Amazon Web Services (AWS) has deployed the latest hybrid post-quantum key agreement standards for TLS for 23 AWS services. AWS Key Management Service (AWS KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager endpoints now support the lattice-based Key Encapsulation Mechanism (ML-KEM) for hybrid post-quantum key agreements in non-FIPS endpoints across all AWS regions. The AWS Secrets Manager Agent, built on the AWS SDK for Rust, now provides optimal support for hybrid post-quantum key agreement. This allows customers to use end-to-end post-quantum–enabled TLS when bringing data into their applications.
These three services were selected because they are security-critical and require the highest level of post-quantum confidentiality. They previously supported Crystals Kyber, which ML-KEM now replaces. Crystals Kyber will continue until 2025, but will be removed from all AWS service endpoints in 2026 as ML-KEM becomes the standard.
Our Migration to Post-Quantum Cryptography
AWS is following its post-quantum cryptographic migration plan as part of this. AWS will add MLKM support to all services with HTTPS endpoints over the next few years. Customers need to update their TLS clients and SDKs to use ML-KEM when connecting to AWS HTTPS endpoints. This helps protect against future threats from quantum computing. AWS endpoints will select ME, ML-KEM when clients offer it.
Our hybrid pAWS can negotiate hybrid post-quantum key-agreement algorithms thanks to AWS LibCrypto and AWS LC. Our open-source FIPS 143-validated cryptographic library and S2N TLS, our open-source TLS implementation. AWS LC has received several FIPS certificates from NIST: 434631, 4759, and 4816, and was the first open-source cryptographic module to include MLKM in a FIPS 140-3 validation.
ML-KEM on TLS Performance
Migrating from an elliptic curve Diffie-Hellman (ECDH) only key agreement to an ECDH plus ML-KEM hybrid key agreement necessarily requires that the TLS handshake send more data and perform more cryptographic operations. Switching from a classical to a hybrid post-quantum key agreement will transfer approximately 1,600 additional bytes during the TLS handshake and will require approximately 80 to 150 microseconds more compute time to perform ML-KEM cryptographic operations. This is a one-time TLS connection startup cost or amortized over the lifetime of the TLS connection across the HTTP requests sent over it.
AWS is working to provide a smooth migration to hybrid post-quantum key agreement for TLS. This work includes benchmarking example workloads to help customers understand the impact of enabling hybrid post-quantum key agreements with ML-KEM.
Using the AWS SDK for Java v2, AWS measured how many AWS KMS GenerateDataKey requests per second a single thread can send between an Amazon EC2 C6i bare metal client and the public AWS KMS endpoint, both in the US West 2 region. Classical TLS connections used the P-256 elliptic curve, while hybrid post-quantum TLS connections used the X25519 elliptic curve with ML-KEM-768. Your results may vary depending on your environment, including instance type, workload, parallelism, number of threads, and network setup. The tests measured HTTP request rates with TLS connection reuse enabled and disabled. The handshake is never amortized, and every HTTP request must perform a full TLS handshake. Enabling hybrid post-quantum TLS reduces transactions per second (TPS) by about 2.3%, from 108.7 TPS to 106.2 TPS.
Results show that enabling post-quantum TLS has little impact on performance. For most workloads, the maximum DPS rates dropped by just 0.05%. In the worst case, with each request creating a new TLS handshake, the drop was only 2.3%.
Removing Support for Draft Post Quantum Standards
AWS Service Endpoints that currently support Crystals Kyber, the predecessor to ML-KEM, will continue to support it through 2025. AWS will gradually phase out Crystals Kyber after customers switch to ML-KEM. If you are using an AWS SDK for Java version that only supports Crystals Kyber, upgrade to the latest version with ML-KEM support. If your code uses a recent AWS SDK for Java V2 release, no changes are needed for the transition from Crystals Kyber to ML-KEM.
Customers whose clients currently use Crystals Kyber must upgrade their AWS Java SDK v2 to a version that supports ML-KEM before 2026, as Crystals Kyber will be removed in 2026. Clients that have not updated will automatically revert to using classical key agreements to maintain connectivity but will lose post-quantum confidentiality.
How to use Hybrid Post Quantum Key Agreement
To enable hybrid post-quantum key agreement in the AWS SDK for Rust, add rustls to your crate and activate the prefer-hybrid-post-quantum feature flag.
For AWS SDK for Java 2.x, enable hybrid postquantum key agreement by calling .postquantumtlsenabled(true) when building the AWS common runtime HTTP client.
Step 1: Add the AWS Common Runtime HTTP client to your Java dependencies
Add the latest AWS Common Runtime HTTP Client to your Maven dependencies. Use version 2.30.22 or higher for ML-KEM support.
Step 2: Enable Post-Quantum TRS in your Java SDK client configuration
Select AWSCRTAsyncHTTPClient in your AWS Client setup. Enable post-Quantum TLS.
Things to Try
Here are a few ways you can use this client with Post-Quantum support:
- Run, Load, Tests, and Benchmarks: AWSCRTAsyncHTTPClient is high-performing and uses AWS LibCrypto on Linux. If you are new to it, compare its performance to the default SDK client. Afterward, enable Post Quantum TLS and check whether it outperforms the default client without it.
- Test connections from various locations: Requests may be made via proxies or firewalls that use Deep Packet Inspection (DPI). If blocked, ask your security team to update rules for these TLS algorithms. Share feedback on how your network handles this traffic.
Conclusion: We’ve added ML-KM Hybrid Key Agreement to 3 AWS Endpoints with TLS connection reuse, enabling hybrid post-quantum TLS, with minimal impact on performance in our tests. We saw only a 0.05% drop in the maximum transactions per second when using AWS KMS-generated data key.
Source: ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager
