TLS (Transport Layer Security) protects the vast majority of internet communications. Adding post-quantum security to TLS is one of the most impactful steps organizations can take to prepare for the quantum era. This guide walks through practical implementation approaches.
Understanding TLS Key Exchange
TLS uses key exchange algorithms to establish shared secrets between clients and servers. Currently, most TLS connections use ECDHE (Elliptic Curve Diffie-Hellman Ephemeral), which is vulnerable to quantum attacks.
Post-quantum TLS replaces or augments this with quantum-resistant key encapsulation mechanisms like Kyber.
Hybrid Key Exchange
The recommended approach during the transition period is hybrid key exchange, combining both classical and post-quantum algorithms:
Hybrid Approach Benefits
Defense in depth: Even if one algorithm is broken, the other provides protection
Standards compliance: Maintains compatibility with existing requirements
Conservative security: Addresses uncertainty about new algorithms
In hybrid mode, both X25519 (classical) and Kyber-768 (post-quantum) key exchanges occur, with the results combined to derive the session key.
Server-Side Implementation
For web servers, post-quantum TLS support is becoming available in major platforms:
# Nginx with OpenSSL 3.2+
ssl_protocols TLSv1.3;
ssl_ecdh_curve X25519Kyber768:X25519:prime256v1;
# Or using groups directive
ssl_conf_command Groups X25519Kyber768:X25519;The X25519Kyber768 group implements hybrid key exchange, combining X25519 with Kyber-768.
Client Support
Major browsers have begun supporting post-quantum TLS:
- Chrome: Supports X25519Kyber768 since version 124
- Firefox: Experimental support available
- Safari: Support expected in upcoming releases
For programmatic clients, updated TLS libraries are required:
// Node.js with updated OpenSSL
const https = require('https');
const options = {
hostname: 'api.h33.ai',
port: 443,
secureProtocol: 'TLSv1_3_method'
// Kyber negotiated automatically if server supports
};Performance Considerations
Hybrid post-quantum TLS has modest performance impacts:
- Bandwidth: ~1KB additional per handshake (Kyber key + ciphertext)
- Latency: ~0.1ms additional computation
- CPU: Minimal impact with optimized implementations
For most applications, these impacts are negligible. High-frequency trading or extremely latency-sensitive applications may need careful testing.
Testing Your Implementation
Verify post-quantum support is working:
# Using openssl s_client
openssl s_client -connect yourserver.com:443 -groups X25519Kyber768
# Check the negotiated group in output
# Should show: Server Temp Key: X25519Kyber768Certificate Considerations
Note that post-quantum TLS key exchange doesn't affect certificates (yet). Server certificates still use classical signatures (RSA or ECDSA). Post-quantum certificate signatures are a separate, ongoing standardization effort.
For now, the key exchange protection is the priority—it protects against harvest-now-decrypt-later attacks on session data.
Rollout Strategy
A phased rollout minimizes risk:
- Phase 1: Enable on development/staging environments
- Phase 2: Deploy to a subset of production traffic
- Phase 3: Monitor for issues, expand gradually
- Phase 4: Full production deployment
Post-quantum TLS is production-ready today. With hybrid key exchange, you can add quantum resistance while maintaining full compatibility with existing clients. Start your implementation now to protect your users' data against future quantum threats.
Ready to Go Quantum-Secure?
Start protecting your users with post-quantum authentication today. 1,000 free auths, no credit card required.
Get Free API Key →