Cryptographic Protocol Coverage

Complete reference of every protocol, cipher suite, and algorithm detected by TYCHON PQC Scanner

Customer-facing reference — detection methods, PQC readiness assessment, and NDJSON event mappings

Coverage at a Glance

16
Protocol Families
100+
TLS Cipher Suites Probed
18
TLS/SSH Key Exchange Groups
35+
PQC/Hybrid Key Exchange Groups Detected
20+
NDJSON Event Datasets
30+
VPN Client Signatures
PQC Readiness terminology used throughout this document: safe Symmetric AES — resistant to Grover's algorithm at current key sizes  |  transitional Classical asymmetric — vulnerable to future Shor's algorithm, plan migration  |  vulnerable Broken or banned algorithm — migrate immediately  |  critical No encryption or SMBv1 — unacceptable posture

Table of Contents

Network Protocols

Host Crypto

Quick Reference

TLS — Transport Layer Security (all versions)
All Platforms Active network probe STARTTLS tychon.cipher tychon.cipher_quick

The scanner performs a full TLS handshake against each target port, offering all known cipher suites and collecting the server's negotiated cipher, protocol version, certificate chain, and key exchange group. A fast-path probe (-cipherscanquick) collects the single negotiated suite without full enumeration.

TLS / SSL Versions Probed
VersionStatusPQC ReadinessNotes
TLS 1.3RecommendedtransitionalOnly AEAD cipher suites; forward secrecy mandatory; supports PQC/hybrid key exchange groups
TLS 1.2AcceptabletransitionalECDHE/DHE suites with AEAD are acceptable; RSA key exchange and CBC are flagged
TLS 1.1DeprecatedvulnerableRFC 8996 deprecated; no AEAD; SHA-1 MACs common
TLS 1.0DeprecatedvulnerableRFC 8996 deprecated; BEAST/POODLE applicable; disable immediately
SSLv3BrokenvulnerablePOODLE attack; RFC 7568 prohibited; any server supporting SSLv3 is flagged critical
DTLS 1.2AcceptabletransitionalUDP-based TLS for VoIP, gaming, IoT; same cipher suite coverage as TLS 1.2
TLS 1.3 Cipher Suites (5 suites)
Suite NameIANA IDEncryptionHMACPQC Readiness
TLS_AES_256_GCM_SHA3840x1302AES-256-GCMAEADsafe Recommended
TLS_CHACHA20_POLY1305_SHA2560x1303ChaCha20-Poly1305AEADsafe
TLS_AES_128_GCM_SHA2560x1301AES-128-GCMAEADsafe
TLS_AES_128_CCM_SHA2560x1304AES-128-CCMAEADsafe
TLS_AES_128_CCM_8_SHA2560x1305AES-128-CCM-8AEADsafe

Note: TLS 1.3 symmetric encryption is quantum-safe; however the key exchange (ECDH, DHE) is still classically-based and vulnerable to Shor's algorithm unless a PQC/hybrid group is used.

TLS 1.2 — Strong Suites (AEAD, forward secrecy)
Suite NameIANA IDKey ExchangeEncryptionMACPQC Readiness
ECDHE-RSA-AES256-GCM-SHA3840xC030ECDHEAES-256-GCMAEADtransitional
ECDHE-RSA-AES128-GCM-SHA2560xC02FECDHEAES-128-GCMAEADtransitional
ECDHE-ECDSA-AES256-GCM-SHA3840xC02CECDHEAES-256-GCMAEADtransitional
ECDHE-ECDSA-AES128-GCM-SHA2560xC02BECDHEAES-128-GCMAEADtransitional
ECDHE-RSA-CHACHA20-POLY13050xCCA8ECDHEChaCha20-Poly1305AEADtransitional
ECDHE-ECDSA-CHACHA20-POLY13050xCCA9ECDHEChaCha20-Poly1305AEADtransitional
DHE-RSA-AES256-GCM-SHA3840x009FDHEAES-256-GCMAEADtransitional
DHE-RSA-AES128-GCM-SHA2560x009EDHEAES-128-GCMAEADtransitional
DHE-RSA-CHACHA20-POLY13050xCCAADHEChaCha20-Poly1305AEADtransitional
AES256-GCM-SHA3840x009DRSAAES-256-GCMAEADvulnerable
AES128-GCM-SHA2560x009CRSAAES-128-GCMAEADvulnerable
TLS 1.2 / 1.1 / 1.0 — Legacy CBC Suites
Suite NameIANA IDKey ExchangeEncryptionMACPQC Readiness
ECDHE-RSA-AES256-SHA3840xC028ECDHEAES-256-CBCSHA-384transitional
ECDHE-RSA-AES128-SHA2560xC027ECDHEAES-128-CBCSHA-256transitional
ECDHE-RSA-AES256-SHA0xC014ECDHEAES-256-CBCSHA-1vulnerable
ECDHE-RSA-AES128-SHA0xC013ECDHEAES-128-CBCSHA-1vulnerable
DHE-RSA-AES256-SHA2560x006BDHEAES-256-CBCSHA-256transitional
DHE-RSA-AES128-SHA2560x0067DHEAES-128-CBCSHA-256transitional
AES256-SHA2560x003DRSAAES-256-CBCSHA-256vulnerable
AES128-SHA2560x003CRSAAES-128-CBCSHA-256vulnerable
AES256-SHA0x0035RSAAES-256-CBCSHA-1vulnerable
AES128-SHA0x002FRSAAES-128-CBCSHA-1vulnerable
Weak / Broken Cipher Suites (RC4, DES, 3DES, NULL, EXPORT)
Suite NameIANA IDKey ExchangeEncryptionRisk
ECDHE-RSA-DES-CBC3-SHA0xC012ECDHE3DES-CBCCritical
DHE-RSA-DES-CBC3-SHA0x0016DHE3DES-CBCCritical
DES-CBC3-SHA0x000ARSA3DES-CBCCritical
RC4-SHA0x0005RSARC4-128Critical
RC4-MD50x0004RSARC4-128Critical
ECDHE-RSA-RC4-SHA0xC011ECDHERC4-128Critical
DES-CBC-SHA0x0009RSADES-CBCCritical
NULL-MD5 / NULL-SHA0x0001/0x0002RSANoneCritical — No Encryption
Non-AES Symmetric Suites (Camellia, ARIA)
Suite NameKey ExchangeEncryptionOrigin StandardPQC Readiness
ECDHE-RSA-CAMELLIA256-SHA384ECDHECamellia-256-CBCISO/IEC 18033-3, RFC 6367transitional
ECDHE-RSA-CAMELLIA128-SHA256ECDHECamellia-128-CBCISO/IEC 18033-3transitional
ECDHE-RSA-ARIA256-GCM-SHA384ECDHEARIA-256-GCMKorean IETF RFC 6209transitional
ECDHE-RSA-ARIA128-GCM-SHA256ECDHEARIA-128-GCMKorean IETF RFC 6209transitional
TLS Key Exchange Groups — Full Handshake + Passive Detection
Group NameIDTypePQC?Detection MethodStandard
X25519MLKEM7680x11ECHybrid (X25519 + ML-KEM-768)YesFull handshakeNIST FIPS 203 + RFC 7748
SecP256r1MLKEM7680x11EBHybrid (P-256 + ML-KEM-768)YesFull handshakeNIST FIPS 203 + FIPS 186-5
SecP384r1MLKEM10240x11EDHybrid (P-384 + ML-KEM-1024)YesFull handshakeNIST FIPS 203 + FIPS 186-5
MLKEM5120x0200Pure ML-KEMYesFull handshakeNIST FIPS 203
MLKEM7680x0201Pure ML-KEMYesFull handshakeNIST FIPS 203
MLKEM10240x0202Pure ML-KEMYesFull handshakeNIST FIPS 203
BIKE-L1 / BIKE-L3 / BIKE-L5OQSCode-based KEMYesPassive HRROQS / IETF draft
FrodoKEM-640/976/1344 (AES & SHAKE)OQSLattice KEM (conservative)YesPassive HRROQS / IETF draft
x25519_mlkem512, p256_mlkem512, bp256_mlkem512OQSHybrid ML-KEM (non-IANA)YesPassive HRROQS draft
bp384_mlkem768, p384_mlkem768, x448_mlkem768OQSHybrid ML-KEM (non-IANA)YesPassive HRROQS draft
bp512_mlkem1024, p521_mlkem1024OQSHybrid ML-KEM (non-IANA)YesPassive HRROQS draft
X255190x001DClassical ECDHNoFull handshakeRFC 7748
X4480x001EClassical ECDHNoFull handshakeRFC 7748
secp256r1 (P-256)0x0017NIST ECCNoFull handshakeFIPS 186-5, RFC 8422
secp384r1 (P-384)0x0018NIST ECCNoFull handshakeFIPS 186-5, RFC 8422
secp521r1 (P-521)0x0019NIST ECCNoFull handshakeFIPS 186-5, RFC 8422
ffdhe2048 – ffdhe81920x0100–0x0104Finite-Field DHNoFull handshakeRFC 7919
secp256k10x0016ECC (Bitcoin curve)NoFull handshakeNon-NIST, legacy
Green rows: Scanner completes a full TLS 1.3 handshake as a PQC-capable client and records tychon.cipher_negotiation.kex.* fields including quantum_safe and cnsa_20_level.   Blue rows: Server's required group is identified via passive TLS HelloRetryRequest parsing — TLS presence, cipher suite, and KEX group name are all captured without completing the handshake. Validated against all 721 ports of the Open Quantum Safe interop server.
STARTTLS Protocol Ports (TLS-upgraded plaintext)
PortProtocolSTARTTLS Method
21FTPAUTH TLS
25SMTPSTARTTLS
110POP3STLS
143IMAPSTARTTLS
389LDAPSTARTTLS
587SMTP (submission)STARTTLS
3306MySQLMySQL SSL handshake
5432PostgreSQLSSLRequest
6379RedisSTARTTLS
SSH — Secure Shell
All Platforms Active network probe Port 22 (default) tychon.ssh

