All news with #ml-kem tag

Amazon S3 Adds Post-Quantum TLS Key Exchange Support

🔐 Amazon S3 now supports post-quantum TLS key exchange on regional S3, S3 Tables, and S3 Express One Zone endpoints using the NIST-standardized Module Lattice-Based Key Encapsulation Mechanism (ML-KEM). PQ-TLS key exchange is available at no additional cost across all AWS regions and will be negotiated automatically when clients are configured for ML-KEM. Combined with server-side AES-256 encryption by default, S3 offers quantum-resistant protection for data both in transit and at rest.

Major Milestone: Majority of Human Traffic Uses PQ TLS

🔒 Cloudflare reports that, as of late October 2025, the majority of human-initiated traffic through its network is protected with post‑quantum key agreement, reducing the risk of harvest‑now/decrypt‑later attacks. The post summarizes progress since the last update 21 months earlier: NIST standardization, broad adoption of ML‑KEM hybrids, Google's Willow milestone, and Craig Gidney's optimizations that materially moved Q‑day closer. It explains why migrating key agreement was urgent and relatively straightforward, why signature/certificate migration remains the harder challenge, and what organizations and regulators should prioritize now.

Testing Post-Quantum TLS in Python with OpenSSL 3.5

🔐 AWS provides a containerized sample to test post-quantum hybrid TLS (PQ TLS) from Python by bundling OpenSSL 3.5 with a standard interpreter and common libraries. The sample demonstrates hybrid key exchange using ML-KEM alongside classical algorithms and includes examples for boto3/AWS CLI, requests, and low-level ssl sockets. It also shows how to capture traffic and confirm PQ negotiation in TLS handshakes.