Note
Note: Please contact feature-releases@catonetworks.com for more information about enabling and using this feature.
Post-Quantum Cryptography (PQC) visibility and enforcement for TLS Inspection enhances your ability to monitor, inspect, and control the cryptographic algorithms used in TLS connections across your environment.
When enabled, TLS Inspection logs post-quantum–related parameters exchanged during the TLS handshake, including key exchange and digital signature algorithms for both client and server connections. In the TLS Inspection policy, you can choose to enforce PQC or Hybrid-PQC key exchange algorithms on a per-rule basis, providing granular control over cryptographic behavior.
These capabilities strengthen control over encrypted traffic, improve crypto-agility, and proactively future-proof the platform by supporting quantum-resistant cryptography before quantum threats become practical.
Traditional public-key cryptography (such as RSA and elliptic-curve–based key exchange) is designed to resist classical computing attacks. However, large-scale quantum computers are expected to break these algorithms using quantum techniques such as Shor’s algorithm.
Even before quantum computers become practical, adversaries can capture encrypted traffic today and store it for future decryption. This is known as a Store-Now, Decrypt-Later (SNDL) attack.
By introducing PQC visibility and enforcement within TLS Inspection, organizations can:
- Monitor the adoption of quantum-resistant algorithms across inspected TLS traffic
- Enforce the use of PQC or Hybrid-PQC encryption where required
- Reduce exposure to SNDL interception risks
- Advance their transition to a quantum-ready security architecture
For more information, please see these blog posts:
PQC configuration is managed within each TLS Inspection rule. By default, PQC is disabled. You can enable and configure PQC behavior separately for both the client side and the server side of the inspected connection. For more information about TLS inspection, see Configuring TLS Inspection Policy for the Account.
Note
Note: PQC configuration requires TLS version 1.3 and a rule with an Inspect action.
- Standard (Recommended): Enables validated PQC and Hybrid-PQC key exchange algorithms to provide strong security with broad interoperability.
- Advanced: Enables validated PQC-only key exchange algorithms, allowing stricter enforcement of quantum-resistant cryptography
0 comments
Article is closed for comments.