Safari / WebKit

Is PQC enabled? — quick check

Chrome / Edge / Brave (DevTools — fully local)

# 1) Open a TLS 1.3 site you trust (your own, or any HTTPS host).
# 2) Press F12 → Security tab → click the origin under "Main origin".
# 3) Read "Connection" — it lists the negotiated key exchange group by name.
#
# Capability flag (offline):  chrome://flags#enable-tls13-kyber
# (renamed enable-tls13-mlkem in Chrome 131+)

Expected when PQC is ON

Connection - protocol: TLS 1.3,
  key exchange group: X25519MLKEM768,
  cipher: AES_256_GCM

What you'll see when PQC is OFF

Connection - protocol: TLS 1.3,
  key exchange group: X25519,
  cipher: AES_256_GCM

DevTools reads the negotiated group from the live connection state in the renderer — no network call leaves the page. Firefox: about:config → security.tls.enable_kyber = true; Safari has no PQ in WebKit yet.

As of early 2026, Apple has not shipped X25519MLKEM768 in stable Safari. WebKit nightly experiments are tracked at bugzilla #270101.

What Apple has shipped

iMessage PQ3 (Feb 2024) — Kyber-1024 + ECDH P-256 hybrid for the messaging layer. Auto-enabled on iOS 17.4+, macOS 14.4+, watchOS 10.4+. See iMessage.
iCloud key agreement uses PQ ratchets in select services.

What's still classical in Safari

Web TLS 1.3 (HTTPS in Safari) — X25519 / P-256 / P-384 only.
WebTransport / QUIC — same, classical only.

Track progress

Watch the WebKit blog and bug 270101 for "post-quantum" / "ML-KEM" updates. Test Technology Preview builds when they pick up the change.

References

Run the check on your Safari →