ADC

Support for hybrid Post-Quantum cryptography on the front end

The rapid advancement of quantum computing presents a significant challenge to the security of modern digital communications. Quantum computers are quickly gaining the power to break the asymmetric cryptography that secures today’s internet, including algorithms like RSA and DSA.

To address these critical challenges, NetScaler supports hybrid Post-Quantum Cryptography (PQC) on the front end. This feature allows your NetScaler to perform key exchange using quantum-resistant algorithms, safeguarding your communications against future quantum attacks.

Major browsers, including Google Chrome, Mozilla Firefox, and Microsoft Edge, already support Hybrid PQC, with X25519MLKEM768 (0x11EC) being the most widely used cipher.

Users can easily and securely negotiate key exchanges with NetScaler using Hybrid PQC (X25519_MLKEM768). This new feature provides protection against Harvest Now Decrypt Later (HNDL) and adheres to regulatory compliance.

Note:

This feature is available only for enhanced SSL Profile.

Enable PQC on NetScaler

To enable hybrid PQC on NetScaler, configure an SSL profile to include the X25519_MLKEM768 elliptic curve.

You can bind elliptic curves to an SSL profile by using two methods:

  • Appending a specific curve
  • Rebinding all curves with a new one at the top of the list.

Prerequisite.

Ensure that you are using an Enhanced SSL Profile.

To enable PQC on NetScaler by using CLI

  1. Add the X25519_MLKEM768 to the current list of elliptic curves that are bound to the SSL profile without removing any existing curves. At the command prompt, type: bind ssl profile <name> -eccCurveName X25519_MLKEM768

    Example: bind ssl profile p1 -eccCurveName X25519_MLKEM768

  2. Rebind all available elliptic curves to an SSL profile and prioritize X25519_MLKEM768 (the Hybrid PQC curve) at the top of the list At the command prompt, type:

    bind ssl profile <name> -eccCurveName ALL

    Example: bind ssl profile p1 -eccCurveName ALL

To enable PQC on NetScaler by using GUI

  1. Navigate to Traffic Management > SSL > SSL Profiles.
  2. Select the SSL Profile and click Edit.
  3. In the SSL Profile page, navigate to Advanced Settings, select ECC Curve.
  4. In the ECC Curve Binding page, select either All or X25519_MLKEM768.
  5. Click Bind.
Support for hybrid Post-Quantum cryptography on the front end