Last 24 hours · Jul 07, 2026 00:09 – Jul 08, 2026 00:09 UTC Demonstration Mode (synthetic data) Generated: 2026-07-08 00:09:10 UTC

NIST PQC Compliance

Per NIST IR 8547. TLS handshakes whose negotiated key exchange provides no post-quantum protection — exposed to 'harvest now, decrypt later' attacks once a cryptographically relevant quantum computer is available. Source: <b>rockfish-tls-pqc</b> Suricata plugin, which parses the ClientHello supported_groups extension and the TLS 1.3 ServerHello key_share NamedGroup directly off the wire (data Suricata's stock TLS event log does not surface). <b>server_lagging</b> = client offered PQ but server picked classical (silent exposure); <b>client_lagging</b> = client never offered PQ at all; <b>partial</b> = only one side of the handshake observed (typical TLS 1.2).

Non-PQ TLS Handshakes 9 rows
Source Destination SNI TLS Chosen Group Exposure Handshakes
10.1.4.20 13.107.42.14 graph.microsoft.com TLS 1.3 X25519 server_lagging 2,417
10.1.7.51 104.18.32.7 api.cloudflare.com TLS 1.3 X25519 server_lagging 1,134
10.6.19.21 52.96.165.34 outlook.office365.com TLS 1.3 X25519 server_lagging 847
10.1.8.50 198.51.100.42 legacy-payroll.acme.io TLS 1.2 client_lagging 612
172.16.4.10 203.0.113.18 vpn.contractor.example TLS 1.2 client_lagging 489
10.1.12.203 44.226.122.5 api.legacy-saas.com TLS 1.2 partial 284
10.1.12.205 18.232.71.12 oauth.aging-provider.io TLS 1.3 secp256r1 server_lagging 213
10.169.112.51 162.247.74.27 metrics.thirdparty.io TLS 1.3 X25519 server_lagging 178
10.1.7.65 104.16.124.96 hooks.slack.com TLS 1.3 X25519 server_lagging 94