2026-05-01 · cloudflare
Cloudflare says its IPsec product now supports post-quantum encryption using hybrid ML-KEM. The launch is aimed at closing the gap between modern TLS protection and site-to-site network security. It’s a practical step for teams that move sensitive data across WAN links and want their traffic protected before quantum threats become real-world attack tools.
Cloudflare made post-quantum encryption for IPsec generally available and confirmed interoperability with Cisco and Fortinet. The implementation uses hybrid ML-KEM, which mixes classical and post-quantum key exchange.
Harvest-now-decrypt-later attacks are dangerous because intercepted data can stay valuable for years. If encrypted traffic is stored today and cracked later, the loss can hit old backups, secrets, and archived communications all at once.
Cold storage keeps the most sensitive keys and recovery material offline, away from network capture entirely. For long-lived secrets, pairing offline backups with post-quantum transport protection reduces both interception risk and future decryption risk.
Read Original Post →