The scanner performs a full SSH handshake, collecting all negotiated algorithms for key exchange, host key type, symmetric encryption, and MAC. No authentication is attempted.

Algorithm CategoryAlgorithm NamePQC ReadinessNotes
Key Exchange
Key Exchangecurve25519-sha256transitionalMost deployed modern KEX; no PQC protection
Key Exchangeecdh-sha2-nistp256/384/521transitionalNIST ECC; forward secrecy; no PQC
Key Exchangediffie-hellman-group-exchange-sha256transitionalRFC 4419; group size determines classical security
Key Exchangediffie-hellman-group14-sha1vulnerableSHA-1 MAC; 2048-bit DH; deprecated
Key Exchangediffie-hellman-group1-sha1broken768-bit DH; LOGJAM applicable; disabled by default in modern OpenSSH
Host Key Type
Host Keyssh-ed25519transitionalEdDSA on Curve25519; modern default
Host Keyecdsa-sha2-nistp256/384/521transitionalECDSA; forward-secrecy for host auth
Host Keyrsa-sha2-256 / rsa-sha2-512transitionalRSA host key with SHA-2; acceptable key sizes ≥3072
Host Keyssh-rsavulnerableRSA with SHA-1; deprecated RFC 8332
Symmetric Encryption
Encryptionaes256-gcm@openssh.comsafe RecommendedAES-256-GCM AEAD; preferred
Encryptionaes128-gcm@openssh.comsafeAES-128-GCM AEAD
Encryptionchacha20-poly1305@openssh.comsafeChaCha20-Poly1305 AEAD; preferred on CPUs without AES-NI
Encryptionaes256-ctr / aes192-ctr / aes128-ctrsafeAES-CTR; requires separate MAC; acceptable
Encryptionaes256-cbc / aes128-cbctransitionalAES-CBC; Lucky13 risk if no EtM MAC
MAC
MAChmac-sha2-256-etm@openssh.comsafeEncrypt-then-MAC; preferred
MAChmac-sha2-512-etm@openssh.comsafe RecommendedEncrypt-then-MAC; preferred
MAChmac-sha1vulnerableSHA-1 collision risk; deprecate
MAChmac-md5brokenMD5 broken; disable immediately
SMB3 — Server Message Block Encryption
All Platforms Windows (registry augment) TCP network probe — port 445 tychon.non_tls_cipher

An SMB2 NEGOTIATE Request is sent to 127.0.0.1:445 offering all dialects 2.0.2 through 3.1.1. The server's NEGOTIATE Response is parsed for the negotiated dialect and, for SMB 3.1.1, the NegotiateContextList encryption cipher IDs. On Windows the LanmanServer EncryptData registry DWORD is also checked.

Detected StateCipher / ConditionPQC ReadinessQuantum RiskMigration Priority
SMBv1 responseNo encryption — SMBv1vulnerableCriticalCritical
SMB 2.0.2 / 2.1 negotiatedNo encryption (SMB2 lacks native encryption)vulnerableHighHigh
SMB 3.0 / 3.0.2 negotiatedAES-128-CCM (only option)safeLowLow
SMB 3.1.1 — AES-128-GCMAES-128-GCMsafeLowLow
SMB 3.1.1 — AES-256-GCMAES-256-GCM (preferred)safe RecommendedLowLow
SMB 3.1.1 — AES-128-CCMAES-128-CCMsafeLowLow
SMB 3.1.1 — AES-256-CCMAES-256-CCMsafeLowLow

Note: SMB symmetric encryption (AES-GCM/CCM) is quantum-safe. The primary risk is unencrypted SMBv1/v2 traffic which can be captured and replayed. Upgrade path: enable SMB 3.1.1 with EncryptData=1 (Windows) and prefer AES-256-GCM.

SNMPv3 — User-based Security Model (USM)
Linux macOS Windows (registry) Config parse: /etc/snmp/snmpd.conf Windows SNMP service registry Port 161 UDP tychon.non_tls_cipher

No active network probe is sent (USM responses require valid credentials). On Linux/macOS /etc/snmp/snmpd.conf is parsed for createUser directives, collecting auth and priv protocol names. On Windows the SNMP service registry key is checked — Windows SNMP supports only v1/v2c (community strings, no encryption).

