This shouldn't be a major issue because of Forward Secrecy (https://en.wikipedia.org/wiki/Forward_secrecy) principles built into modern TLS protocols, which ensure that even if the public/private key scheme is vulnerable to (for example) quantum attacks, the attacks have to be done now, as a MITM for the handshake, or otherwise the full traffic capture is useless for future decryption without getting some secrets from one of the endpoints.That being said, it's not 100% used everywhere yet (Wikipedia mentions 92.6% of websites), and various means of tricking devices into downgrading to an older protocol would result in traffic that might be decrypted later.
colmmacc|4 months ago
Both the FFDH and ECDH key agreement algorithms are vulnerable to quantum crypt-analysis; someone capturing traffic today could later break that agreement and then decrypt the data. An attacker would have to capture the entire session up to the "point of interest" though.
This is why FFDH/ECDH are being augmented with Post-Quantum secure KEMs.