Our Blog

AWS Application and Network Load Balancers Now Support Post-Quantum Key Exchange for TLS

Published
November 21, 2025
https://aws.amazon.com/about-aws/whats-new/2025/11/network-load-balancers-post-quantum-key-exchange-tls/

AWS Load Balancers Support Post-Quantum Key Exchange for TLS

AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) now support post-quantum key exchange options for the Transport Layer Security (TLS) protocol. This feature introduces new TLS security policies with hybrid post-quantum key agreement, combining classical key exchange algorithms with post-quantum key encapsulation methods, including the standardized Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) algorithm.

Post-quantum TLS (PQ-TLS) security policies protect your data in transit against potential "Harvest Now, Decrypt Later" (HNDL) attacks, ensuring long-term security for your applications and data transmissions.

What to do

  • Update existing ALB HTTPS listeners or NLB TLS listeners to use a PQ-TLS security policy.
  • Select a PQ-TLS policy when creating new listeners through the AWS Management Console, CLI, API, or SDK.
  • Monitor the use of classical or quantum-safe key exchange using ALB connection logs or NLB access logs.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/11/aws-security-incident-response-agentic-ai-powered-investigation

AWS Security Incident Response now provides agentic AI-powered investigation

AWS Security Incident Response now provides agentic AI-powered investigation capabilities to help you prepare for, respond to, and recover from security events faster and more effectively
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-connect-threaded-views-conversation-history/

Amazon Connect now supports threaded views and includes conversation history in agent replies

Amazon Connect now includes the conversation history in agent replies and introduces threaded views of email exchanges, making it easier for both agents and customers to maintain context and continuity across interactions
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-bedrock-data-automation-support-enhancing-transcription/

Amazon Bedrock Data Automation now provides support for enhancing transcriptions

Amazon Bedrock Data Automation (BDA) now supports enhanced transcription output for audio files by providing the option to distinguish between various speakers and separately process audio from each channel
Read more
View all