A cross-platform CLI tool to test TLS/HTTPS servers for quantum-secure encryption support, specifically the X25519MLKEM768 key exchange algorithm introduced in Apple's latest operating systems.
Based on Apple's quantum-secure encryption specifications from iOS 26, iPadOS 26, macOS Tahoe 26 and visionOS 26, this tool tests whether HTTPS servers support hybrid, quantum-secure key exchange algorithms that are designed to protect against future quantum computer attacks.
- β Cross-platform: Works on Windows, macOS, and Linux
- π TLS Analysis: Detailed analysis of TLS connections and cipher suites
- π‘οΈ Quantum Security Detection: Tests for X25519MLKEM768 key exchange support
- π¨ Colorized Output: Easy-to-read results with color coding
- π JSON Output: Machine-readable output format
- β‘ Async Operations: Fast, non-blocking network operations
- π Configurable Timeouts: Customizable connection timeouts
Download the latest release for your platform from GitHub Releases:
- Download
pqreadyfrom the releases page - Open Terminal and navigate to your Downloads folder
- Remove quarantine and run/install:
# Remove macOS quarantine (required for unsigned binaries)
chmod +x pqready
xattr -d com.apple.quarantine pqready
./pqready example.com
# optional
sudo mv pqready /usr/local/bin/pqready- Download
pqreadyfrom the releases page - Open a terminal and navigate to your downloads folder
- Make executable and run/install:
# install
chmod +x pqready
./pqready example.com
# optional
sudo mv pqready /usr/local/bin/Download pqready.exe from the releases page and (OPTIONAL) add it to your PATH.
cargo install pqready- Rust 1.70 or later
- Cargo package manager
git clone https://github.com/degan/pqready.git
cd pqready
# Using Make (recommended)
make release
# Or using Cargo directly
cargo build --releaseThe binary will be available at target/release/pqready (or target/release/pqready.exe on Windows).
# Test a single URL
pqready https://example.com
# Test with verbose output
pqready -v https://example.com
# Test with JSON output
pqready -j https://example.com
# Test with custom timeout
pqready -t 30 https://example.compqready [OPTIONS] <URL>
Arguments:
<URL> The HTTPS URL to test
Options:
-v, --verbose Enable verbose output
-j, --json Output results in JSON format
-t, --timeout <SECONDS> Connection timeout in seconds [default: 10]
-r, --regular Use regular high-level TLS analysis (limited quantum detection)
-c, --conservative Use conservative ClientHello (for servers that reject unknown groups)
-n, --no-color Disable color and emoji output
-h, --help Print help
-V, --version Print version
$ pqready https://google.com
π Quantum Security Test Results vX.X.X
URL: https://google.com
Quantum-secure encryption: β
SUPPORTED$ pqready -v https://example.com
π Quantum Security Scanner
Testing: https://example.com
Timeout: 10s
π¬ Starting DEEP quantum security analysis
π Connecting to example.com:443
π‘ Resolved to: 96.7.128.198:443
π€ TCP connection established
π¬ Starting low-level TLS handshake analysis
π€ Sending ClientHello with quantum-secure groups
π ClientHello details:
β’ Total size: 157 bytes
β’ Hostname: example.com
β’ Client offering groups: X25519+ML-KEM-768 (0x11ec), X25519+Kyber768-Draft00 (0x6399), X25519 (0x001d)
β
ClientHello sent successfully
π₯ Reading server response...
π¦ Received 2690 bytes from server
π€ Handshake message: type=02, length=86
π ServerHello version: 0303
π Selected cipher suite: 1302
ποΈ Server selected group: 001d (key length: 32)
π‘οΈ No quantum-secure encryption detected
π§ Using classical key exchange: 001d
π¬ Deep analysis complete!
