diff --git a/CLAUDE.md b/CLAUDE.md
index 617ad567..ac8f4bdd 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -76,7 +76,7 @@ Currently unpinned in `requirements.yml`, but key ones include:
 ```toml
 # pyproject.toml configuration
 [tool.ruff]
-target-version = "py310"
+target-version = "py311"
 line-length = 120
 
 [tool.ruff.lint]
diff --git a/main.yml b/main.yml
index 42e15965..75021819 100644
--- a/main.yml
+++ b/main.yml
@@ -34,10 +34,10 @@
 
     - name: Verify Python meets Algo VPN requirements
       assert:
-        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.8', '>=')
+        that: (ansible_python.version.major|string + '.' + ansible_python.version.minor|string) is version('3.11', '>=')
         msg: >
           Python version is not supported.
-          You must upgrade to at least Python 3.8 to use this version of Algo.
+          You must upgrade to at least Python 3.11 to use this version of Algo.
           See for more details - https://trailofbits.github.io/algo/troubleshooting.html#python-version-is-not-supported
 
     - name: Verify Ansible meets Algo VPN requirements
diff --git a/pyproject.toml b/pyproject.toml
index ee0e5d3c..475a5483 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -2,11 +2,11 @@
 name = "algo"
 description = "Set up a personal IPSEC VPN in the cloud"
 version = "0.1.0"
-requires-python = ">=3.10"
+requires-python = ">=3.11"
 
 [tool.ruff]
 # Ruff configuration
-target-version = "py310"
+target-version = "py311"
 line-length = 120
 
 [tool.ruff.lint]
diff --git a/requirements.yml b/requirements.yml
index f1afedea..5b64d03f 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,6 +1,10 @@
 ---
 collections:
   - name: ansible.posix
+    version: ">=1.6.2"
   - name: community.general
+    version: ">=8.6.11"
   - name: community.crypto
+    version: ">=2.26.4"
   - name: openstack.cloud
+    version: ">=2.4.1"
diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml
index b5a9de7a..4ce2e666 100644
--- a/roles/strongswan/tasks/openssl.yml
+++ b/roles/strongswan/tasks/openssl.yml
@@ -80,7 +80,7 @@
           - "IP:10.0.0.0/255.0.0.0"
           - "IP:172.16.0.0/255.240.0.0"
           - "IP:192.168.0.0/255.255.0.0"
-          - "IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0"  # IPv6 all zeros
+          - "IP:::/0"  # IPv6 all addresses
         name_constraints_critical: true
       register: ca_csr
 
diff --git a/tests/unit/test_openssl_compatibility.py b/tests/unit/test_openssl_compatibility.py
index 320306aa..2db4a976 100644
--- a/tests/unit/test_openssl_compatibility.py
+++ b/tests/unit/test_openssl_compatibility.py
@@ -151,7 +151,7 @@ def validate_ca_certificate_config():
         assert f'"email:{domain}"' in content, f"Email domain {domain} should be excluded"
 
     # Verify IPv6 constraints are present (Issue #153)
-    assert "IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0" in content, "IPv6 all-zeros should be excluded"
+    assert "IP:::/0" in content, "IPv6 all addresses should be excluded"
 
     print("✓ CA certificate configuration has proper security constraints")