How can we help?

CECPQ2 post quantum key-agreement enabled for TLS in Chromium-based browsers


Chrome version 91 ( and above has enabled CECPQ2 post-quantum key-agreement enabled for TLS. This changes the TLS 1.3 extensions which can make some versions and deployments of Netsweeper unable to parse the Server-Name-Information in the TLS Client Hello message. This makes websites like get parsed and processed with only the IP Address like, The appearance of this issue depends on the deployment method, network MTU size, and the technology used, therefore you may not have any this issue or it may not impact your Netsweeper deployment. If you are impacted, you will notice https://IPADDRESS requests in your logs. This can cause policy and categorization issues depending on the Netsweeper deployment.


If you have any questions or need assistance to determine if your deployment needs to be upgraded or patched to resolve this issue please contact or contact your local Netsweeper Account and Sales team.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request