| Host | Port | Type | Algorithm | Posture | Risk | Compliance Gaps |
|---|---|---|---|---|---|---|
| quxnow.com | 443 | TLS |
EC-256 |
Classical โ quantum-vulnerable | CRITICAL | FIPS-203, FIPS-204, CNSA-2.0-KE, ETSI-103744 |
| quxnow.com | 22 | SSH |
โ |
Unknown | Error | N/A[Errno 101] Network is unreachable |
You have endpoints using RSA or EC cryptography that are vulnerable to quantum attacks today via harvest-now-decrypt-later (HNDL) strategies. Deploy Qveil (quantum-safe TLS wrapper) in front of these services to establish ML-KEM-1024 (preferred) or ML-KEM-768 (legacy-compatible) hybrid key exchange without touching application code.
SSH servers using ssh-rsa or ECDSA host keys should be migrated to
Ed25519 as an immediate step, and to ML-DSA-87 (preferred) or ML-DSA-65
(legacy-compatible) via Qpki for full post-quantum protection.
Also audit sshd_config to disable deprecated algorithms.
The following controls have failing endpoints: CNSA-2.0-KE, ETSI-103744, FIPS-203, FIPS-204. Remediate by deploying Qveil for TLS endpoints and upgrading SSH configurations. After remediation, re-run Qdiscover to confirm compliance posture.
| Control | Framework | Title | Status | Notes |
|---|---|---|---|---|
| FIPS-203 | NIST FIPS 203 |
ML-KEM โ Post-Quantum Key Encapsulation | FAIL | 1 failing endpoint(s) |
| FIPS-204 | NIST FIPS 204 |
ML-DSA โ Post-Quantum Digital Signatures | FAIL | 1 failing endpoint(s) |
| CNSA-2.0-KE | NSA CNSA 2.0 |
Key Establishment โ ML-KEM Required | FAIL | 1 failing endpoint(s) |
| CNSA-2.0-SIG | NSA CNSA 2.0 |
Digital Signatures โ ML-DSA Required | FAIL | 0 failing endpoint(s) |
| ETSI-103744 | ETSI TS 103 744 |
Quantum-Safe Hybrid Key Exchange | FAIL | 1 failing endpoint(s) |
Status reflects whether any scanned endpoint satisfies each post-quantum standard. PASS = all reachable endpoints use PQC-approved algorithms. FAIL = at least one endpoint uses classical cryptography. N/A = standard not applicable to scanned endpoint types.