CategoryProtocolUSM RolePQC ReadinessQuantum Risk
Authentication
Insecure authMD5AuthvulnerableMedium
Weak authSHA / SHA-1AuthvulnerableMedium
Acceptable authSHA-256AuthtransitionalLow
Acceptable authSHA-384AuthtransitionalLow
Acceptable authSHA-512AuthtransitionalLow
Privacy (Encryption)
Broken privDES / CBC-DESPrivvulnerableCritical
Broken priv3DES / 3DES-EDEPrivvulnerableCritical
Acceptable privAES-128 / CFB-AES-128PrivsafeLow
Preferred privAES-256 / CFB-AES-256Privsafe RecommendedLow
Windows SNMP Service
SNMPv1/v2c onlyCommunity string auth — no encryptionBothvulnerableCritical
Kerberos — Encryption Type Configuration
Windows (registry) Linux (/etc/krb5.conf) macOS (/etc/krb5.conf) Registry: SupportedEncryptionTypes bitmask Config parse: /etc/krb5.conf [libdefaults] Port 88 tychon.non_tls_cipher tychon.quantum_readiness

Windows reads SupportedEncryptionTypes from the Group Policy or LSA registry key (or infers the OS-version default). Linux/macOS parses /etc/krb5.conf [libdefaults] for permitted_enctypes, default_tkt_enctypes, and allow_weak_crypto. RC4-HMAC is exploitable via Kerberoasting (RFC 8429 deprecates it); DES is banned by CNSA 2.0.

EnctypeBitmask Bit (Windows)CategoryPQC ReadinessQuantum Risk
DES-CBC-CRC0x01Broken / bannedvulnerableCritical
DES-CBC-MD50x02Broken / bannedvulnerableCritical
RC4-HMAC0x04Deprecated — KerberoastablevulnerableCritical
AES128-CTS-HMAC-SHA1-960x08AcceptabletransitionalMedium
AES256-CTS-HMAC-SHA1-960x10PreferredtransitionalMedium
AES256-CTS-HMAC-SHA384-192krb5.conf onlyPreferred (SHA-384)transitionalMedium
arcfour-hmac / arcfour-hmac-md5krb5.conf onlyDeprecated — RC4 aliasvulnerableCritical
Note: No PQC-native Kerberos standard exists as of 2026. AES-only configurations are classified transitional (symmetric AES resists Grover's algorithm) but remain vulnerable to Harvest Now, Decrypt Later for long-lived session tickets. Migration guidance will update as IETF/NIST publish PQC Kerberos extensions.
VPN Clients — Detection and Protocol Identification
All Platforms Process scan Registry (Windows) Config file parse tychon.vpn_client

VPN clients are detected by process name, registry presence, and configuration file paths. Tunnel protocol, cipher suite, and key exchange algorithm are extracted from config files when available.

VPN ClientPlatformsPrimary ProtocolDetection Method
Cloudflare WARPWin / Mac / LinuxWireGuard / MASQUEProcess, Registry, Config
Palo Alto GlobalProtectWin / Mac / LinuxIPSec/IKEv2, SSL/TLSProcess, Registry, Config
Cisco AnyConnect / Secure ClientWin / Mac / LinuxDTLS, TLS, IPSecProcess, Registry, Config
Fortinet FortiClientWin / Mac / LinuxSSL-VPN, IPSec/IKEv2Process, Registry, Config
Zscaler Client ConnectorWin / Mac / LinuxTLS, DTLSProcess, Registry
Check Point Endpoint SecurityWin / Mac / LinuxIPSec, SSL-VPNProcess, Registry
WireGuardWin / Mac / LinuxWireGuard (ChaCha20-Poly1305)Process, Config (wg0.conf)
OpenVPNWin / Mac / LinuxSSL/TLS over UDP/TCPProcess, Config (.ovpn)
TailscaleWin / Mac / LinuxWireGuardProcess, Config
Ivanti Pulse SecureWin / MacSSL-VPNProcess, Registry
NordVPN / NordLayerWin / Mac / LinuxNordLynx (WireGuard), OpenVPNProcess, Config
Perimeter81 / Check Point HarmonyWin / Mac / LinuxWireGuard, IPSecProcess, Config
ProtonVPNWin / Mac / LinuxWireGuard, OpenVPN, IKEv2Process, Config
ExpressVPNWin / Mac / LinuxLightway (wolfSSL), OpenVPNProcess, Config
SurfsharkWin / Mac / LinuxWireGuard, OpenVPN, IKEv2Process, Config
Windows Built-in VPNWinIKEv2, L2TP/IPSec, PPTP, SSTPRegistry, WMI
SoftEther VPNWin / LinuxSSL-VPN, L2TP, OpenVPNProcess, Config
TwingateWin / Mac / LinuxWireGuardProcess
CyberGhostWin / MacWireGuard, OpenVPN, IKEv2Process, Registry
IPSec — Internet Protocol Security
All Platforms Config file parse Process scan Service status tychon.ipsec_tunnel
ImplementationPlatformsConfig FileIKE Versions
Windows Built-in IPSecWindowsRegistry / PowerShellIKEv1, IKEv2
strongSwanWin / Mac / Linuxipsec.conf, swanctl.confIKEv1, IKEv2
libreswanLinuxipsec.confIKEv1, IKEv2
openswanLinux (legacy)ipsec.confIKEv1
Linux Kernel IPSec (xfrm)Linuxiproute2 / netstatIKEv1, IKEv2

