X25519Kyber768 key encapsulation for TLS

Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). ¹

Major browsers are starting to deliver post-quantum secure key exchange mechanisms. Though the quantum threat is still far away, it's still essential to migrate tls key agreements to prevent "store-and-decrypt" attack, which could be able to decrypt stored traffic until a quantum computer is available in the future.

But on the other side, the launch of Google Chrome 124 and Microsoft Edge 124 were appearently breaking TLS connections to some legacy web applications, firewalls, and server products. Adoption of the new key exchange mechanism is a long way to go.

Cloudflare have also made lots of effort to make the post-quantum cryptography available to the public. They have tried to secure the connection from Cloudflare to origin servers in production from 2023 ². Besides, there is a tool tldr.fail to help developer to show error info with ClientHello messages during tls connection.

Other related posts:

• Defending against future threats: Cloudflare goes post-quantum
• The state of the post-quantum Internet