Cloudflare’s Post-Quantum IPsec Encryption Now Generally Available—Securing Wide-Area Networks Against Quantum Threats

While over two-thirds of human-generated TLS traffic to Cloudflare is already protected by post-quantum cryptography, site-to-site networking—the backbone of enterprise connectivity—has remained vulnerable. For years, the IPsec community struggled to balance Internet-scale interoperability with the specialized demands of hardware-based solutions. That era ends today. Following Cloudflare’s recent announcement to accelerate its full post-quantum security timeline to 2029—driven by rapid advances in quantum computing—the company has made post-quantum encryption for its IPsec service generally available.

By adopting the IETF draft for hybrid ML-KEM (FIPS 203), Cloudflare has successfully tested interoperability with branch connectors from Fortinet and Cisco. Enterprises can now protect their wide-area networks (WANs) against harvest-now-decrypt-later attacks using existing hardware, without waiting for a future quantum-safe upgrade.

This article explains how Cloudflare implemented the new hybrid IPsec handshake, why post-quantum IPsec took four years longer than its TLS counterpart, and how the industry is finally coalescing around a practical, Internet‑scale standard.

The Quantum Threat to Wide-Area Networks

Classical public-key cryptography—used everywhere from web browsing to VPNs—relies on mathematical problems that are hard for classical computers but potentially easy for sufficiently powerful quantum machines. An adversary can capture encrypted traffic today and store it, waiting for the day (Q‑Day) when a quantum computer can decrypt it. This harvest‑now‑decrypt‑later attack is especially dangerous for site-to-site WAN connections, which often carry sensitive corporate data over long periods.

With quantum computing advancing faster than anticipated (Cloudflare revised its 2029 target this month), the urgency to deploy post‑quantum protection on all network paths has never been higher.

Closing the Gap: Post‑Quantum IPsec Arrives

Cloudflare’s IPsec service is a WAN Network‑as‑a‑Service that replaces legacy architectures by connecting data centers, branch offices, and cloud VPCs to Cloudflare’s global IP Anycast network. It provides simplified configuration, high availability (automatic rerouting if a data center goes down), and the scale of one of the world’s largest networks. The service uses encrypted IPsec tunnels for site-to-site WAN, outbound Internet connections, and connectivity to the Cloudflare One SASE platform.

Now those tunnels gain post‑quantum protection. The new implementation uses hybrid ML‑KEM (Module‑Lattice‑Based Key‑Encapsulation Mechanism), standardized as FIPS 203, combined with classical Diffie‑Hellman. This hybrid approach ensures backward compatibility while adding a layer of quantum resistance.

How Hybrid ML‑KEM Works

ML‑KEM is a post‑quantum cryptography algorithm based on lattice problems that are believed to be immune to quantum attacks. It does not require special hardware or dedicated physical links; it is designed to run in software on standard processors. In the IPsec context, the IETF draft draft‑ietf‑ipsecme‑ikev2‑mlkem specifies how to integrate ML‑KEM into the IKEv2 handshake, achieving post‑quantum key exchange alongside the well‑understood security of classical Diffie‑Hellman.

This hybrid mechanism works by running both the classical and post‑quantum key exchanges, then combining their outputs to derive the session key. Even if a future quantum computer breaks the classical part, the lattice‑based component remains secure, protecting the tunnel.

Why IPsec Took Longer Than TLS

Post‑quantum encryption for TLS became practical relatively quickly because the protocol’s key exchange can be replaced almost transparently—a matter of adding new cipher suites. IPsec, however, lives in a more fragmented ecosystem. It must interoperate with thousands of hardware and software implementations across different vendors, each with its own performance constraints and certification processes.

Moreover, the IPsec community demanded a careful balance: ensuring that the new standard works at Internet scale without breaking existing tunnels. The IETF draft for hybrid ML‑KEM in IKEv2 required extensive review and testing to guarantee that network operators could upgrade without service disruption. Cloudflare’s successful interoperability tests with Fortinet and Cisco (two major branch connector vendors) mark a pivotal milestone in turning that draft into deployable reality.

Interoperability: Tested with Industry Leaders

Cloudflare validated its post‑quantum IPsec implementation against branch connectors from Fortinet and Cisco. These tests covered the full hybrid handshake, confirming that the new key exchange works seamlessly with existing routers and firewalls. Enterprises with deployed Fortinet or Cisco equipment can enable post‑quantum protection without hardware upgrades—a key factor for rapid adoption.

Additional vendor support is expected as the draft matures toward RFC status, but the foundation is solid. Organizations concerned about harvest‑now‑decrypt‑later attacks can act today.

Cloudflare IPsec: A Secure Foundation for WAN

Cloudflare’s IPsec service is more than just encrypted tunnels. It replaces legacy network architectures with a global, software‑defined fabric. Key benefits include:

• Simplified configuration – no complex VPN policies per location
• High availability – automatic failover to the nearest healthy data center
• Global scale – leverage Cloudflare’s 330+ points of presence
• Integrated SASE – connect to Cloudflare One’s Zero Trust security services

With post‑quantum encryption now built in, the service also future‑proofs WAN traffic against the quantum threat.

Looking Ahead to Full Post‑Quantum Security

Cloudflare has moved its target for full post‑quantum security forward to 2029, responding to recent quantum computing breakthroughs. General availability of post‑quantum IPsec is a major step, but it is not the final one. The company will continue to harden its entire infrastructure—TLS, DNS, VPNs, and more—against quantum adversaries.

For now, enterprises can begin protecting their WANs today by enabling hybrid ML‑KEM on Cloudflare IPsec tunnels. The deployment is straightforward, the interoperability is proven, and the benefits against harvest‑now‑decrypt‑later attacks are immediate. As the industry converges on this standard, the gap between TLS and IPsec post‑quantum readiness finally closes.