ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager

Security Blog

AWS has announced support for ML-KEM post-quantum key agreement in three critical security services: AWS Key Management Service (AWS KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager.

ML-KEM is a new hybrid post-quantum key agreement standard for TLS
Support is currently available in non-FIPS endpoints across all AWS regions
Performance impact is minimal, with only a 0.05% decrease in transactions per second
CRYSTALS-Kyber (the predecessor) will be supported through 2025
AWS plans to deploy ML-KEM support to all HTTPS endpoints in coming years

Customers can enable post-quantum TLS in AWS SDK for Java by calling `.postQuantumTlsEnabled(true)` when configuring their HTTP client, protecting against future quantum computing threats.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Apr 14
2026

AWS Secrets Manager now supports hybrid post-quantum TLS to protect secrets from quantum threats

Jun 13
2025

AWS KMS adds support for post-quantum ML-DSA digital signatures

Nov 21
2025

AWS Application and Network Load Balancers Now Support Post-Quantum Key Exchange for TLS

May 21
2025

AWS Transfer Family announces ML-KEM quantum-resistant key exchange for SFTP

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager

Related articles