Troubleshooting technical issues is much easier when both the user and support agent practice clear communication. For this reason, we have provided the template below for you to fill out with information about your issue. Please provide as much detail as possible so we can most efficiently resolve your problem.
Description of the issue: #enable-tls13-kyber (TLS 1.3 post-quantum key agreement) is disabled by default in Brave. Disabling it by default removes protection against harvest-now-decrypt-later attacks against X25519 when quantum computers with large qubits become viable, even on websites which do support it. Chromium also has TLS 1.3 post quantum key agreement enabled by default.
How can this issue be reproduced?
- Visit an website that uses post-quantum key agreement (like Cloudflare)
- Click on the tune icon
- Click on ‘Connection is secure’
- See that X25519 is used instead of X25519MLKEM768
Expected result:
Post quantum key agreement should have been enabled by default.
Brave Version( check About Brave
):
1.74.48
Mobile Device details
Additional Information: