You can enable post-quantum cryptography (PQC) for encrypted network tunnels, providing resistance against attacks from quantum computers.
Note
-
Post Quantum Cryptography can be enabled only when setting up a new CommCell environment. It cannot be enabled on an existing CommCell environment in which the CommServe computer is already installed.
-
Post-quantum cryptography is supported for CommCell environments using CPR 2024E (11.36) or later.
-
For CPR 2024E (11.36), post-quantum cryptography is supported only for all-in-one setups (that is, the CommServe server, the Web Server, and the Command Center must all reside on the same computer).
-
For Innovation Release 11.38 and later releases, post-quantum cryptography is supported for all setups.
-
Post-quantum cryptography does not work in multi-CommCell environments.
Before You Begin
On Windows computers only, do the following:
-
Set the registries MaxRequestBytes and MaxFieldLength (DWORDS) at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters to a value of 30720 in hexadecimal (30 KB).
-
Reboot the computer.
Procedure
-
Install the CommServe computer.
-
On all computers in which PQC needs to be enabled, set the following registries under Session:
Note
You can either set the keys at the individual server level, or create a server group and then set the keys at the server group level.
-
Keyname = sPostQuantumCerts Value = dilithium3
-
Keyname = sPostQuantumKEM Value = kyber1024
-
-
Restart services on the CommServe computer. This will auto-renew the certificate authority (CA) and generate a new CommServe computer client certificate.
-
While installing clients, ensure the Enable PQC mode in CommServe checkbox is selected.