May 1, 2024 The latest update to Google Chrome, version 124, which integrates a new quantum-resistant encryption mechanism, has led to significant connection issues for some users. This new feature, the X25519Kyber768 encapsulation mechanism, is designed to enhance security against potential future quantum cryptanalysis but has inadvertently disrupted TLS (Transport Layer Security) connections for numerous websites, servers, and firewalls.
Google had been testing this post-quantum secure TLS key encapsulation mechanism since August and decided to enable it by default in the latest Chrome release. The update aims to protect users from “store now, decrypt later” attacks, where attackers store encrypted data to decrypt it later with more advanced technology, potentially including quantum computers.
However, this update has led to compatibility issues across the web. System administrators have reported that since the release of Chrome 124 and Microsoft Edge 124, some web applications, firewalls, and servers have been dropping connections during the ClientHello TLS handshake. This problem stems from servers not recognizing the additional data in the ClientHello message used for post-quantum cryptography, leading them to reject connections that use the Kyber768 quantum-resistant key agreement algorithm.
These issues have affected various network devices from multiple vendors, including Fortinet, SonicWall, Palo Alto Networks, and AWS, indicating a widespread impact across different platforms. As a result, a website called tldr.fail has been created to help developers understand how large post-quantum ClientHello messages can break connections and provide guidance on how to address these issues.
For users experiencing connection resets, Google has provided a temporary fix. Affected users can disable the TLS 1.3 hybridized Kyber support in Chrome by navigating to `chrome://flags/#enable-tls13-kyber`. Administrators can also disable this feature by toggling off the PostQuantumKeyAgreementEnabled enterprise policy under their software policies for Google Chrome or by contacting vendors for updates to make servers or middleboxes post-quantum-ready.
Despite these challenges, the move towards post-quantum cryptography is seen as crucial for future-proofing internet security against emerging threats. Google has indicated that the option to disable post-quantum secure ciphers will be removed in future Chrome versions, highlighting the importance of transitioning to these new security standards.
