diff --git a/.github/workflows/interop-mlkem.yml b/.github/workflows/interop-mlkem.yml
index cdc023210..2ddfef156 100644
--- a/.github/workflows/interop-mlkem.yml
+++ b/.github/workflows/interop-mlkem.yml
@@ -1,15 +1,20 @@
 name: ML-KEM Interop Tests
 
 on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
   pull_request:
     branches: [ '*' ]
+  workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 env:
-  openssh: V_10_2_P1
+  OS_REF: ubuntu-latest
+  WOLFSSL_REF: v5.9.1-stable
+  OPENSSH_REF: V_10_2_P1
 
 jobs:
   build_wolfssl:
@@ -17,8 +22,6 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
-      matrix:
-        wolfssl: [v5.8.4-stable, master]
     timeout-minutes: 4
     steps:
       - name: Checking cache for wolfSSL
@@ -26,7 +29,7 @@ jobs:
         id: cache-wolfssl
         with:
           path: build-dir/
-          key: wolfssh-mlkem-wolfssl-${{ matrix.wolfssl }}
+          key: wolfssh-mlkem-wolfssl-${{ env.WOLFSSL_REF }}-${{ env.OS_REF }}
           lookup-only: true
 
       - name: Checkout, build, and install wolfSSL
@@ -34,7 +37,7 @@ jobs:
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           repository: wolfSSL/wolfssl
-          ref: ${{ matrix.wolfssl }}
+          ref: ${{ env.WOLFSSL_REF }}
           path: wolfssl
           configure: --enable-wolfssh --enable-mlkem --enable-ed25519 --enable-ed25519-stream --enable-curve25519 --enable-base64encode --enable-cryptonly --disable-examples --disable-crypttests
           check: false
@@ -50,15 +53,15 @@ jobs:
         id: cache-openssh
         with:
           path: build-dir/
-          key: wolfssh-mlkem-openssh-${{ env.openssh }}
+          key: wolfssh-mlkem-openssh-${{ env.OPENSSH_REF }}
           lookup-only: true
 
-      - name: Checkout, build, and install wolfSSL
+      - name: Checkout, build, and install OpenSSH
         if: steps.cache-openssh.outputs.cache-hit != 'true'
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           repository: openssh/openssh-portable
-          ref: ${{ env.openssh }}
+          ref: ${{ env.OPENSSH_REF }}
           path: openssh
           configure: --with-privsep-path=/tmp/empty
           check: false
@@ -70,28 +73,25 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        wolfssl: [v5.8.4-stable, master]
         config: [
           '',
           '--enable-smallstack',
         ]
     runs-on: ubuntu-latest
     timeout-minutes: 4
-    env:
-      build_dir: ${{ github.workspace }}/build-dir
     steps:
       - name: Checking cache for wolfSSL
         uses: actions/cache@v5
         with:
           path: build-dir/
-          key: wolfssh-mlkem-wolfssl-${{ matrix.wolfssl }}
+          key: wolfssh-mlkem-wolfssl-${{ env.WOLFSSL_REF }}-${{ env.OS_REF }}
           fail-on-cache-miss: true
 
       - name: Checking cache for OpenSSH
         uses: actions/cache@v5
         with:
           path: build-dir/
-          key: wolfssh-mlkem-openssh-${{ env.openssh }}
+          key: wolfssh-mlkem-openssh-${{ env.OPENSSH_REF }}
           fail-on-cache-miss: true
 
       - name: Checkout, build, and test wolfSSH
@@ -99,18 +99,18 @@ jobs:
         with:
           repository: wolfSSL/wolfssh
           path: wolfssh
-          configure: ${{ matrix.config }} --with-wolfssl=${{ env.build_dir }}
+          configure: ${{ matrix.config }} --with-wolfssl=${{ github.workspace }}/build-dir
           check: true
 
       - name: Make test key
         working-directory: ./wolfssh/
         run: |
-          ${{ env.build_dir }}/bin/ssh-keygen -f $HOME/.ssh/id_ed25519 -N "" -t ed25519
+          ${{ github.workspace }}/build-dir/bin/ssh-keygen -f $HOME/.ssh/id_ed25519 -N "" -t ed25519
           cp $HOME/.ssh/id_ed25519.pub $HOME/.ssh/authorized_keys
 
