Cloudflare IPsec now supports post-quantum encryption using hybrid ML-KEM (FIPS 203) to protect against harvest-now-decrypt-later attacks.
- •Uses hybrid ML-KEM with classical Diffie-Hellman key exchange to combine classical and post-quantum security in a single handshake
- •Confirmed interoperability with Cisco 8000 Series (v26.1.1+) and Fortinet FortiOS (7.6.6+) branch connectors
- •Protects wide-area networks without requiring specialized hardware on existing infrastructure
- •IPsec post-quantum standardization took four years longer than TLS due to community focus on Quantum Key Distribution
- •Supports Cloudflare's 2029 target for full post-quantum security across all services
This summary was automatically generated by AI based on the original article and may not be fully accurate.
Cloudflare
The Hacker News