Mozilla Releases Firefox 135 with Post-Quantum Cryptography Enabled by Default

Mozilla has shipped Firefox 135 with ML-KEM (formerly known as Kyber) post-quantum key encapsulation enabled by default for all TLS 1.3 connections, making it the first major browser to fully complete the transition to quantum-resistant encryption for all users.

While Chrome and Edge have been experimenting with hybrid post-quantum key exchange since 2024, Firefox 135 is the first release to make it the default and sole key exchange mechanism, dropping support for classical-only ECDH key exchange in TLS 1.3 connections.

"This is a watershed moment for internet privacy," said Mozilla CTO Bobby Holley. "Every Firefox user is now protected against harvest-now-decrypt-later attacks, where adversaries collect encrypted traffic today to decrypt it once quantum computers become available."

The implementation uses the ML-KEM-768 parameter set combined with X25519 in a hybrid key exchange, ensuring that connections remain secure even if one of the two algorithms is found to be vulnerable. Performance testing shows less than 1ms additional latency per connection.

Google has announced plans to make similar changes default in Chrome 142, expected in Q2 2026. Apple's Safari team has not yet committed to a timeline for enabling post-quantum cryptography by default.