AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) now support post-quantum key exchange options for the Transport Layer Security (TLS) protocol. This opt-in feature introduces new TLS security policies with hybrid post-quantum key agreement, combining classical key exchange algorithms with post-quantum key encapsulation methods, including the standardized Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) algorithm.
Post-quantum TLS (PQ-TLS) security policies protect your data in transit against potential “Harvest Now, Decrypt Later” (HNDL) attacks, where adversaries collect encrypted data today with the intention to decrypt it once quantum computing capabilities mature. This quantum-resistant encryption ensures long-term security for your applications and data transmissions, future-proofing your infrastructure against emerging quantum computing threats.
This feature is available for ALB and NLB in all AWS Commercial Regions, AWS GovCloud (US) Regions and AWS China Regions at no additional cost. To use this capability, you must explicitly update your existing ALB HTTPS listeners or NLB TLS listeners to use a PQ-TLS security policy, or select a PQ-TLS policy when creating new listeners through the AWS Management Console, CLI, API or SDK. You can monitor the use of classical or quantum-safe key exchange using ALB connection logs or NLB access logs.
For more information, please visit ALB User Guide, NLB User Guide, and AWS Post-Quantum Cryptography documentation.
Categories: marketing:marchitecture/networking-and-content-delivery
Source: Amazon Web Services
Latest Posts
- AWS Application and Network Load Balancers Now Support Post-Quantum Key Exchange for TLS
- Amazon Simple Email Service is now available in two new AWS Regions
- AWS IoT Core enhances IoT rules-SQL with variable setting and error handling capabilities
- AWS Application Load Balancer now supports Health Check Logs
