diff --git a/CHANGELOG.md b/CHANGELOG.md
index ceeb3faa..6dc33b13 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Changelog
 
-## [10.5.0](https://github.com/dev-sec/ansible-collection-hardening/tree/10.5.0) (2025-12-14)
+## [10.5.0](https://github.com/dev-sec/ansible-collection-hardening/tree/10.5.0) (2025-12-23)
 
 [Full Changelog](https://github.com/dev-sec/ansible-collection-hardening/compare/10.4.0...10.5.0)
 
@@ -14,6 +14,7 @@
 
 **Merged pull requests:**
 
+- chore\(deps\): update ansible/ansible-lint digest to a2bc8b8 [\#924](https://github.com/dev-sec/ansible-collection-hardening/pull/924) ([renovate[bot]](https://github.com/apps/renovate))
 - chore\(deps\): update actions/setup-python digest to 83679a8 [\#920](https://github.com/dev-sec/ansible-collection-hardening/pull/920) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([renovate[bot]](https://github.com/apps/renovate))
 - chore\(deps\): update actions/checkout action to v6 [\#919](https://github.com/dev-sec/ansible-collection-hardening/pull/919) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([renovate[bot]](https://github.com/apps/renovate))
 - fix: replace deprecated community.general.yaml callback plugin [\#918](https://github.com/dev-sec/ansible-collection-hardening/pull/918) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([Normo](https://github.com/Normo))
diff --git a/roles/ssh_hardening/tasks/crypto_kex.yml b/roles/ssh_hardening/tasks/crypto_kex.yml
index a37efd85..3fe6ec17 100644
--- a/roles/ssh_hardening/tasks/crypto_kex.yml
+++ b/roles/ssh_hardening/tasks/crypto_kex.yml
@@ -18,3 +18,8 @@
   ansible.builtin.set_fact:
     ssh_kex: "{{ ssh_kex_85_default }}"
   when: sshd_version is version('8.5', '>=')
+
+- name: Set kex according to openssh-version if openssh >= 9.9
+  ansible.builtin.set_fact:
+    ssh_kex: "{{ ssh_kex_99_default }}"
+  when: sshd_version is version('9.9', '>=')
diff --git a/roles/ssh_hardening/vars/main.yml b/roles/ssh_hardening/vars/main.yml
index 87ef6b69..9d3aaee8 100644
--- a/roles/ssh_hardening/vars/main.yml
+++ b/roles/ssh_hardening/vars/main.yml
@@ -52,3 +52,9 @@ ssh_kex_85_default:
   - sntrup761x25519-sha512@openssh.com
   - curve25519-sha256@libssh.org
   - diffie-hellman-group-exchange-sha256
+
+ssh_kex_99_default:
+  - mlkem768x25519-sha256
+  - sntrup761x25519-sha512@openssh.com
+  - curve25519-sha256@libssh.org
+  - diffie-hellman-group-exchange-sha256