diff --git a/data/updates.js b/data/updates.js
index a4b0ca604..783049bec 100644
--- a/data/updates.js
+++ b/data/updates.js
@@ -57,6 +57,7 @@ export const updates = {
 	mail_attachment_detection_options_maildir_changed: '2.4.3',
 	mail_cache_fields_changed: '2.4.1',
 	mail_crypt_eddsa: '2.4.0',
+	mail_crypt_ml_kem_keys: '2.4.4',
 	mail_crypt_fs_maybe: '2.4.0',
 	mail_location_keep_noselect: '2.4.0',
 	mail_location_no_noselect: '2.4.0',
diff --git a/docs/core/plugins/mail_crypt.md b/docs/core/plugins/mail_crypt.md
index 2ce2a5d09..64cd9c11b 100644
--- a/docs/core/plugins/mail_crypt.md
+++ b/docs/core/plugins/mail_crypt.md
@@ -67,9 +67,10 @@ The encryption keys for the symmetric encryption are randomly
 generated. These keys in turn are encrypted using a key derived with from the
 provisioned private key.
 
-Provisioned private keys can be Elliptic Curve (EC) keys or RSA Encryption
-is done using the Integrated Encryption Scheme (IES). This algorithm is
-usable both with EC and RSA keys.
+Provisioned keys can be Elliptic Curve (EC) keys or RSA keys.
+[[changed,mail_crypt_ml_kem_keys]] ML-KEM keys are also
+supported with OpenSSL 3.3+. Encryption is done using the Integrated
+Encryption Scheme (IES). This algorithm is usable both with EC and RSA keys.
 
 ## Limitations
 
@@ -145,8 +146,10 @@ In this mode, all keying material is taken from the settings:
  * [[setting,crypt_global_private_key]] - List of
    [[setting,crypt_private_key_file]] keys
 
-You can use either Elliptic Curve (EC) keys (recommended) or RSA keys. See
-below for examples using them. No key generation is automatically performed.
+You can use either Elliptic Curve (EC) keys (recommended) or RSA keys.
+[[changed,mail_crypt_ml_kem_keys]] ML-KEM keys are also
+supported with OpenSSL 3.3+. See below for examples using them. No key
+generation is automatically performed.
 
 A good solution for environments where no user folder sharing is needed is to
 generate per-user EC key pair and encrypt that with something derived from
@@ -442,6 +445,10 @@ compression.
 
 See [[link,mail_crypt_settings]] for generic mail-crypt settings.
 
+`fs-crypt` supports the same key types as `mail-crypt`.
+[[changed,mail_crypt_ml_kem_keys]] ML-KEM keys are also
+supported with OpenSSL 3.3+.
+
 ::: warning
 [[changed,fs_crypt_require_encryption_keys]] fs-crypt requires encryption keys
 by default.
diff --git a/docs/installation/upgrade/include/2.4-added-cryptographic-features.inc b/docs/installation/upgrade/include/2.4-added-cryptographic-features.inc
index e2fe0d4cc..b5b33b8b6 100644
--- a/docs/installation/upgrade/include/2.4-added-cryptographic-features.inc
+++ b/docs/installation/upgrade/include/2.4-added-cryptographic-features.inc
@@ -5,3 +5,4 @@
 | ARGON2 password scheme | Support for the ARGON2 password scheme was added. |
 | SCRAM-SHA-1, SCRAM-SHA-256 | Support SASL mechanisms for outgoing connections. |
 | X25519, X448 | [[plugin,mail-crypt]] and [[link,mail_crypt_fs_crypt]] now support these curves. |
+| ML-KEM | [[changed,mail_crypt_ml_kem_keys]] [[plugin,mail-crypt]] and [[link,mail_crypt_fs_crypt]] support ML-KEM keys with OpenSSL 3.3+. |