Fields captured: protocol (IKEv1/IKEv2), mode (tunnel/transport), authentication method (PSK/certificate/EAP), encryption algorithm, integrity algorithm, DH group, tunnel endpoint addresses.

MACsec — IEEE 802.1AE Layer-2 Encryption
Linux Windows macOS sysfs / ip link Registry (Windows) tychon.macsec
Cipher SuiteKey LengthCNSA 2.0PQC ReadinessScore
GCM-AES-256256-bitYessafe80 / 100
GCM-AES-256-XPN256-bitYessafe80 / 100
GCM-AES-128128-bitNo (CNSA 2.0 requires 256)transitional50 / 100
GCM-AES-128-XPN128-bitNotransitional50 / 100
Unknown / noneNovulnerable20 / 100

Additional flags assessed: encrypt (authentication-only vs. confidentiality), replay_protect (replay window size), MKA (802.1X key agreement) enabled, validate: strict/check/disabled.

IBM MQ — Message Queue Channel Encryption
All Platforms Active network probe (port 1414) Direct TLS probe (port 1415) STARTTLS probe (localhost) tychon.non_tls_cipher

IBM MQ uses TLS at the TCP layer — the TLS handshake completes before any MQ protocol bytes are exchanged. On port 1414 (standard listener), a 28-byte MQTSH probe is sent after TLS fails; a TSH  signature in the response confirms MQ presence without TLS. Port 1415 (dedicated SSL listener) and port 9443 (MQ REST API) receive a direct TLS ClientHello. TLS-protected MQ channels are also detected by the standard TLS probe and labeled ibmmq+tls.

ConfigurationPortDetection MethodPQC ReadinessQuantum RiskAction
MQ channel with TLS 1.3 + PQC hybrid KEX1414 / 1415TLS probe → ibmmq+tlstransitionalMediumUpgrade KEX to X25519MLKEM768 when IBM MQ supports it
MQ channel with TLS 1.2 (ECDHE-AES-GCM)1414 / 1415TLS probe → ibmmq+tlstransitionalHighUpgrade to TLS 1.3; add PQC hybrid KEX
MQ channel with TLS 1.0 / 1.1 or weak cipher1414 / 1415TLS probe → ibmmq+tlsvulnerableCriticalDisable TLS 1.0/1.1; enforce TLS 1.2+ with AEAD ciphers
MQ channel — no TLS (SSLCIPH not set)1414MQTSH binary probevulnerableCriticalSet SSLCIPH on all channels; enforce SSLPEER; require TLS 1.2+

MQTSH probe: 28-byte Transmission Segment Header (StrucId="TSH ", SegmentType=INITIAL). IBM MQ responds with a recognizable error frame when TLS is absent, exposing the channel without authentication or encryption. Common IBM MQ process names monitored: amqrmppa, runmqlsr, amqzmgr0.

NFS — Network File System
Linux macOS Active network probe (port 2049) /proc/mounts + /proc/fs/nfsd/exports (Linux) /sbin/mount (macOS) tychon.non_tls_cipher

Local NFS mounts and server exports are parsed from the OS mount table — no network probing required for local detection. For remote scans, port 2049 receives a direct TLS ClientHello (RFC 9289 NFS-over-TLS) first; if TLS fails, a 40-byte ONC RPC NULL call (XID 0x12345678, Program 100003 / NFS, Procedure 0) confirms NFS presence. Security flavor is classified from mount options or export configuration.

