Cloudflare has implemented a standardized hybrid ML-KEM approach for Post-Quantum IPsec, replacing the previous 'ciphersuite bloat' with a streamlined solution that aligns with TLS standards and prepares networks for the 2030 NIST quantum-resistant deadline.
Cloudflare has taken a decisive step toward quantum-resistant networking by implementing a standardized hybrid ML-KEM approach for Post-Quantum IPsec, effectively eliminating what the company calls "ciphersuite bloat" in favor of a streamlined solution that aligns with TLS standards.
The move comes as organizations face mounting pressure to prepare for quantum computing threats, with NIST setting a hard 2030 deadline for replacing RSA and Elliptic Curve Cryptography with quantum-resistant algorithms. Cloudflare's approach follows the draft-ietf-ipsecme-ikev2-mlkem specification, which standardizes post-quantum key exchange for IPsec in the same way TLS has evolved.
The Problem with Previous Approaches
IPsec's journey to post-quantum security has been notably different from TLS's evolution. Early attempts using RFC 8784 relied on pre-shared keys or quantum key distribution, neither of which proved practical for widespread deployment. Pre-shared keys lack forward secrecy against quantum adversaries, while quantum key distribution requires specialized hardware that most organizations cannot deploy.
The situation worsened with RFC 9370, which allowed up to seven different algorithms to run simultaneously. Cloudflare characterized this as "ciphersuite bloat," and the approach created interoperability nightmares. Palo Alto Networks, for instance, implemented seven-plus PQC ciphersuites that often failed to work with other vendors' equipment.
Cloudflare's Hybrid ML-KEM Solution
Cloudflare's hybrid approach runs ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) in parallel with classical Diffie-Hellman, providing what the company describes as "belt-and-suspenders" security. ML-KEM handles quantum threats while Diffie-Hellman covers classical attacks, ensuring comprehensive protection without sacrificing compatibility.
The company built production hybrid ML-KEM support into its IPsec IKEv2 Responder and conducted extensive testing against the strongSwan reference implementation to ensure interoperability. The Cloudflare One Appliance received the upgrade automatically on February 11th via version 2026.2.0.
Since the appliance uses TLS instead of IKEv2, the update was relatively straightforward—simply a transition from TLS 1.2 to TLS 1.3 with hybrid ML-KEM baked in. This seamless integration means organizations can adopt post-quantum security without hardware upgrades, complex configurations, or additional costs.
The "Post-Quantum SASE Equation"
Cloudflare positions this implementation as completing what it calls the "post-quantum SASE equation," allowing organizations to finally lock down private network traffic end-to-end against "harvest now, decrypt later" attacks. These attacks involve bad actors capturing encrypted data today and storing it until quantum computers become powerful enough to break the encryption.
Matthew Prince, Cloudflare's CEO and co-founder, emphasized the company's long-term commitment to this transition: "Since 2017, we've been doing the heavy lifting to bake post-quantum standards directly into the fabric of our network. By bringing this protection to our entire SASE platform, we're making post-quantum security the default—no hardware upgrades, no complex configurations, and no added cost."
Current Status and Adoption
Cloudflare IPsec remains in closed beta as the company works on interoperability with third-party branch connector vendors. However, the changes integrate seamlessly into Cloudflare's global network with high-availability routing that automatically reroutes traffic if a data center goes down.
The full implementation now includes post-quantum encryption across TLS, MASQUE, and IPsec on-ramps and off-ramps. According to Cloudflare Radar data, over 60% of human-generated TLS traffic hitting Cloudflare's network already uses hybrid ML-KEM.
Strategic Focus and Industry Context
The Cybersecurity and Infrastructure Security Agency (CISA) recognized the split between key agreement and digital signature migrations in its January 2026 publication. Cloudflare's current push focuses on key establishment through hybrid ML-KEM, while digital signatures remain less urgent since they're designed to stop active adversaries with quantum computers—which don't exist yet.
This strategic prioritization reflects a pragmatic approach to quantum readiness, addressing the most immediate threats while planning for future challenges. As organizations worldwide race to meet the 2030 deadline, Cloudflare's standardized approach offers a clear path forward without the complexity that has plagued earlier attempts at post-quantum networking.
The implementation demonstrates how major cloud providers are taking responsibility for securing the internet's infrastructure against future threats, effectively shielding their customers from the complexity of quantum-resistant cryptography while ensuring broad compatibility and reliability.
Comments
Please log in or register to join the discussion