Hybrid ML-KEM Arrives in Cloudflare IPsec for WAN Tunnels

Cloudflare’s general availability of post-quantum IPsec transitions site-to-site WAN encryption from theoretical preparation into standard production infrastructure. Released on April 30, 2026, the update provides protection against “Harvest Now, Decrypt Later” (HNDL) attacks at no additional cost for all Cloudflare IPsec and Magic WAN users. By utilizing standardized key exchange mechanisms, the release allows enterprise networks to secure long-lived tunnels against future cryptographically relevant quantum computers (CRQCs).

The Hybrid ML-KEM Handshake

The threat of HNDL specifically targets bulk encrypted data traversing public networks. Adversaries intercept and store IPsec traffic today, anticipating that quantum hardware will eventually break classical Diffie-Hellman exchanges.

The implementation mitigates this using a hybrid cryptographic approach. It combines classical Diffie-Hellman (Group 20) with the new Module-Lattice-Based Key-Encapsulation Mechanism, specifically utilizing ML-KEM-768 and ML-KEM-1024 based on the finalized FIPS 203 standard.

The protocol adheres strictly to RFC 9370 for multiple key exchanges in IKEv2 and the draft-ietf-ipsecme-ikev2-mlkem specification. During the IKE_INTERMEDIATE phase, the handshake performs a classical exchange first, followed immediately by an ML-KEM exchange. Both sets of material are then mixed into the final session keys. This hybrid design ensures that even if a mathematical vulnerability is eventually discovered in the new lattice-based algorithms, the tunnel remains exactly as secure as a standard classical exchange.

Verified Hardware Interoperability

While over 66% of Cloudflare’s human-generated TLS traffic is already protected by post-quantum key exchanges, IPsec implementation has lagged behind by several years due to the complexity of hardware interoperability. This release solves the site-to-site constraint by confirming compatibility with major third-party routing infrastructure.

Vendor	Supported Version	Hardware Focus
Cisco	IOS XR Release 26.1.1	8000 Series Secure Routers
Fortinet	FortiOS 7.6.6 and later	FortiGate Next-Generation Firewalls
Cloudflare	Version 2026.2.0	Cloudflare One Appliance

Customers utilizing the Cloudflare One Appliance received this update automatically during the closed beta in February 2026. For existing Cisco and Fortinet deployments, administrators can configure the new key exchange groups once the respective firmware updates are applied.

Strategic Timeline Acceleration

Cloudflare has explicitly moved its internal deadline for a fully post-quantum network forward to 2029. This aggressive timeline anticipates that quantum hardware capable of breaking classical encryption may emerge earlier than the original 2030 NIST projections.

This shift aligns with broader industry urgency, mirroring other major cloud providers accelerating their migration timelines to secure infrastructure. For developers building distributed architectures, ensuring that underlying post-quantum networking is active provides an immediate defense-in-depth layer for sensitive cross-region data transfers without requiring application-level code changes.

If you manage enterprise network infrastructure, audit your current IPsec termination points for ML-KEM capability. Updating edge routers to the supported firmware versions allows you to enable post-quantum key exchanges immediately, utilizing your existing Magic WAN configuration to secure traffic against future decryption.