b/SPECS/crypto-policies.spec
@@ -1,12 +1,12 @@
-%global git_date 20241105
-%global git_commit 978ac269655ae739f577a8fc78e6b672c78524f8
+%global git_date 20241106
+%global git_commit 707341621f4d484685aa51cc71d2f73e9e7141ff
 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
 
 %global _python_bytecompile_extra 0
 
 Name:           crypto-policies
 Version:        %{git_date}
-Release:        1.git%{git_commit_hash}%{?dist}
+Release:        2.git%{git_commit_hash}%{?dist}
 Summary:        System-wide crypto policies
 
 License:        LGPL-2.1-or-later
@@ -30,10 +30,10 @@ BuildRequires: make
 BuildRequires: systemd-rpm-macros
 
 Conflicts: openssl-libs < 1:3.2
-Conflicts: nss < 3.101
+Conflicts: nss < 3.101.0-9
 Conflicts: libreswan < 4.12
 Conflicts: openssh < 9.9p1
-Conflicts: gnutls < 3.8.5
+Conflicts: gnutls < 3.8.8
 
 %description
 This package provides pre-built configuration files with
@@ -82,6 +82,12 @@ sed -i "s/'NSS_NO_TLS_REQUIRE_EMS', '0'/'NSS_NO_TLS_REQUIRE_EMS', '1'/" \
 sed -i "s/:TLS-REQUIRE-EMS:/:/" tests/outputs/*FIPS*.txt
 %endif
 
+%if 0%{?rhel} == 11
+# currently ELN NSS doesn't support mlkem768secp256r1
+sed -i '/P256-MLKEM768/d' python/policygenerators/nss.py
+sed -i "s/:mlkem768secp256r1:/:/" tests/outputs/*:TEST-PQ-nss.txt
+%endif
+
 %make_build
 
 %install
@@ -241,16 +247,19 @@ exit 0
 %{_mandir}/man8/update-crypto-policies.8*
 %{_datarootdir}/crypto-policies/python
 
-%{_bindir}/fips-mode-setup
-%{_bindir}/fips-finish-install
-%{_mandir}/man8/fips-mode-setup.8*
-%{_mandir}/man8/fips-finish-install.8*
-
 %files pq-preview
 %{_datarootdir}/crypto-policies/policies/modules/TEST-PQ.pmod
 
 
 %changelog
+* Wed Nov 06 2024 Clemens Lang <cllang@redhat.com> - 20241106-2.git7073416
+- fips-mode-setup: Remove
+  Resolves: RHEL-65652
+
+* Wed Nov 06 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241106-1.git1bdaba3
+- gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
+- nss: add mlkem768x25519 and mlkem768secp256r1
+
 * Tue Nov 05 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241105-1.git978ac26
 - gnutls: `allow-rsa-pkcs1-encrypt = false` everywhere but in LEGACY