Security Flavor (sec=)EncryptedAuthPQC ReadinessQuantum RiskAction
tls — NFS-over-TLS (RFC 9289)YesTLS certificatetransitionalMediumUpgrade TLS cipher to 1.3 with PQC hybrid KEX
krb5p — Kerberos privacyYes (AES256-CTS)KerberostransitionalMediumSymmetric AES is quantum-safe; Kerberos session KEX is not — await PQC Kerberos RFC
krb5i — Kerberos integrityNo (data plaintext)Kerberos + HMACvulnerableHighUpgrade to krb5p for data encryption or migrate to NFS-over-TLS
krb5 — Kerberos auth onlyNoKerberosvulnerableHighUpgrade to krb5p for data encryption or migrate to NFS-over-TLS
sys — AUTH_SYS (UID/GID)NoNone (spoofable)vulnerableCriticalReplace with krb5p or NFS-over-TLS immediately; AUTH_SYS provides no real authentication
No security (NFSv2 / v3, no sec option)NoNonevulnerableCriticalUpgrade to NFSv4.1+ with Kerberos or NFS-over-TLS

NFS version detected from mount options (vers= or nfsvers=). Linux server exports are read from /proc/fs/nfsd/exports; client mounts from /proc/mounts. macOS mount table parsed via /sbin/mount. Windows NFS stub returns no results (Windows NFS client usage is rare in enterprise environments). Remote detection: port 2049 labeled nfs+tls when TLS succeeds.

X.509 Certificates — Filesystem Scanning
All Platforms Filesystem walk PEM / DER / PKCS12 / JKS tychon.filesystem_certificate tychon.keystore_certificate
Key AlgorithmKey Size / CurvePQC ReadinessQuantum RiskMigration Priority
RSA< 2048 bitsvulnerableCriticalCritical
RSA2048 bitstransitionalHighHigh
RSA3072 / 4096+ bitstransitionalHighMedium
ECDSAP-256 / P-384 / P-521transitionalHighHigh
ED25519255 bits (Curve25519)transitionalMediumMedium
DSA1024 / 2048 bitsvulnerableCriticalCritical

Cert metadata captured: subject, issuer, serial, not-before, not-after, SHA-1 and SHA-256 fingerprints, key usage / EKU, SANs, chain depth, CRL/OCSP endpoints, FIPS 140 certification flag, signature algorithm.

Keystores — JKS, PKCS12, and System Stores
All Platforms Filesystem walk OS store APIs tychon.keystore tychon.keystore_certificate
Keystore FormatExtension(s)PlatformEncryption Assessed
JKS — Java KeyStore.jksAll (Java)PBEWithSHA1AndDESede (weak), AES-256 (strong)
PKCS#12.p12, .pfxAllPBKDF2, PKCS12KDF; AES-256-CBC; MAC SHA-256
PEM.pem, .crt, .cer, .keyAllAES-128/256-CBC passphrase encryption detected
DER.der, .cerAllBinary format; no container encryption
Windows Certificate StoreRegistryWindowsCNG encryption for private keys
macOS KeychainSecurity frameworkmacOSSecure Enclave or system keychain encryption
Linux NSS databasecert8.db, cert9.dbLinuxSQLite3 / Berkeley DB; PBKDF2
Linux system CA store/etc/ssl/certs/, /var/lib/ca-certificates/LinuxPublic roots only; no private key material
macOS Keychain Identities (certificate + private key pairs)
macOS only Security framework — SecItemCopyMatching SecKeyCopyAttributes (no key export) tychon.application tychon.keystore_certificate

The Security framework SecItemCopyMatching(kSecClassIdentity) enumerates all certificate+private key pairs in the process's keychain search list (login + System keychains). Private key bytes never leave securityd or the Secure Enclave — only metadata is accessed via SecKeyCopyAttributes. Common identities include Microsoft AAD, GlobalProtect VPN, and MDM enrollment certificates.

Key TypeBits / CurvePQC ReadinessQuantum RiskMigration Priority
RSA< 2048vulnerableCriticalCritical
RSA2048transitionalHighHigh
RSA3072 / 4096+transitionalHighMedium
EC (ECDSA)P-256 / P-384 / P-521transitionalHighHigh
ED25519255-bit Curve25519transitionalMediumMedium
Cryptographic Libraries — Memory and Process Scanning
All Platforms Process memory maps /proc/{pid}/maps (Linux) Mach VM APIs (macOS) VirtualQueryEx (Windows) tychon.crypto_library tychon.java_crypto_library
LibraryMin PQC-Capable VersionPQC StatusPQC AlgorithmsNotes
OpenSSL3.5.0+ (Apr 2025)PQC CapableML-KEM, ML-DSA, SLH-DSA (FIPS 140-3)Via built-in FIPS provider
OpenSSL3.0 – 3.4PartialML-KEM (oqs-provider only)OQS provider required
OpenSSL< 3.0Not CapableNoneEOL; upgrade required
LibreSSLNot CapableNoneOpenSSL 1.x API compatibility fork
BoringSSL (Google)2023+PartialX25519Kyber768 hybrid (TLS only)No standalone PQC API
NSS (Mozilla)3.94+ (Oct 2024)PartialML-KEM-768 hybrid (TLS 1.3)IETF draft spec; Firefox 132+
Mbed TLS3.6.0+PartialML-KEM (experimental)Requires compile-time flag; not production-ready
wolfSSL5.7.0+PartialML-KEM, ML-DSA, SLH-DSACompile-time flags required; FIPS module is paid
Botan3.4.0+PQC CapableML-KEM, ML-DSA, SLH-DSA (finalized)Full NIST FIPS 203/204/205 implementation
Botan3.0 – 3.3PartialDraft Kyber / DilithiumPre-standardization drafts
GnuTLSNot CapableNoneNo mainline PQC as of 2026
Apple Security (CommonCrypto, CoreTLS, CryptoKit)Not CapableNoneNo public PQC APIs as of 2026
Windows SChannel / CNG / CAPINot CapableNoneNo native PQC as of 2026; Preview available in Insider
BouncyCastle (Java)1.77+ (beta)PartialML-KEM, ML-DSA, SLH-DSA (beta)Detected via Java process memory scan

