PQC support for TLS communication
NetBackup supports Post-Quantum Cryptography (PQC) for TLS 1.3 communication using the Open Quantum Safe (OQS) provider. While the OQS provider prepares you for a quantum-safe future, it is currently widely used in experimental and research environments.
Note:
It is recommended that you thoroughly assess all associated risks and ensure that the use of the OQS provider aligns with your organization's security policies and compliance requirements before enabling PQC in NetBackup.
PQC is supported for TLS 1.3 communication using hybrid KEMs. By default, NetBackup uses x25519_kyber768 TLS group.
NetBackup does not support PQC in FIPS mode.
NetBackup 11.0 or later hosts support PQC. Communication with NetBackup hosts earlier than 11.0 is in a traditional way.
In NetBackup 11.0, PQC is supported only for RHEL and Windows platforms.
PQC is currently supported for communication with the following NetBackup components:
Secure comms proxies (vnetd proxies)
Data In-Transit Encryption (DTE)
KMIP
cURL clients (libnbcurl, CRL downloader, ckms, cloud plugins, shelteredharbor)
MSDP (except deduplication to cloud communication)