AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-07-25 · Documentation medium

File: kms/latest/developerguide/pqtls.md

Summary

Removed regional restrictions for post-quantum TLS support and deleted performance benchmark section

Security assessment

Expands documentation of post-quantum TLS availability to all supported regions, enhancing clarity on security features. No direct evidence of addressing a security vulnerability.

Diff

diff --git a/kms/latest/developerguide/pqtls.md b/kms/latest/developerguide/pqtls.md
index b985e6cf8..35f74aad1 100644
--- a//kms/latest/developerguide/pqtls.md
+++ b//kms/latest/developerguide/pqtls.md
@@ -32,5 +32 @@ As always, we welcome your feedback and participation in our open-source reposit
-Post-quantum TLS for AWS KMS is available in all AWS Regions that AWS KMS supports except for China (Beijing) and China (Ningxia). 
-
-###### Note
-
-AWS KMS does not support hybrid post-quantum TLS for FIPS endpoints in AWS GovCloud (US).
+Post-quantum TLS for AWS KMS is available in all AWS Regions that AWS KMS supports.
@@ -70,4 +65,0 @@ For a list of AWS KMS endpoints for each AWS Region, see [AWS Key Management Ser
-**Expected Performance**
-
-Our early benchmark testing shows that the hybrid cipher suites in s2n-tls are slower than classic TLS cipher suites. The effect varies based on the network profile, CPU speed, the number of cores, and your call rate. For more information, see [AWS post-quantum cryptography migration plan](https://aws.amazon.com/blogs/security/aws-post-quantum-cryptography-migration-plan/).
-