The forum now uses post-quantum encryption for HTTPS (x25519mlkem768)

I am testing Caddy v2.10.0-beta.1 on the forum, which supports the standardized x25519mlkem768 cryptographic group for post-quantum (PQC) key exchange.

You can see whether your browser supports this in the developer console, this is where it would appear in Firefox:

2025-03-07 at 17.54.143112×402 111 KB

In the future we will expand this to all our websites, and enable ECH. When Caddy v2.10.0 officially releases I plan to enable ECH with the ech.triplebit.net domain on every website I run (including for example popular and unrelated websites like mstdn.party and mstdn.plus), to provide a minor privacy improvement to privacyguides.org visitors.

I don’t expect any issues, but do share if you notice anything strange.

fwiw

• Chromium on desktop and Vanadium 124 and higher support this by default.
• Firefox on desktop 135 and higher supports this by default.
• Safari has no support afaik

I don’t think Chromium supports ML-KEM until 131 but yes. Bummer I can’t find any information about Safari even considering it

Are there related to one of the DiLithium/Kyber Crystal encryption methods?

ML-KEM replaces Kyber (it basically is Kyber with some improvements)

Can someone please ELI5 - what does this mean exactly?

Is this the https - security and encryption or something else?

Sorry, I don’t follow.

lol oh yeah, guess it could be clearer. It is for HTTPS, so that information about visits to the forum can’t be cracked by quantum computers later. It is really pretty minor, but I think it is cool that we are getting closer to standardized post-quantum encryption on the web.

This is cool! Hopefully more websites support this. Is this possible to enable ECH with NGINX? I use NGINX for my servers personally.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.