Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Chrome 124 and Edge 124 can’t handle TLS connections due to quantum-resistant encryption key
In fact, the problem is not the browser, but the web server
3 min. read
Updated onJuly 23, 2024
updated onJuly 23, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Chrome’s latest version, 124, comes with a new, quantum-resistant encryption mechanism known as X25519Kyber768. This feature, designed to protect against future quantum computer attacks, might be a double-edged sword, causing more immediate connectivity issues than it aims to prevent.
An admin posted this issue onReddit, pointing to the TLS 1.3 Hybridized Kyber Support:
Apparently Chrome 124 changed a setting “TLS 1.3 Hybridized Kyber Support” from disabled to enabled as the default. This appears to break the TLS handshake for servers that do not know what to do with the extra data in the client hello message.
If you mysteriously have a broken web application and the server is sending a reset directly after the client hello, try turning this setting off. In our testing IE mode works as well, probably because this extra data is not transmitted in IE mode while it is in normal Edge.
Later in the thread, another user confirmed that he has the same problem on Edge version 124.
Why do we need TLS key encapsulation in Chrome and Edge?
Google embarked on this quantum-resistant journey back in August, testing waters with a post-quantum secure TLS key encapsulation mechanism. Fast forward to now, and it’s astandard feature in Chrome 124, aiming to shield users from potentialstore now, decrypt laterattacks. This type of attack is where bad actors collect encrypted data with the hope of decrypting it in the future when quantum computing or new decryption methods become available. The idea is to future-proof our digital communications against quantum cryptanalysis, a noble goal, indeed.
However, as with any major technological shift, there are growing pains. System administrators from various corners of the digital world have reported dropped connections post-update, a problem stemming not from a bug in Chrome, but from web servers that can’t handle the new, larger ClientHello messages required for post-quantum cryptography. This issue isn’t isolated to obscure parts of the internet; it affects a wide range of devices and services, including those from big names like Fortinet, SonicWall, Palo Alto Networks, and AWS.
The solution is a bit of a patchwork for now. Users experiencing these connectivity issues can disable the TLS 1.3 hybridized Kyber support in Chrome via thechrome://flags/#enable-tls13-kyberflag. System administrators, on the other hand, are encouraged to reach out to their vendors for updates to make their servers and network devices post-quantum-ready. Microsoft Edge users, facing similar troubles, have been given guidance on controlling this feature through Edge group policies.
It’s clear that the road to quantum-resistant encryption is a bumpy one, with immediate challenges overshadowing long-term benefits. Google has hinted at a future where disabling this feature won’t be an option. And let’s face it, security in the digital world is a race around the clock to counter present and even future attacks.
We’ve heard about this story fromBleeping Computer. If you encountered this issue yourself and have a better solution, share it with other readers in the comments below.
More about the topics:Chrome,microsoft edge,security
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft.
His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school.
With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, with 14 years of experience in writing on everything there is to know about science, technology, and Microsoft
