X25519Kyber768Draft00 Hybrid Post-Quantum Key

I have a curiosity,have you enabled this feature in your browsers?

More info:

https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html

It is possible to verify with a test:

https://pq.cloudflareresearch.com/

In the 2 images below.

Functionality not enabled:



Functionality enabled:

 

Interesting, thanks.
I see it is supported in Firefox Nightly, but not in Firefox release version, so I haven't yet enabled the feature.

 

I decided to enable 2 flags in my Edge and do some testing in the various web pages I usually open:

• TLS 1.3 hybridized Kyber support
• Enable Kyber768 + NIST-P384 TLS Kyber Confidentiality

It is possible to check the various options with the test below:

https://browserleaks.com/tls

Default:



Only first flag enabled:



Both:

 

https://www.bleepingcomputer.com/ne...uantum-resistant-encryption-to-protect-email/

My wife uses Tuta Mail.
My wife is German.
I will probably also consider opening a Tuta Mail account.

P.S.

Android app not working well (lost connections) so attachments not uploaded and email message not shown in smartphones without Google Services.

 

I have noticed that almost all of the Web sites I open usually use TLS 1.3.
But not unfortunately WSF:




I decided to enable this flag in Edge:

Code:

TLS 1.3 Early Data - Enabled

to improve browser performance.

https://www.ssldragon.com/blog/tls-1-2-vs-1-3/

 

Hi. Firefox stable 124.x is support now.

 

Thanks, Libraman.
Interesting!

https://pq.cloudflareresearch.com/
Software support
Firefox 124+ if you turn on security.tls.enable_kyber in about:config. [new!]

I notice that in the release notes for Firefox Nightly 126.0a1 the following is still mentioned:

Web Platform
Starting with Firefox 125, Nightly builds will attempt to establish TLS connections using a hybrid post-quantum key agreement mechanism (X25519+Kyber768). This may result in slow TLS handshakes or failed connections on networks with TLS intercepting middleboxes. The feature can be disabled by setting the security.tls.enable_kyber preference to false.
Bug 1878725

 

I also noticed that many websites (but not WSF) use the QUIC protocol:

https://www.teimouri.net/quic-speeding-web-revolution-networking/

(which I have long since enabled in my browser).
It seems to me that with the recent flag enabled I get a much faster response from many websites.

Example from another forum frequented by some WSF members:

 

at least its a cloudflare-only feature. if you do not use or see CF hosted/secured pages you probably never will notice it. if mozilla will recognise this as an urgent feature they will enable it by default, otherwise no one should care. http3/quic is available since 2020 and enabled by default since ... early 2021 in firefox.

 

I did now. Thank you.

There is no way in hell I will ever enable less secure QUIC to gain a few measly milliseconds.

 

P.S.

Consider that almost all websites that adopt the QUIC protocol use X25519Kyber768Draft00 Hybrid Post-Quantum Key with your browser.
Websites using TLS 1.3 do not always use the Post Quantum key.

 

I recently noticed that,at least in Edge, using the QUIC flag at default does not guarantee that the browser will NOT use this protocol.

So I would like to advise all forum members who do not like this active feature to check via the browser development tools.

Or simply disable the QUIC flag.

 

You can also check via a firewall or a network watcher, UDP via port 443 is a dead giveaway. I use QUIC on Brave for Youtube/Google, since privacy or security does not matter there.

 

I have a curiosity.
In LibreWolf:

Code:

network.http.http3.enable

is it set to false by default?

 

True by default

 

Do you leave it to default?
Or do you trust Mozilla QUIC more than Google QUIC?

 

I use LibreWolf only for Facebook, but to be fair I did not know about it, I must have forgotten about it back then. I have blocked UDP in the firewall now and FB is still working. So thank you, again. I must buy you a beer sometime.

 

If you come to Italy,I will gladly take a beer.
Thank you for your answers.

 

I insert a simple QUIC connection test for W. members who do not like to use indirect methods:


https://quic.nginx.org/

 

I performed via the browser development tools some tests to check the increased loading speed of the same web page with QUIC protocol on and off:

QUIC on:




QUIC off:



With Firefox, to check if the QUIC protocol is active, you need to check if the Web site uses HTTP/3.
If any W. members are interested I can post an image.

 

Please upload images as .png.
They will be much clearer (no jpeg artifacts).
Example @400% of part of your image above.

FWIW, I disabled Kyber support in my browsers again, because some websites refused my connection ("ERR_CONNECTION_RESET").
See: https://www.bleepingcomputer.com/ne...antum-cryptography-may-break-tls-connections/
And here.

 

In Developer tools ---> Network:
Screenshot.

 

I prefer to have the “protocol” parameter already available.
But it has to be selected:

 

Hi,
now that I have had lunch I can answer your questions.
For png images it will be done next time in this thread.

At the moment I have not had any problem loading websites.
Even in Firefox I have Kyber enabled.
I use Firefox without extensions and with few customizations.

I need to find a problem I have with Edge of not sending notifications in an app in the smartphone to authorize payments for purchases made online.
That does not seem to be caused by Kyber.

 

Ah, I didn't have it selected.