Skip to content

PQC readiness docs#23114

Open
bsanchez-the-roach wants to merge 7 commits intomainfrom
DOC-16026
Open

PQC readiness docs#23114
bsanchez-the-roach wants to merge 7 commits intomainfrom
DOC-16026

Conversation

@bsanchez-the-roach
Copy link
Copy Markdown
Contributor

@bsanchez-the-roach bsanchez-the-roach commented Mar 17, 2026

@netlify
Copy link
Copy Markdown

netlify bot commented Mar 17, 2026
edited
Loading

Deploy Preview for cockroachdb-api-docs canceled.

Name Link
🔨 Latest commit 2e5ed73
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-api-docs/deploys/69e68df8915e0f00083a4d13

@netlify
Copy link
Copy Markdown

netlify bot commented Mar 17, 2026
edited
Loading

Deploy Preview for cockroachdb-interactivetutorials-docs canceled.

Name Link
🔨 Latest commit 2e5ed73
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-interactivetutorials-docs/deploys/69e68df82f8e940008cfcfd2

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 17, 2026
edited
Loading

Files changed:

@netlify
Copy link
Copy Markdown

netlify bot commented Mar 17, 2026

Netlify Preview

Name Link
🔨 Latest commit cce4842
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-docs/deploys/69b99ee789e4980008cf7574
😎 Deploy Preview https://deploy-preview-23114--cockroachdb-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link
Copy Markdown

netlify bot commented Mar 17, 2026
edited
Loading

Netlify Preview

Name Link
🔨 Latest commit 2e5ed73
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-docs/deploys/69e68df8751d8300083f2182
😎 Deploy Preview https://deploy-preview-23114--cockroachdb-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 10, 2026

Diagram Anchor Check: Failed

Found 11 broken anchor(s) that will cause docs build failures.

Context: EDUENG-613 — same failure mode as 2026-01-29 (opt_with_show_hints_options missing from stmt_block.html).

  • rollback_transaction.html on release-26.1 → missing anchor #savepoint_name
    • referenced by src/current/v26.1/rollback-transaction.md
  • set_local.html on release-26.1 → missing anchor #var_name
    • referenced by src/current/v26.1/set-vars.md
  • set_local.html on release-26.1 → missing anchor #var_value
    • referenced by src/current/v26.1/set-vars.md
  • set_session.html on release-26.1 → missing anchor #var_name
    • referenced by src/current/v26.1/set-vars.md
  • set_session.html on release-26.1 → missing anchor #var_value
    • referenced by src/current/v26.1/set-vars.md
  • rollback_transaction.html on release-26.2 → missing anchor #opt_transaction_chain
    • referenced by src/current/v26.2/rollback-transaction.md
  • rollback_transaction.html on release-26.2 → missing anchor #savepoint_name
    • referenced by src/current/v26.2/rollback-transaction.md
  • set_local.html on release-26.2 → missing anchor #var_name
    • referenced by src/current/v26.2/set-vars.md
  • set_local.html on release-26.2 → missing anchor #var_value
    • referenced by src/current/v26.2/set-vars.md
  • set_session.html on release-26.2 → missing anchor #var_name
    • referenced by src/current/v26.2/set-vars.md
  • set_session.html on release-26.2 → missing anchor #var_value
    • referenced by src/current/v26.2/set-vars.md

sanchit-CRL
sanchit-CRL reviewed Apr 21, 2026
View reviewed changes
Comment thread src/current/v26.2/security-reference/transport-layer-security.md

CockroachDB supports the following key exchange mechanisms for TLS 1.3 connections:

- `X25519MLKEM768` (default): A hybrid PQC algorithm that combines `X25519` (an elliptic curve Diffie-Hellman algorithm) and `ML-KEM-768` (a quantum-resistant key encapsulation mechanism standardized as [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final)).
Copy link
Copy Markdown

@sanchit-CRL sanchit-CRL Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are the default PQC algorithms supported for TLS 1.3 X25519MLKEM768, X25519, CurveP256, CurveP384, CurveP521 as per the following link

Comment thread src/current/v26.2/security-reference/transport-layer-security.md

### Encryption

To maximize security against quantum attackers, Cockroach Labs recommends that all data in-flight is sent via a TLS 1.3 connection and encrypted with AES-256. This includes the encryption of any [client connections](#tls-in-cockroachdb-sql-client-connections) as well as [data transferred between CockroachDB nodes](#tls-between-cockroachdb-nodes).
Copy link
Copy Markdown

@sanchit-CRL sanchit-CRL Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all data in-flight is sent via a TLS 1.3 connection is correct, however AES-256 is recommended to be used for data at rest and not data in flight

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sanchit-CRL sanchit-CRL sanchit-CRL left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bsanchez-the-roach @sanchit-CRL