Administrators encountered a violation of TLS connections after the update.
The latest update of Google Chrome 124 caused technical difficulties for users due to the introduction of a new encryption mechanism X25519Kyber768, resistant to quantum attacks.
Google started testing X25519Kyber768 in August and has now enabled it in the latest version of Chrome for all users. The new version uses the Kyber768 quantum-resistant key matching algorithm for TLS 1.3 and QUIC connections to protect Chrome's TLS traffic from quantum cryptanalysis.
The encryption algorithm is designed to protect against the so-called "store now decrypt later"attacks. This type of attack assumes that an attacker collects encrypted data with the intention of decrypting it in the future using quantum technologies. In response to such threats, Apple, Signal, and Google have begun implementing quantum-resistant encryption algorithms.
However, the introduction of the new technology has led to problems connecting to websites, servers, and firewalls, especially after the initial TLS handshake-ClientHello stage. System administrators reported that some web applications and security devices cannot correctly process the increased amount of data in the ClientHello message, which leads to a connection failure.
The problem affects not only Chrome, but also Microsoft Edge 124, as well as various network devices from Fortinet, SonicWall, Palo Alto Networks and AWS.
As a temporary solution, users can disable hybrid support for Kyber TLS 1.3 in Chrome by going to "chrome://flags/#enable-tls13-kyber". Administrators can also disable the PostQuantumKeyAgreementEnabled enterprise policy for businesses through software settings.
Microsoft has released guidelines for managing this feature through Edge Group Policies.
Google emphasizes that in the future, disabling the new option will not be possible, as protection against quantum attacks will become mandatory for all devices that support TLS.
The latest update of Google Chrome 124 caused technical difficulties for users due to the introduction of a new encryption mechanism X25519Kyber768, resistant to quantum attacks.
Google started testing X25519Kyber768 in August and has now enabled it in the latest version of Chrome for all users. The new version uses the Kyber768 quantum-resistant key matching algorithm for TLS 1.3 and QUIC connections to protect Chrome's TLS traffic from quantum cryptanalysis.
The encryption algorithm is designed to protect against the so-called "store now decrypt later"attacks. This type of attack assumes that an attacker collects encrypted data with the intention of decrypting it in the future using quantum technologies. In response to such threats, Apple, Signal, and Google have begun implementing quantum-resistant encryption algorithms.
However, the introduction of the new technology has led to problems connecting to websites, servers, and firewalls, especially after the initial TLS handshake-ClientHello stage. System administrators reported that some web applications and security devices cannot correctly process the increased amount of data in the ClientHello message, which leads to a connection failure.
The problem affects not only Chrome, but also Microsoft Edge 124, as well as various network devices from Fortinet, SonicWall, Palo Alto Networks and AWS.
As a temporary solution, users can disable hybrid support for Kyber TLS 1.3 in Chrome by going to "chrome://flags/#enable-tls13-kyber". Administrators can also disable the PostQuantumKeyAgreementEnabled enterprise policy for businesses through software settings.
Microsoft has released guidelines for managing this feature through Edge Group Policies.
Google emphasizes that in the future, disabling the new option will not be possible, as protection against quantum attacks will become mandatory for all devices that support TLS.
