The emergence of quantum computing presents a fundamental challenge to the security of current Internet communication systems. Transport Layer Security (TLS), which forms the backbone of secure web communication, predominantly relies on classical public-key cryptographic algorithms such as RSA and elliptic curve cryptography (ECC), both of which are susceptible to quantum attacks. This paper conducts a large scale empirical evaluation of post-quantum readiness across 32,011 domains, with a primary focus on real-world TLS deployments across diverse sectors by analysing negotiated TLS parameters, including protocol versions, cipher suites, key exchange mechanisms, and certificates. The results indicate that while modern protocols like TLS 1.3 and QUIC are gaining adoption, 15.70% of domains especially in critical sectors such as banking and government still rely on TLS 1.2. Furthermore, 49.3% of domains support hybrid post-quantum key exchange mechanisms (e.g., MLKEM768 with X25519), whereas 50.7% continue to use classical key exchange, reflecting partial transition. Notably, 0% adoption of hybrid post-quantum certificates was observed, leaving the authentication layer vulnerable to quantum-enabled attacks such as certificate forgery. The findings reveal uneven adoption of post-quantum mechanisms across sectors, where technology driven platforms are advancing more rapidly than legacy-dependent infrastructures. Overall, the study highlights that achieving complete quantum resilience requires a coordinated transition not only in key exchange mechanisms but also in certificate infrastructures. Without such comprehensive migration, Internet communication systems remain vulnerable to long-term threats, including Harvest-Now-Decrypt-Later (HNDL) attacks.

翻译：量子计算的出现对当前互联网通信系统的安全性构成了根本性挑战。作为安全网络通信基石的传输层安全协议（TLS），主要依赖经典公钥密码算法（如RSA和椭圆曲线密码学ECC），而这两者均易受量子攻击。本文通过对32,011个域名进行大规模实证评估，重点关注不同行业真实TLS部署中的后量子准备情况，分析了包括协议版本、密码套件、密钥交换机制及证书在内的已协商TLS参数。结果表明：尽管TLS 1.3和QUIC等现代协议正逐步普及，但15.70%的域名（尤其是银行和政府等关键行业）仍依赖TLS 1.2。此外，49.3%的域名支持混合后量子密钥交换机制（如MLKEM768与X25519的组合），而50.7%的域名仍使用经典密钥交换，反映出部分过渡特征。值得注意的是，混合后量子证书的采纳率为0%，认证层仍面临量子攻击（如证书伪造）的脆弱性。研究揭示了不同行业对后量子机制采纳的不均衡性——技术驱动型平台发展速度显著快于依赖遗留系统的基础设施。总体而言，研究强调实现完全的量子韧性需要密钥交换机制与证书基础设施的协同过渡。若缺乏此类全面迁移，互联网通信系统将持续面临长期威胁（包括“先存储后解密”攻击）。