Private key bytes are never read from memory. Library detection uses shared-object paths, version strings, and module signatures found in process memory maps. Java crypto libraries are detected via class loading patterns in the JVM heap.

Quantum Readiness Assessment — Scoring Model
All Platforms tychon.quantum_readiness tychon.pqc_inventory

The quantum readiness score is a composite of four independently scored dimensions. Scores influence the letter-grade (AF) and readiness status reported in tychon.quantum_readiness.

DimensionMax ScoreKey Factors
Hardware40 ptsCPU architecture (x86_64/ARM64), AES-NI, AVX2/NEON instructions, RAM capacity, TPM version, HSM presence, Secure Boot
OS & Crypto API30 ptsOS version / patch level, TLS 1.3 native support, FIPS mode enabled, modern cipher API availability, IPv6 support
Crypto Libraries20 ptsOpenSSL version, PQC-capable libraries detected, no legacy library presence
Network10 ptsEstimated bandwidth, TLS 1.3 negotiation success rate, IPv6 availability
Kerberos Score Impact (Windows only): DES enabled: −15 pts  |  RC4 explicit: −10 pts  |  RC4 OS default: −5 pts  |  AES-only explicit: 0 penalty. Score is floored at 0.
All NDJSON event.dataset Values
event.datasetevent.actionProtocol / SourceOne event per
tychon.ciphercipher_negotiationTLS (all versions)Negotiated cipher suite per port
tychon.cipher_quickquick_cipher_scanTLS (fast path)Single negotiated suite per port
tychon.sshssh_crypto_detectedSSHSSH algorithm set per port
tychon.non_tls_ciphernon_tls_cipher_detectedSMB3, SNMPv3, Kerberos, SMTP, IMAP, LDAP, PostgreSQL, IBM MQ, NFSOne cipher profile per detected protocol instance
tychon.vpn_clientvpn_client_detectedVPN clientsDetected VPN client installation
tychon.ipsec_tunnelipsec_tunnel_detectedIPSecIPSec tunnel or policy
tychon.macsecmacsec_interface_detectedMACsecMACsec interface
tychon.filesystem_certificatecertificate_discoveredFilesystemX.509 certificate file
tychon.keystore_certificatekeystore_discoveredJKS / PKCS12 / etc.Certificate within a keystore
tychon.keystorekeystore_discoveredJKS / PKCS12 / etc.Keystore file (summary)
tychon.crypto_librarycrypto_library_detectedMemory scanCrypto library per process
tychon.java_crypto_librarycrypto_library_detectedJVM memory scanJava crypto library per process
tychon.quantum_readinessquantum_readiness_assessedComposite assessmentOne per scan
tychon.pqc_inventorypqc_inventoryApp + port pairsApplication + port with cipher data
tychon.applicationapplication_detectedApp-centric modeApplication (process executable)
tychon.connected_quickconnected_quick_scanActive connectionsOutbound connection probe
tychon.installed_appinstalled_app_detectedOS app registryInstalled application
tychon.browser_extensionbrowser_extension_detectedBrowser profilesBrowser extension
PQC Assessment Quick-Reference Matrix
Algorithm / ConfigurationProtocol Contextpqc_readinessquantum_riskmigration_priorityReason
ML-KEM hybrid KEX (X25519+ML-KEM-768)TLS 1.3safeLowLowNIST FIPS 203; CNSA 2.0 compliant
AES-256-GCM (symmetric)TLS, SMB3, MACsec, IPSecsafeLowLow256-bit key resists Grover's algorithm
AES-128-GCM (symmetric)TLS, SMB3, MACsecsafeLowLow128-bit effectively 64-bit post-Grover; acceptable
ChaCha20-Poly1305 (symmetric)TLS, WireGuard VPNsafeLowLow256-bit key symmetric; quantum-safe
ECDHE key exchangeTLS 1.2 / 1.3transitionalHighHighShor's algorithm breaks ECDH on a CRQC
DHE key exchangeTLS 1.2transitionalHighHighShor's algorithm breaks discrete logarithm
RSA key exchange / signatureTLS, certificatestransitionalHighHighShor's algorithm factors RSA modulus
