methodology / Security / #94
Post-quantum key exchange
#94 · Variable · Web Quality · weighted · Security · impl todo · source Negotiated keyExchange string from the TLS handshake — checked against post-quantum naming patterns (X25519MLKEM768, X25519Kyber768Draft00, MLKEM, Kyber, Hybrid).
Web Quality factor
This factor is part of Web Quality — the weighted 0..100 score that sits above Web Standards. Its weight depends on what kind of site is being measured. Web Standards items take priority; this factor only enters the score once Web Standards passes.
No matrix row defined yet — this factor falls back to a neutral weight of 1.0 across every site type until the methodology is tuned.
What this means for your business
Researchers worry that quantum computers, when they arrive, could crack today's encrypted recordings after the fact. The newest encryption recipes already protect against that — and Chrome and Cloudflare turned them on in 2024.
Plain title: Future-proof against tomorrow's computers
Want the long version? Read the full explainer with examples →
What we measure
Quantum-resistant key exchange (X25519MLKEM768, a hybrid of classical X25519 + the post-quantum KEM ML-KEM/Kyber-768) protects today's TLS sessions against "harvest now, decrypt later" attacks where a state-level actor records ciphertext now and decrypts it on a future quantum computer. Chrome enabled it by default in 2024; Cloudflare deployed PQ key share to all free zones in March 2024. The IETF standardised ML-KEM in FIPS 203 (Aug 2024).
How to improve your score
If your server is behind Cloudflare, the post-quantum hybrid is automatically negotiated when the client supports it (Chrome, Firefox 132+). Self-hosted: BoringSSL has PQ support, OpenSSL 3.5 has experimental PQ; if you're on stable OpenSSL or LibreSSL, you're not getting it yet. Easiest practical fix: front your origin with Cloudflare and let their edge handle PQ negotiation while you keep the existing cert + back-end stack.
Facts
Implementation notes
pass=100: post-quantum hybrid negotiated. warn=60: classical-only key exchange on TLS 1.3 (server doesn't advertise PQ support). n/a: TLS < 1.3 (PQ key share lives in TLS 1.3 supported_groups; pre-1.3 protocols don't carry it).
Scoring
Scoring formulas are versioned with the methodology. The current method maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.
Version history
| Version | Change | Date |
|---|---|---|
| v0.1 | Factor introduced. Status: proposed. Scoring impl: todo. | 2026-04-25 |