Unfortunately, SSL/TLS is also affected by the quantum threat.

Post-quantum security needs to be integrated in TLS 1.2 and 1.3. Several parties are already working on this.

One major vulnerability which is critical enough to take action for today are “store now and decrypt later” attacks. Encrypted data can be stolen via transmission or from storage. This enables the adversary to decrypt it once a fast enough quantum computer is available. This is why todays current encryption standards are not enough and more is necessary. Examples of encrypted data in transmission are: online banking, healthcare, e-commerce transactions, secured emails and more. Examples from storage is data stored on a hard drive or anything physical. SSL/TLS falls under the transmission category.

Regarding browsers, currently Chrome is taking action to upgrade to post-quantum secure SSL/TLS1. Although there is no consensus/standardisation across browsers yet. Firefox, Safari and web developers are still behind and currently they’re on “no signal” as of 5th of September 2023.

  1. ↩︎