Connection Security Details

Below are the cryptographic details of your connection to this website.

Current Encryption Information

  • Secure Connection: Yes (HTTPS) 🔐
    Secure but using traditional cryptography.
  • HTTP Version: HTTP/2.0
    The HTTP protocol version used (e.g., HTTP/3 for QUIC, HTTP/2 for TCP).
  • TLS Protocol Version: TLSv1.3
    The version of the TLS protocol used to secure your connection (e.g., TLSv1.3).
  • Cipher Suite: TLS_CHACHA20_POLY1305_SHA256
    The encryption algorithms used to protect your data (e.g., TLS_CHACHA20_POLY1305_SHA256).
  • Elliptic Curve: X25519 🔑
    Secure traditional elliptic curve.
  • Session Reused: No
    Whether your connection reused a previous TLS session for efficiency.
  • ALPN Protocol: h2
    The application-layer protocol negotiated, such as HTTP/2 or HTTP/1.1.
  • Server Name (SNI): cryptoagility.cloud
    The server name you requested via Server Name Indication (SNI).

Client Certificate (if applicable)

These details apply only if mutual TLS (mTLS) is used, requiring a client certificate. Current status: mTLS not enabled.

  • Certificate Verification: NONE
    Status of client certificate verification (e.g., SUCCESS, NONE, or FAILED).
  • Subject DN:
    The Distinguished Name of the certificate holder.
  • Issuer DN:
    The Distinguished Name of the Certificate Authority that issued the certificate.
  • Certificate Serial Number:
    The unique serial number of the client certificate.
  • Certificate Validity Start:
    When the client certificate became valid.
  • Certificate Validity End:
    When the client certificate expires.
  • Days Until Expiration:
    Number of days until the client certificate expires.

Quantum Readiness Test

Would you like to test the quantum readiness of your browser? This involves installing an experimental Post-Quantum (PQ) root certificate to validate a demo site using ML-DSA signatures.

Status: Your connection uses traditional cryptography. Install the PQ root to test.

Installation Notes (Experimental)

After downloading ca-root.crt:

  • Windows: Double-click → Install Certificate → Local Machine → Trusted Root Certification Authorities.
  • macOS: Keychain Access → Import → System → Always Trust.
  • Linux: sudo cp ca-root.crt /usr/local/share/ca-certificates/ && sudo update-ca-certificates.

Restart your browser. Note: ML-DSA support may require browser flags (e.g., Chrome: chrome://flags/#enable-experimental-webassembly-features).

Common Issue: Certificate Error After Install?

Even after installing the root, browsers like Chrome may show an error like "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" because ML-DSA signature support is experimental (expected in late 2026 via flags). This is normal for testing.

Example Chrome error: This site can't provide a secure connection (ERR_SSL_VERSION_OR_CIPHER_MISMATCH)
Example error in Chrome if PQ signature support is not enabled. (Screenshot from October 19, 2025)

Troubleshooting:

  • Ensure root is in Trusted Root Certification Authorities (certmgr.msc).
  • Enable Chrome flags: chrome://flags/#enable-experimental-web-platform-features (restart required).
  • Test with Firefox (better early PQ support) or curl: curl -k -v https://pqc-demo.cryptoagility.cloud.
  • If persistent, the browser lacks ML-DSA decoding—update to latest Chrome (v142+ as of 1 Nov 2025).