This work addresses the challenge of integrating quantum key distribution (QKD) into existing Internet security architectures. We propose a TLS protocol extension compliant with ETSI GS QKD 014 v1.1.1, implemented as a lightweight modification of Rustls. Without altering the TLS 1.3 handshake flow or message formats, our design seamlessly embeds QKD-based key establishment within the key exchange phase, ensuring strict bidirectional backward compatibility between clients and servers. Our core contributions are a QKD-aware key derivation interface and a state synchronization mechanism, enabling on-demand injection and lifecycle management of quantum-generated keys. Experimental evaluation in a video conferencing scenario demonstrates end-to-end quantum-secured encryption with handshake latency comparable to standard TLS 1.3. To the best of our knowledge, this constitutes the first deployable, protocol-level solution enabling incremental integration of quantum-safe communication into legacy network infrastructure.

A modification of the TLS protocol is presented, using our implementation of the Quantum Key Distribution (QKD) standard ETSI GS QKD 014 v1.1.1. We rely on the Rustls library for this. The TLS protocol is modified while maintaining backward compatibility on the client and server side. We thus wish to participate in the effort to generalize the use of QKD on the Internet. We used our protocol for a video conference call encrypted by QKD. Finally, we analyze the performance of our protocol, comparing the time needed to establish a handshake to that of TLS 1.3.