Microsoft Edge

Is PQC enabled? — quick check

Chrome / Edge / Brave (DevTools — fully local)

# 1) Open a TLS 1.3 site you trust (your own, or any HTTPS host).
# 2) Press F12 → Security tab → click the origin under "Main origin".
# 3) Read "Connection" — it lists the negotiated key exchange group by name.
#
# Capability flag (offline):  chrome://flags#enable-tls13-kyber
# (renamed enable-tls13-mlkem in Chrome 131+)

Expected when PQC is ON

Connection - protocol: TLS 1.3,
  key exchange group: X25519MLKEM768,
  cipher: AES_256_GCM

What you'll see when PQC is OFF

Connection - protocol: TLS 1.3,
  key exchange group: X25519,
  cipher: AES_256_GCM

DevTools reads the negotiated group from the live connection state in the renderer — no network call leaves the page. Firefox: about:config → security.tls.enable_kyber = true; Safari has no PQ in WebKit yet.

Edge is built on Chromium and inherits its TLS stack. Hybrid post-quantum key agreement (X25519MLKEM768) shipped enabled-by-default in Edge 124 (April 2024) and remained on by default through every subsequent stable channel.

Verify in the browser

Open edge://flags/#enable-tls13-kyber (or post-Kyber rename: #enable-tls13-mlkem) and confirm it is Default or Enabled.
Visit checkpqc.app — verdict should read HYBRID_ENABLED.

Enterprise policy

HKLM\Software\Policies\Microsoft\Edge
  PostQuantumKeyAgreementEnabled = 1

Available via Group Policy (Edge → Post-quantum key agreement enabled). Set to 1 to keep PQC on, 0 only if a broken middlebox forces a temporary rollback.

Edge for Business / kiosk

Same code path. The msedge.exe --ssl-key-log-file=... debug switch lets you decode handshakes in Wireshark to confirm NamedGroup: X25519MLKEM768.

References

Run the check on your Edge →