ECDSA / ED25519 signaturesCertificates, SSHtransitionalHighHighShor's algorithm breaks ECC
AES128-CTS-HMAC-SHA1-96 (Kerberos)KerberostransitionalMediumMediumSymmetric AES session; no PQC Kerberos standard yet
AES-256 SNMPv3 priv + SHA-256 authSNMPv3transitionalLowLowBest available; no PQC SNMPv3 standard yet
SHA-1 / MD5 MACsTLS, SSH, SNMPv3vulnerableHighHighClassical collision attacks (Grover accelerates)
3DES / Triple-DESTLS, IPSec, SNMPv3, KerberosvulnerableCriticalCriticalSWEET32 (classical); 112-bit key = 56-bit post-Grover
RC4TLS, KerberosvulnerableCriticalCriticalClassically broken; RFC 7465 prohibits in TLS
DESKerberos, SNMPv3, SMBvulnerableCriticalCritical56-bit key; broken classically since 1998
NULL encryptionTLSvulnerableCriticalCriticalNo encryption — authentication only
RSA < 2048 bitsCertificates, TLS key exchangevulnerableCriticalCriticalBelow minimum classical security; quantum makes it worse
SMBv1SMBvulnerableCriticalCriticalNo encryption; WannaCry; EternalBlue
SNMPv1 / v2c (community strings)SNMPvulnerableCriticalCriticalCleartext; no authentication integrity
IBM MQ — no TLS (SSLCIPH not set)IBM MQvulnerableCriticalCriticalPlaintext message queues; no authentication or encryption
IBM MQ — TLS 1.2+ channelIBM MQtransitionalHighHighClassical asymmetric KEX; upgrade to TLS 1.3 + PQC hybrid
NFS sec=sys / no secNFSvulnerableCriticalCriticalNo encryption, no real authentication (UID/GID spoofable)
NFS sec=krb5 / krb5iNFSvulnerableHighHighAuth only or integrity only; data in plaintext
NFS sec=krb5pNFStransitionalMediumMediumAES256-CTS data encryption; KEX is quantum-vulnerable
NFS-over-TLS (RFC 9289)NFStransitionalMediumMediumTLS 1.3 with classical KEX; add PQC hybrid group
Platform Coverage Matrix
Detection CategoryWindowsmacOSLinuxDetection Method
TLS / SSL cipher scanningActive TCP probe
SSH algorithm scanningActive TCP probe
SMB3 encryption (network probe)TCP NEGOTIATE packet
SMB encryption enforcementRegistry: LanmanServer\EncryptData
SNMPv3 (config file)Parse /etc/snmp/snmpd.conf
SNMP service (Windows v1/v2c)Registry: services\SNMP
Kerberos enctypes (registry)Registry: SupportedEncryptionTypes bitmask
Kerberos enctypes (krb5.conf)Parse /etc/krb5.conf [libdefaults]
VPN client detectionProcess, Registry, Config files
IPSec tunnel detectionConfig files, service status, process
MACsec interface detectionsysfs, ip link, Registry
Filesystem certificate scanWalk configured paths
Windows Certificate StoreCryptoAPI / Windows registry
macOS Keychain identitiesSecurity framework (CGO)
Linux NSS databaseSQLite / BDB cert9.db
JKS / PKCS12 keystoresFilesystem walk + OpenSSL
Crypto library memory scanProcess memory maps + version detection
Java crypto library scanJVM heap / class path analysis
Quantum readiness scoringComposite of all above
NTLM LmCompatibilityLevelRegistry — HKLM\...\Lsa\LmCompatibilityLevel
UEFI / Secure Boot firmware typeRegistry (Win) / EFI sysfs (Linux) / hardware assumption (macOS)
WiFi encryption (active connection)WLAN profile XML (Win) / wpa_supplicant + NM conf (Linux) / interface detection (macOS)
STARTTLS cipher probingProtocol-native handshake: SMTP, IMAP, LDAP, PostgreSQL on localhost
IBM MQ channel detection (port 1414)MQTSH binary probe (no TLS) + standard TLS probe (TLS channels)
IBM MQ SSL listener (port 1415)Direct TLS ClientHello
NFS client mount detectionmacOS: /sbin/mount  |  Linux: /proc/mounts
NFS server export detectionLinux: /proc/fs/nfsd/exports
NFS remote probe (port 2049)TLS ClientHello (RFC 9289) + ONC RPC NULL call fallback