In March 2025, the IETF Transport Layer Security (TLS) Working Group adopted draft-ietf-tls-ecdhe-mlkem as a working group document, formalizing three hybrid post-quantum key agreement mechanisms for TLS 1.3. The draft defines X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024, each combining the Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM) standardized in NIST FIPS 203 with an elliptic curve Diffie-Hellman (ECDHE) exchange.
Originally submitted as an individual draft by Kris Kwiatkowski of PQShield, Panos Kampanakis of AWS, Bas Westerbaan of Cloudflare, and Douglas Stebila of the University of Waterloo, the document builds on the hybrid key exchange framework in draft-ietf-tls-hybrid-design. X25519MLKEM768 supersedes the earlier X25519Kyber768Draft00, which had been widely deployed in web browsers during 2024 before NIST finalized the ML-KEM standard.
Both constructions are designed to provide a FIPS-approved key establishment scheme. Adoption by the TLS Working Group marks a formal step toward standardizing post-quantum hybrid key exchange in the protocol that secures the majority of encrypted web traffic.