       - name: Run connect wolfSSH client to OpenSSH server test
         working-directory: ./wolfssh/
         run: |
           mkdir -p /tmp/empty
-          ${{ env.build_dir }}/sbin/sshd -p 22222 -o KbdInteractiveAuthentication=no -o PasswordAuthentication=no -o KexAlgorithms=mlkem768x25519-sha256
+          ${{ github.workspace }}/build-dir/sbin/sshd -p 22222 -o KbdInteractiveAuthentication=no -o PasswordAuthentication=no -o KexAlgorithms=mlkem768x25519-sha256
           ./examples/client/client -u $USER -i $HOME/.ssh/id_ed25519 -j $HOME/.ssh/id_ed25519.pub -c "ls /"
diff --git a/.github/workflows/kyber.yml b/.github/workflows/kyber.yml
deleted file mode 100644
index 9e16fe61f..000000000
--- a/.github/workflows/kyber.yml
+++ /dev/null
@@ -1,97 +0,0 @@
-name: ML-KEM Tests
-
-on:
-  push:
-    branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
-  workflow_dispatch:
-
-env:
-  LIBOQS_REF: 0.10.0
-  WOLFSSL_REF: v5.7.0-stable
-  OS_REF: ubuntu-latest
-
-jobs:
-  build_liboqs:
-    name: Build liboqs
-    runs-on: ubuntu-latest
-    timeout-minutes: 4
-    steps:
-      - name: Checking cache for liboqs
-        uses: actions/cache@v5
-        id: cache-liboqs
-        with:
-          path: build-dir/
-          key: wolfssh-mlkem-liboqs-${{ env.LIBOQS_REF }}-${{ env.OS_REF }}
-          lookup-only: true
-
-      - name: Checkout liboqs
-        if: steps.cache-liboqs.outputs.cache-hit != 'true'
-        uses: actions/checkout@v6
-        with:
-          repository: open-quantum-safe/liboqs
-          ref: ${{ env.LIBOQS_REF }}
-          path: liboqs
-
-      - name: Build and install liboqs
-        if: steps.cache-liboqs.outputs.cache-hit != 'true'
-        working-directory: liboqs
-        run: |
-          mkdir build
-          cd build
-          cmake -DCMAKE_INSTALL_PREFIX=${{ github.workspace }}/build-dir -DOQS_MINIMAL_BUILD=KEM_kyber_512 -DOQS_USE_OPENSSL=0 ..
-          make
-          make install
-
-  build_wolfssl:
-    name: Build wolfssl
-    runs-on: ubuntu-latest
-    timeout-minutes: 4
-    steps:
-      - name: Checking cache for wolfssl
-        uses: actions/cache@v5
-        id: cache-wolfssl
-        with:
-          path: build-dir/
-          key: wolfssh-mlkem-wolfssl-${{ env.WOLFSSL_REF }}-${{ env.OS_REF }}
-          lookup-only: true
-
-      - name: Checkout, build, and install wolfssl
-        if: steps.cache-wolfssl.outputs.cache-hit != 'true'
-        uses: wolfSSL/actions-build-autotools-project@v1
-        with:
-          repository: wolfssl/wolfssl
-          ref: ${{ env.WOLFSSL_REF }}
-          path: wolfssl
-          configure: --enable-wolfssh --enable-cryptonly --disable-examples --disable-crypttests
-          check: false
-          install: true
-
-  build_wolfssh:
-    name: Build wolfssh
-    runs-on: ubuntu-latest
-    timeout-minutes: 4
-    needs: [build_wolfssl, build_liboqs]
-    steps:
-      - name: Checking cache for liboqs
-        uses: actions/cache@v5
-        with:
-          path: build-dir/
-          key: wolfssh-mlkem-liboqs-${{ env.LIBOQS_REF }}-${{ env.OS_REF }}
-          fail-on-cache-miss: true
-
-      - name: Checking cache for wolfssl
-        uses: actions/cache@v5
-        with:
-          path: build-dir/
-          key: wolfssh-mlkem-wolfssl-${{ env.WOLFSSL_REF }}-${{ env.OS_REF }}
-          fail-on-cache-miss: true
-
-      - name: Checkout, build, and test wolfssh
-        uses: wolfSSL/actions-build-autotools-project@v1
-        with:
-          repository: wolfssl/wolfssh
-          path: wolfssh
-          configure: --with-liboqs=${{ github.workspace }}/build-dir --with-wolfssl=${{ github.workspace }}/build-dir
-          check: true
diff --git a/.github/workflows/singlethread-check.yml b/.github/workflows/singlethread-check.yml
index 315257c54..a459ced4b 100644
--- a/.github/workflows/singlethread-check.yml
+++ b/.github/workflows/singlethread-check.yml
@@ -12,7 +12,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  WOLFSSL_REF: v5.7.0-stable
+  WOLFSSL_REF: v5.9.1-stable
 
 jobs:
   build_wolfssl: