Enabling Post-Quantum Cryptography

You can enable post-quantum cryptography (PQC) for encrypted network tunnels, providing resistance against attacks from quantum computers.

Note

  • Post-quantum cryptography is supported for CommCell environments using CPR 2024E (11.36) or later.

  • For CPR 2024E (11.36), post-quantum cryptography is supported only for all-in-one setups (that is, the CommServe server, the Web Server, and the Command Center must all reside on the same computer).

  • For Innovation Release 11.38 and later releases, post-quantum cryptography is supported for all setups.

Before You Begin

On Windows computers only, do the following:

  1. Set the registries MaxRequestBytes and MaxFieldLength (DWORDS) at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters to a value of 30720 (30 KB).

  2. Reboot the computer.

Procedure

  1. On all computers in which PQC needs to be enabled, set the following registries under Session:

    Note

    You can either set the keys at the individual server level, or create a server group and then set the keys at the server group level.

    • Keyname = sPostQuantumCerts Value = dilithium3

    • Keyname = sPostQuantumKEM Value = kyber1024

  2. Restart services on the CommServe computer. This will auto-renew the certificate authority (CA) and generate a new CommServe server client certificate.

  3. Restart client services, and then verify certificates are generated on the computer signed by the new CA.

Loading...