ImmuniWeb Launches a Tool to Test Post-Quantum Cryptography (PQC) in TLS

ImmuniWeb, a global leader in AI-powered cybersecurity, has announced the launch of the industry's first free online test to check for Post-Quantum Cryptography (PQC) readiness. The new tool allows for the instant verification of any website, API, or mail server for PQC support.

The Threat to Modern Cryptography

Most modern public-key cryptographic systems, such as RSA and ECC, are vulnerable to attacks from powerful quantum computers. Using Shor's algorithm, such computers will be able to break widely used encryption protocols, jeopardizing data security worldwide. While the creation of such quantum computers still requires time, many experts believe it is only a matter of a few years.

What is Post-Quantum Cryptography (PQC)

Post-Quantum Cryptography consists of cryptographic algorithms that are considered resistant to attacks from both classical and quantum computers. The U.S. National Institute of Standards and Technology (NIST) is in the final stages of standardizing several PQC algorithms. Among the finalists are CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for digital signatures. The implementation of these new standards will require significant effort and time from organizations worldwide.

A year ago, Gartner named Post-Quantum Cryptography (PQC) one of the top strategic technology trends for 2025 and urged organizations to begin the transition to PQC without further delay, citing insufficient vendor preparedness and a lack of organizational knowledge in PQC as major obstacles to a timely migration.

Gartner analysts emphasized that so-called "Harvest Now, Decrypt Later" attacks are already happening. A "Harvest Now, Decrypt Later" attack is a relatively new cyber threat where cybercriminals collect highly sensitive encrypted data that currently cannot be decrypted with modern technology, to quietly wait for the moment when quantum computing becomes widely available and capable of breaking the encryption.

Earlier this year, Forrester echoed Gartner's concerns about the lack of PQC readiness and the serious risks involved, estimating that current encryption will become vulnerable and be broken within 10 years, while stressing that this could happen much sooner. Cloudflare, for its part, published a report stating that in 2025, only 38% of the TLS traffic it manages will support some form of post-quantum (or quantum-resistant) encryption, though it noted the situation would be comparatively better in some European countries.

In response to the looming PQC threat, many governments, including the European Commission, the UK's National Cyber Security Centre, and the U.S. Department of Homeland Security, have issued guidelines and frameworks for PQC implementation.

How the New Test from ImmuniWeb Works

The new free tool from ImmuniWeb checks if the target server supports the TLS 1.3 protocol, which is a prerequisite for PQC. It then tests for compatibility with several hybrid key exchange mechanisms that combine the time-tested X25519 algorithm with new post-quantum algorithms, such as:

• X25519 + Kyber512
• X25519 + Kyber768
• X25519 + Kyber1024

This hybrid approach ensures robust protection and backward compatibility during the global transition to PQC.

Quantum computing will soon change the rules of the game in cybersecurity. Organizations that ignore this new threat risk facing catastrophic consequences. Our new free test is a contribution to raising awareness and helping to prepare for the future in advance. We urge companies to start planning their transition to PQC today to protect their data and assets

The test does not require registration, is available completely free of charge, and provides results within a minute. It is part of ImmuniWeb's free community tools, which are used daily by thousands of companies.