We are using C# .net server and client with TLS 1.3 secure communication. As microsoft has announced the support for PQC algorithms in Windows server 2025. I would like to know if those PQC algorithms have been implemented in Schannel yet or not ?

Question

We are using C# .net server and client with TLS 1.3 secure communication. As microsoft has announced the support for PQC algorithms in Windows server 2025. I would like to know if those PQC algorithms have been implemented in Schannel yet or not ?

Bandi, Mohan Keshava 25

Hi,

We have a C# .net application where a server and client with TLS 1.3 communication is implemented. We are using .net 10 on a windows server 2025 machine. As it is announced that Windows server 2025 has support for PQC algorithms. We are verifying if our client-server program is using the new PQC algorithms.

But when we capture the wireshark traces, we still see the secp256r1 & x25519 as key share algorithms.

Note: On the windows server 2025, the following KBs are installed

[https://support.microsoft.com/en-us/topic/november-11-2025-kb5068861-os-build-26100-7171-24e553d1-2338-433e-9cc3-61733148530c#:~:text=November%2011%2C%202025%E2%80%94KB5068861%20(,Windows%20Server%202025](https://support.microsoft.com/en-us/topic/november-11-2025-kb5068861-os-build-26100-7171-24e553d1-2338-433e-9cc3-61733148530c#:~:text=November%2011%2C%202025%E2%80%94KB5068861%20(,Windows%20Server%202025)

0 comments

Answer accepted by question author

0 additional answers

Your answer

Answer 1

Tom Tran (WICLOUD CORPORATION) 4,860 Microsoft External Staff Moderator

Hi @Bandi, Mohan Keshava,

Thanks for the details!

According to this blog, Windows Server 2025 does include post‑quantum cryptography algorithms, but I believe that only means they’re available inside the OS crypto libraries. It doesn’t mean TLS 1.3 (Schannel) is already using them automatically.

Right now, TLS on Windows still uses the usual key exchange algorithms like x25519 and secp256r1, which is why you’re seeing those in Wireshark. From what I can tell, that’s expected behavior and not a configuration problem with .NET or your application.

If you find my answer useful, please kindly consider marking it as the final answer by following this instruction. Thank you!

Bandi, Mohan Keshava 25 Reputation points

2026-02-11T15:21:02.68+00:00

Hi @Tom Tran,

Thank you very much for your response. I have a follow up question.

If Schannel does not automatically uses the new PQC algorithms, then all the applications which uses Schannel as underlying stack for TLS communcation cannot be called as PQC complaint ?
Tom Tran (WICLOUD CORPORATION) 4,860 Reputation points Microsoft External Staff Moderator

2026-02-12T02:45:54.78+00:00

Hi @Bandi, Mohan Keshava ,

Thanks for the follow up question!

You are correct. If an application relies on Schannel for TLS, then its TLS communication cannot be considered post‑quantum compliant today, because Schannel does not yet use PQC or hybrid‑PQC key exchange.

So any application that uses Schannel inherits that limitation. This is independent of the application itself and applies to all Schannel‑based TLS on Windows at this time.

If you find my answer useful, please kindly consider marking it as the final answer by following this guidance. Thank you!
Bandi, Mohan Keshava 25 Reputation points

2026-02-12T05:15:45.87+00:00

Hi Tom Tran,Thank you for the detailed explanation. Now this makes me clear why my application still uses the old key share algorithms.

Regards,

Mohan

Share via

We are using C# .net server and client with TLS 1.3 secure communication. As microsoft has announced the support for PQC algorithms in Windows server 2025. I would like to know if those PQC algorithms have been implemented in Schannel yet or not ?

0 additional answers

Your answer