π Quantum Security Test Results v0.X.X
URL: https://example.com
Quantum-secure encryption: β NOT SUPPORTED
TLS Version: TLS 1.3
Cipher Suite: TLS_AES_256_GCM_SHA384
Key Exchange: X25519 (Classical)
β
Deep Analysis Mode:
β’ Low-level TLS handshake inspection performed
β’ Actual key exchange algorithms detected from handshake messages
β’ Results show true negotiated algorithms, not library interpretations$ pqready -j https://example.com
{
"version": "X.X.X",
"url": "https://example.com/",
"supports_quantum": false,
"tls_version": "TLS 1.3",
"cipher_suite": "TLS_AES_256_GCM_SHA384",
"key_exchange": "X25519 (Classical)",
"error": null
}# Download pqready.exe and run from command prompt
C:\Downloads> pqready.exe example.com
π Quantum Security Test Results vX.X.X
URL: https://example.com/
Quantum-secure encryption: β NOT SUPPORTEDThis tool tests for the X25519MLKEM768 key exchange algorithm, which is a hybrid approach combining:
- X25519: Classical elliptic curve Diffie-Hellman
- ML-KEM-768: Post-quantum key encapsulation mechanism
This hybrid approach provides:
- Current security: Protection against classical computers
- Future security: Protection against quantum computers
- Compatibility: Fallback to classical algorithms when quantum-secure ones aren't supported
- Windows: Windows 10 and later
- macOS: macOS 10.15 and later
- Linux: Most modern distributions
- Currently, most servers do not support
X25519MLKEM768 - The quantum-secure algorithms are still being deployed across the internet
- This tool provides a foundation that will become more useful as server adoption increases
# Show all available commands
make help
# Build debug version
make build
# Build release version
make release
# Run with example
make run
# Run demo with multiple URLs
make demo
# Development workflow (format + lint + test + build)
make dev
# Clean build artifacts
make clean- build - Build debug version
- release - Build optimized release version
- install - Install binary to system
- test - Run tests
- run - Run with example URL
- run-verbose - Run with verbose output
- run-json - Run with JSON output
- demo - Run demo with multiple URLs
- dev - Development workflow (fmt + clippy + test + build)
- clean - Clean build artifacts
- help - Show all available commands
# Building
cargo build # Debug build
cargo build --release # Release build
# Testing
cargo test
# Running
cargo run -- https://example.com -v
# Code quality
cargo clippy # Linting
cargo fmt # FormattingFollow this workflow to create a new release:
# Update version in Cargo.toml
# Example: version = "0.1.1" or "0.2.0"
# Update CHANGELOG.md with new version and proper date
## [0.1.1] - 2025-01-15
### Added
- New feature descriptions
### Fixed
- Bug fix descriptions
### Changed
- Breaking change descriptions (for major versions)make dev git add -A
git commit -m "Bump version to 0.1.1"
git pushgit tag v0.1.1
git push origin v0.1.1When you push the tag, GitHub Actions will automatically:
- β Build binaries for Windows, macOS, and Linux
- β Create GitHub release with binaries attached
- β Use CHANGELOG content as release notes
- β Run all CI checks
# Test publish without actually doing it
make publish-check
# Actually publish to crates.io
make publishFollow Semantic Versioning:
- Patch (0.1.1): Bug fixes, no breaking changes
- Minor (0.2.0): New features, no breaking changes
- Major (1.0.0): Breaking changes
Your Makefile includes these publishing commands:
make publish-check- Dry run publish check (requires clean git)make publish- Full publish workflow with CI checks and user confirmationmake publish-check-dirty- Development version allowing uncommitted changesmake publish-dirty- Development publish allowing uncommitted changes
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- Apple Support: Prepare your network for quantum-secure encryption in TLS
- NIST Post-Quantum Cryptography Standards
- RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3
- Cloudflare Research: Post-Quantum Key Agreement
- Apple Inc. for the quantum-secure encryption specifications, even though as of first release apple.com does not appear to support.
- The post-quantum cryptography research community
- Batch URLs from file