Guide

Post Quantum Cryptography Client to Edge

Suggest Edits

📘

This behavior is Limited Availability. To enable it, contact your ​Akamai​ account team.

To protect your data and address privacy and security goals, ​Akamai​ can use Post Quantum Cryptography (PQC) to protect transport layer security (TLS) communications. We align with the industry standard and will accept the ML-KEM based hybrid key exchange.

How it works

The Post Quantum Cryptography Client to Edge behavior, enabled by default, allows you to disable Post Quantum Cryptography (PQC) key exchanges Client to Edge. We recommend enabling PQC Client to Edge for enhanced security. You may disable PQC Client to Edge if you observe high latency or increased error rate on your clients.

  • To use Early Data, your certificate needs to have transport layer security (TLS) 1.3 enabled in its deployment settings.
  • Post Quantum Cryptography Client to Edge applies only to Enhanced TLS hostnames. Standard TLS hostnames in your property won't be affected by this change.
  • Only one instance of the behavior can exist in the same configuration with a last-match-win approach.
  • The behavior could be placed in the default rule or under a hostname or percentage of clients match.
  • PQC is not compatible with FIPS. If FIPS is enabled, then PQC will be disabled.
  • Currently the behavior is incompatible with the HTTP/3 behavior. We are working to change it in the future
  • The behavior is only available in secure configurations.

Updated about 24 hours ago