About the UI displaying the HTTPS cryptographic algorithm

Whether a website is secure depends on at least four fundamental factors: HTTPS encryption, cryptography algorithm, WAF protection, and trusted identity validation. This is why ZT Browser's UI innovation displays four security-related icons: encryption  Q  waf  t4. In addition to the security padlock, it also displays the cryptographic algorithm, WAF protection, and website trusted identity validation level. Please refer to the innovation UI Icon Summary of ZT Browser for details.

The cryptographic algorithms involved in HTTPS encryption mainly include three aspects: server signature algorithm (SSL certificate algorithm), key exchange algorithm, and cipher algorithm. Each aspect involves different cryptographic algorithms. Starting from version V2601, ZT Browser supports TLS 1.3 protocol using China commercial cryptographic algorithm for HTTPS encryption. Only when the cryptographic algorithms in the above three aspects are all commercial cryptographic algorithms (SM2/SM3/SM4) display m icon. Clicking the m icon will display "China Cryptographic Compliance".

China Cryptographic Compliance

For HTTPS encryption using the ECC hybrid PQC algorithm, if the key exchange algorithm uses X25519MLKEM768, a Q icon will be displayed after the padlock icon in ZT Browser address bar. Clicks the Q icon, the message "PQC algorithm, Quantum-Safe" and "Connection uses PQC algorithm (X25519MLKEM768)" will be displayed.

ECC hybrid PQC algorithm

For HTTPS encryption using the SM2 hybrid PQC algorithm, if the key exchange algorithm uses SM2MLKEM768, a Q icon and m icon will be displayed after the padlock icon in ZT Browser address bar . Clicks the Q icon, the message "PQC algorithm, Quantum-Safe" and "Connection uses PQC algorithm (SM2MLKEM768)" will be displayed.

SM2 hybrid PQC algorithm

The priority order of cryptographic algorithms used by ZT Browser and ZoTrus HTTPS Automation Gateway is as follows: (1) China PQC algorithm, (2) USA PQC algorithm, (3) SM2 + China PQC hybrid algorithm, (4) SM2 + USA PQC hybrid algorithm, (5) ECC + USA PQC hybrid algorithm, (6) RSA + USA PQC hybrid algorithm, (7) SM2 algorithm, (8) ECC algorithm, and (9) RSA algorithm. This is an adaptive algorithm selection order set according to the principle of prioritizing China cryptographic algorithms and post-quantum cryptographic algorithms.

It is recommended to choose the ZoTrus HTTPS automation management solution, which does not need to apply for an SSL certificate from a CA, install an SSL certificate on the web server, or install ACME client software on the web server, and fully automatically implement https encryption and WAF protection. Since the validity period of SSL certificates will be shortened to 47 days, the traditional solution of manually applying for and deploying SSL certificates cannot meet the application requirements of many website systems that need to deploy SSL certificates, and the automatic management of SSL certificates must be realized. In particular, the critical information infrastructure system that needs to realize the SM2 algorithm HTTPS encryption, the solution that does not affect the normal operation of the existing business system with zero transformation of the original web server is required, ZoTrus solution not only automatically deploys the RSA/ECC SSL certificate, but also automatically deploys the SM2 SSL certificate to realize the automatic management of the dual-algorithm SSL certificate. ZT Browser preferentially uses the SM2 algorithm to achieve HTTPS encryption, and other browsers that do not support the SM2 algorithm use the ECC algorithm to achieve HTTPS encryption. For websites that already support the post-quantum hybrid cryptographic protocol, ZT Browser prioritizes the post-quantum hybrid cryptographic protocol for HTTPS encryption and displays "Q" icon the address bar.

ZoTrus HTTPS automation management solution