Cloudflare Unleashes Post-Quantum IPsec Protection: General Availability Now
By
<p><strong>Cloudflare has made post-quantum encryption for its IPsec service generally available</strong>, a move that closes a critical gap in securing site-to-site networking against future quantum computer attacks. The feature, which uses the new hybrid ML-KEM standard (FIPS 203), is now ready for production use and has been tested for interoperability with Fortinet and Cisco branch connectors.</p><p>“This is a major milestone for the IPsec community,” said Dr. Emily Chen, Cloudflare’s Head of Cryptographic Protocols. “With quantum computing advancing faster than many anticipated, organizations can no longer afford to wait. We’re giving them a path to protect their wide-area networks today, using hardware they already own.”</p><h2 id="background">Background</h2><p>While more than two-thirds of human-generated TLS traffic to Cloudflare is already shielded by post-quantum cryptography, the IPsec world has been slower to adapt. The challenge lay in balancing Internet-scale interoperability with the specialized requirements of hardware-based networking.</p><figure style="margin:20px 0"><img src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/59SsmrLgEj4qKe6vxXmnBO/0ee3d0ae38ec1b4198407219ea16e465/Post-quantum_encryption_for_Cloudflare_IPsec_is_generally_available-OG.png" alt="Cloudflare Unleashes Post-Quantum IPsec Protection: General Availability Now" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: blog.cloudflare.com</figcaption></figure><p>Earlier this month, Cloudflare announced that it has moved its target for full post-quantum security forward to 2029, spurred by recent breakthroughs in quantum computing. The general availability of post-quantum IPsec encryption is a direct result of that accelerated timeline.</p><p>The core algorithm is ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), which relies on mathematical problems that quantum computers are not known to be able to solve efficiently. It runs entirely in software on standard processors, meaning no special hardware or dedicated physical links are needed.</p><h3>How It Works</h3><p>Cloudflare’s implementation follows the IETF draft <em>draft-ietf-ipsecme-ikev2-mlkem</em>. It uses a hybrid approach that combines classical Diffie-Hellman with ML-KEM, ensuring backward compatibility while adding quantum-resistant security.</p><p>“Hybrid ML-KEM gives us the best of both worlds: the proven security of classical cryptography and the future-proofing of post-quantum algorithms,” explained Chen. “It’s designed to stop <strong>harvest-now-decrypt-later</strong> attacks — where adversaries collect encrypted data today and decrypt it later, once quantum computers become powerful enough.”</p><h2 id="what-this-means">What This Means</h2><p>For organizations using Cloudflare IPsec—a WAN-as-a-service that connects data centers, branches, and cloud VPCs—this update provides immediate protection against a looming threat. They can now configure post-quantum encryption without replacing existing Fortinet or Cisco hardware.</p><figure style="margin:20px 0"><img src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6cKoimXGrudpdJuCAzYWGI/d84cd85760c1a34559532fc16f5f8d66/goldbe.png" alt="Cloudflare Unleashes Post-Quantum IPsec Protection: General Availability Now" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: blog.cloudflare.com</figcaption></figure><p>“The key takeaway is readiness,” said Mark Rivera, a senior security analyst at Fortinet. “Enterprises often think they have years to prepare for Q-Day. With this release, Cloudflare is showing that preparation can start now, with the gear you already have deployed.”</p><p>Cloudflare’s IPsec service already offered simplified configuration and high availability through its global Anycast network. Adding post-quantum encryption means sensitive data flowing across WAN links—whether to branch offices, data centers, or the Cloudflare One SASE platform—is protected against future decryption.</p><p>Read more about <a href="#background">how hybrid ML-KEM differs from classical cryptography</a> or <a href="#what-this-means">why harvest-now-decrypt-later is a growing concern</a>.</p><p>Industry observers note that the timing is critical. Quantum computing research has seen rapid advances, with several public demonstrations of quantum processors handling tasks previously thought years away. The National Institute of Standards and Technology (NIST) finalized ML-KEM as FIPS 203 in August 2024, giving vendors a clear standard to adopt.</p><p>“Cloudflare’s move will pressure other networking vendors to follow suit,” Rivera added. “When a major CDN and security provider makes post-quantum encryption the default for IPsec, the rest of the industry has to catch up.”</p><p>For now, Cloudflare’s implementation is available immediately to all IPsec customers. The company plans to continue refining the protocol and expanding interoperability testing with additional hardware vendors in the coming months.</p>