# Enable Post-Quantum Cryptography  Support (Early Access)

## Post-Quantum Cryptography (PQC) Support

**Status:** **Early Availability (EA)**

CloudGuard WAF now introduces support for Post-Quantum Cryptography (PQC) to protect your web traffic against future quantum decryption threats. We currently support hybrid quantum-safe key exchange methods (e.g., X25519MLKEM768) over TLS 1.3.

#### Getting Access

To participate in the EA program and obtain a PQC-supported WAF version, please **contact your Check Point representative**.

#### Validation

To verify that PQC is correctly configured, use `openssl` to force a connection using the specific PQC group.

Run the following command (replace `<WAF_IP>` with your instance IP):

```bash
openssl s_client -groups X25519MLKEM768 -connect <WAF_IP>:443 < /dev/null 2>&1 | grep "TLS1.3 group"
```

**Expected Output:**

```
Negotiated TLS1.3 group: X25519MLKEM768
```