You can enable post-quantum cryptography (PQC) for encrypted network tunnels, providing resistance against attacks from quantum computers.
Note
-
Post-quantum cryptography is supported for CommCell environments using CPR 2024E (11.36) or later.
-
For CPR 2024E (11.36), post-quantum cryptography is supported only for all-in-one setups (that is, the CommServe server, the Web Server, and the Command Center must all reside on the same computer).
-
For Innovation Release 11.38 and later releases, post-quantum cryptography is supported for all setups.
Before You Begin
On Windows computers only, do the following:
-
Set the registries MaxRequestBytes and MaxFieldLength (DWORDS) at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters to a value of 30720 (30 KB).
-
Reboot the computer.
Procedure
-
On all computers in which PQC needs to be enabled, set the following registries under Session:
Note
You can either set the keys at the individual server level, or create a server group and then set the keys at the server group level.
-
Keyname = sPostQuantumCerts Value = dilithium3
-
Keyname = sPostQuantumKEM Value = kyber1024
-
-
Restart services on the CommServe computer. This will auto-renew the certificate authority (CA) and generate a new CommServe server client certificate.
-
Restart client services, and then verify certificates are generated on the computer signed by the new CA.