苹果：为 TLS 中量子安全加密做好网络准备

苹果：为 TLS 中量子安全加密做好网络准备
Apple: Prepare your network for quantum-secure encryption in TLS

原始链接: https://support.apple.com/en-my/122756

在iOS 26、iPadOS 26、macOS Tahoe 26和visionOS 26中，Apple设备将在TLS 1.3连接中自动尝试使用X25519MLKEM768密钥交换算法协商量子安全加密（后量子加密）。这可以防止未来量子计算机解密记录的流量。这些设备的ClientHello消息将包含对X25519MLKEM768的支持。管理员可以使用macOS 16上的`nscurl --tls-diagnostics https://test.example`测试服务器支持情况。支持的服务器将返回协商的TLS版本、密钥交换组（X25519MLKEM768）和密码套件。不支持的服务器将使用其他兼容的组。由于ClientHello消息过大，设备可能会无法连接到具有错误TLS实现的旧版服务器。可以启用一个临时的兼容模式（在macOS Tahoe 26上使用`defaults write com.apple.network.tls AllowPQTLSFallback -bool true`或配置配置文件）来禁用量子安全加密广告并允许连接重试。此兼容模式将在未来的操作系统版本中移除。

This article is intended for enterprise and education network administrators.

In iOS 26, iPadOS 26, macOS Tahoe 26 and visionOS 26, TLS-protected connections will automatically advertise support for hybrid, quantum-secure key exchange in TLS 1.3. This allows negotiation of a quantum-secure key exchange algorithm with TLS 1.3 servers that support it, while helping to maintain compatibility with servers that do not yet support this new algorithm. Use of quantum-secure encryption, also called “post-quantum encryption”, is designed to prevent an attacker from recording TLS connection traffic and later using a future quantum computer to decrypt the contents.

The ClientHello message from iOS 26, iPadOS 26, macOS Tahoe 26 and visionOS 26 devices will include X25519MLKEM768 in the supported_groups extension (see the registry), along with a corresponding key share in the key_share extension. Servers can select X25519MLKEM768 if they support it, or use another group advertised in the ClientHello message.

Starting on macOS 16, you can check if your HTTPS server supports the X25519MLKEM768 key exchange algorithm using the following command:

nscurl --tls-diagnostics https://test.example

Servers that support quantum-secure encryption will return the following:

Negotiated TLS version (codepoint): 0x0304

Negotiated TLS key exchange group (name): X25519MLKEM768

Negotiated TLS ciphersuite (codepoint): 0x1302

Servers that do not support quantum-secure encryption will select other supported groups during the TLS handshake to allow iOS 26, iPadOS 26, macOS Tahoe 26 and visionOS 26 devices to connect.

Devices with iOS 26, iPadOS 26, macOS Tahoe 26 and visionOS 26 may fail to connect to some legacy servers due to an incorrect TLS implementation that fails to read large ClientHello messages. More information on this server issue is available here.

If you need to connect iOS 26, iPadOS 26, macOS Tahoe 26 and visionOS 26 to a server or network appliance affected by this issue prior to addressing it, you can temporarily enable a compatibility mode to allow connections to retry without advertising support for quantum-secure encryption. Note that this is a temporary compatibility mode that will not be available in a future version of iOS, iPadOS, macOS and visionOS.

Use the following command to enable this compatibility mode on macOS Tahoe 26:

defaults write com.apple.network.tls AllowPQTLSFallback -bool true

Configuration profiles to enable this compatibility mode on iOS 26, iPadOS 26, macOS Tahoe 26 and visionOS 26 using a device management service are available on the AppleSeed for IT Resources page.

Published Date: June 16, 2025

苹果：为 TLS 中量子安全加密做好网络准备 Apple: Prepare your network for quantum-secure encryption in TLS

苹果：为 TLS 中量子安全加密做好网络准备
Apple: Prepare your network for quantum-secure encryption in TLS