5 Things You Need to Know About Cloudflare's Post-Quantum IPsec Encryption

For years, securing wide-area networks against future quantum threats felt like a distant goal. While Cloudflare protected over two-thirds of human-generated TLS traffic with post-quantum cryptography, IPsec lagged behind due to interoperability hurdles and specialized hardware demands. Now, that gap has closed. Cloudflare has made post-quantum encryption generally available for its IPsec service, using the new hybrid ML-KEM standard. This milestone, accelerated by recent quantum computing advances, lets you defend your WAN against harvest-now-decrypt-later attacks with existing equipment. Below are five essential insights every network architect should know.

1. The Long-Awaited IPsec Upgrade Is Here

Until now, post-quantum cryptography in site-to-site networking faced a unique challenge. The IPsec community had to balance Internet-scale interoperability with niche hardware requirements. Early TLS adoption outpaced IPsec because TLS handshakes could be updated more flexibly. But with the IETF draft for hybrid ML-KEM (FIPS 203) finalizing, Cloudflare now supports post-quantum encryption in its IPsec tunnels. This means your branch offices, data centers, and cloud VPCs can all use quantum-resistant encryption without buying new gear. The upgrade uses a hybrid approach—combining classical Diffie-Hellman with ML-KEM—to ensure backward compatibility while blocking future quantum attacks. Testing with Fortinet and Cisco connectors confirmed that deployment works on hardware you already own.

2. Why IPsec Took Four Years Longer Than TLS

Transport Layer Security (TLS) adopted post-quantum cryptography relatively quickly because it runs in software and can be updated via patches. IPsec, however, often depends on specialized hardware accelerators and fixed firmware. Achieving consensus on a new handshake protocol across vendors took time. The IETF working group had to balance security, performance, and compatibility with legacy systems. Cloudflare's implementation uses hybrid ML-KEM, which layers post-quantum protection on top of existing Diffie-Hellman. This design avoids disrupting current IPsec deployments while future-proofing them. The four-year delay reflects the complexity of standardizing a protocol that works at Internet scale and on diverse hardware—a feat now accomplished with the draft-ietf-ipsecme-ikev2-mlkem specification.

3. How Hybrid ML-KEM Stops Harvest-Now-Decrypt-Later Attacks

Harvest-now-decrypt-later (HNDL) attacks involve adversaries collecting encrypted data today, then decrypting it once quantum computers become powerful enough to break RSA and ECC. With Q-Day approaching faster than anticipated, protecting long-lived WAN traffic is critical. ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) is a post-quantum algorithm designed for software implementation on standard processors—no special hardware needed. When combined with classical Diffie-Hellman in a hybrid mode, it ensures that even if one algorithm is broken, the other still protects the session key. Cloudflare's IPsec now uses this hybrid approach, so your site-to-site traffic remains safe from future decryption. This is especially important for industries like finance and healthcare that must safeguard data for decades.

4. Interoperability with Major Hardware Vendors

A key hurdle for post-quantum IPsec has been getting different vendor devices to talk to each other. Cloudflare successfully tested interoperability with branch connectors from Fortinet and Cisco—two of the most popular enterprise firewall and VPN platforms. This means you can deploy Cloudflare's post-quantum IPsec at the edge and connect it to existing Fortinet or Cisco hardware in your branch offices. The tests validated both the IKEv2 handshake and the hybrid ML-KEM key exchange. As a result, organizations can upgrade their WAN security without forklift upgrades or vendor lock-in. Cloudflare plans to expand testing to additional hardware vendors over time, but the initial success proves the standard is ready for production use.

5. Cloudflare's Broader Post-Quantum Roadmap

This IPsec launch is part of a larger push: Cloudflare accelerated its target for full post-quantum security from 2030 to 2029. The company already protects the majority of human-generated TLS traffic with post-quantum cryptography. Now, by extending that protection to IPsec, it covers a critical gap in site-to-site networking. Cloudflare IPsec is a WAN Network-as-a-Service that replaces legacy architectures, connecting data centers, branches, and cloud VPCs over the global Anycast network. With post-quantum encryption baked in, customers get high availability (automatic rerouting if a data center goes down), simplified configuration, and quantum-resistant tunnels. This aligns with Cloudflare's goal of making the entire Internet secure against future quantum threats—no hardware changes required.

Post-quantum encryption is no longer a future concern; it's a deployable reality for your WAN. Cloudflare's general availability of hybrid ML-KEM in IPsec means you can start protecting your network today against harvest-now-decrypt-later attacks. The standard's interoperability with Fortinet and Cisco hardware ensures a smooth transition. As quantum computing advances, these measures will become essential for any organization handling sensitive data. The time to act is now—before Q-Day arrives.