Codebase Browser
chromium
Go to App

chromium/components/policy/resources/templates/policy_definitions/Miscellaneous/PostQuantumKeyAgreementEnabled.yaml 

caption: Enable post-quantum key agreement for TLS
default: null
desc: |-
  This policy configures whether <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will offer Kyber, a post-quantum key agreement algorithm, in TLS. This allows supporting servers to protect user traffic from being later decrypted by quantum computers.

  If this policy is Enabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will offer Kyber in TLS connections. TLS connections will be protected with Kyber key agreement when communicating with compatible servers that select Kyber during the TLS handshake.

  If this policy is Disabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will not offer Kyber in TLS connections. User traffic will then be unprotected from quantum computers.

  If this policy is not set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will follow the default rollout process for offering Kyber.

  Offering Kyber is backwards-compatible. Existing TLS servers and networking middleware are expected to ignore the new option and continue selecting previous options.

  However, devices that do not correctly implement TLS may malfunction when offered the new option. For example, they may disconnect in response to unrecognized options or the resulting larger messages. Such devices are not post-quantum-ready and will interfere with an enterprise's post-quantum transition. If encountered, administrators should contact the vendor for a fix.

  This policy is a temporary measure and will be removed in future versions of <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. It may be Enabled to allow you to test for issues, and may be Disabled while issues are being resolved.

example_value: true
features:
  dynamic_refresh: true
  per_profile: false
future_on:
- fuchsia
items:
- caption: Use Default Value for Kyber post-quantum key agreement for TLS
  value: null
- caption: Enable Kyber post-quantum key agreement for TLS
  value: true
- caption: Disable Kyber post-quantum key agreement for TLS
  value: false
owners:
- file://crypto/OWNERS
- [email protected]
schema:
  type: boolean
supported_on:
- chrome.*:116-
- chrome_os:116-
- android:116-
tags:
- system-security
type: main