Enable Post-Quantum Cryptography Support (Early Access)

Post-Quantum Cryptography (PQC) Support

Status: Early Availability (EA)

CloudGuard WAF now introduces support for Post-Quantum Cryptography (PQC) to protect your web traffic against future quantum decryption threats. We currently support hybrid quantum-safe key exchange methods (e.g., X25519MLKEM768) over TLS 1.3.

Getting Access

To participate in the EA program and obtain a PQC-supported WAF version, please contact your Check Point representative.

Validation

To verify that PQC is correctly configured, use openssl to force a connection using the specific PQC group.

Run the following command (replace <WAF_IP> with your instance IP):

openssl s_client -groups X25519MLKEM768 -connect <WAF_IP>:443 < /dev/null 2>&1 | grep "TLS1.3 group"

Expected Output:

Negotiated TLS1.3 group: X25519MLKEM768

PreviousEnable Mutual TLS (mTLS) Authentication in Gateway / Virtual Machine and Single Docker NextWAF Gateway / Virtual Machine

Last updated 20 days ago

Was this helpful?

hashtagPost-Quantum Cryptography (PQC) Support

hashtagGetting Access

hashtagValidation

Post-Quantum Cryptography (PQC) Support

Getting Access

Validation