Securing Site-to-Site Networks: Cloudflare Brings Post-Quantum Encryption to IPsec

While over two-thirds of human-generated TLS traffic to Cloudflare already benefits from post-quantum cryptography, site-to-site networking has lagged behind. For years, the IPsec community struggled to balance Internet-scale interoperability with the unique demands of specialized hardware. That gap is now closing. Inspired by rapid advances in quantum computing, Cloudflare has moved its full post-quantum security target to 2029—and to accelerate this goal, post-quantum encryption for Cloudflare IPsec is now generally available.

Why IPsec Needed a Post-Quantum Upgrade

Traditional IPsec tunnels rely on classical public-key cryptography, which is vulnerable to future quantum computers. The primary threat is the harvest-now-decrypt-later attack: adversaries collect encrypted data today, store it, and wait until quantum computers become powerful enough to break the encryption. As Q-Day approaches faster than expected, organizations managing wide-area networks (WANs) face growing risk.

Securing Site-to-Site Networks: Cloudflare Brings Post-Quantum Encryption to IPsec — Source: blog.cloudflare.com

The Harvest-Now-Decrypt-Later Threat

This type of attack is particularly insidious because it doesn't require immediate decryption. An attacker can intercept IPsec traffic today, archive it, and decrypt years later when quantum computers mature. For enterprises with long-lived data—financial records, intellectual property, or government secrets—this poses a severe retrospective exposure. The urgency has pushed the industry to standardize post-quantum encryption for VPN and tunneling protocols.

How Cloudflare Implemented Hybrid ML-KEM in IPsec

Cloudflare's solution uses the new IETF draft for hybrid ML-KEM (FIPS 203), a post-quantum key-encapsulation mechanism based on module lattices. Unlike earlier approaches, ML-KEM requires no special hardware or dedicated physical links; it runs efficiently in software on standard processors. The hybrid approach combines classical Diffie-Hellman (with well-understood security) and the post-quantum ML-KEM, providing a safety net even if one algorithm is broken in the future.

The implementation follows the specifications in draft-ietf-ipsecme-ikev2-mlkem, which defines how to integrate ML-KEM into the IKEv2 handshake. This ensures backward compatibility while offering forward secrecy against quantum threats.

Interoperability with Industry Leaders

Cloudflare has successfully tested interoperability with branch connectors from Fortinet and Cisco. This means organizations can start protecting their WAN against harvest-now-decrypt-later attacks using existing hardware—no forklift upgrades required. The tests validated that hybrid ML-KEM works seamlessly across vendor ecosystems, a critical step for Internet-scale adoption.

The Road to General Availability

Why did post-quantum IPsec take four years longer than its TLS counterpart? The challenge lay in the fragmented IPsec ecosystem: many devices rely on hardware accelerators for cryptographic offload, and standardizing a new key-exchange mechanism across incompatible implementations took time. Now, with a widely accepted IETF draft and field-tested interoperability, Cloudflare is making this capability available to all IPsec customers.

What This Means for Your WAN

Cloudflare IPsec is a WAN Network-as-a-Service that replaces legacy architectures by connecting data centers, branch offices, and cloud VPCs to Cloudflare's global IP Anycast network. The service simplifies configuration, provides high availability (automatic rerouting if a data center goes down), and leverages Cloudflare's massive network scale. With post-quantum encryption now generally available, every IPsec tunnel can be upgraded to hybrid ML-KEM protection.

Future-Proofing Network Security

Enabling post-quantum IPsec today is a proactive step against future threats. As quantum computing advances, classical cryptography will become obsolete. By adopting hybrid ML-KEM now, organizations ensure that their site-to-site traffic remains confidential even after Q-Day. The transition is also seamless: no changes to routing, no additional hardware, just a configuration update to enable the new key exchange.

Cloudflare's commitment to moving its full post-quantum security target to 2029 underscores the urgency. With this general availability, the IPsec community finally has a practical, standards-based path to quantum-safe networking.

Get started today: Enable post-quantum encryption in your Cloudflare IPsec tunnels to protect against harvest-now-decrypt-later attacks and future-proof your WAN.

Tags: