PQC in Cloudflare products
Cloudflare is targeting 2029 ↗ to be fully post-quantum secure across its entire product suite.
This page shows the status of the migration. Each section below groups Cloudflare products by the underlying secure communication channel. Once a channel supports PQC, every product built on top inherits PQC support.
Each section captures the classes of post-quantum algorithms deployed in the secure communication channel: key agreement (sometimes called post-quantum encryption, which protects against harvest-now, decrypt-later ↗ attacks) and signatures (sometimes called post-quantum authentication, which protects live systems against unauthorized access by quantum adversaries after Q-Day ↗).
A Cloudflare-side ✅ entry only delivers end-to-end post-quantum protection when the party on the other side of the connection also supports the same post-quantum algorithms. Refer to PQC support for the list of browsers, libraries, and servers that support the algorithms Cloudflare has deployed.
For an end-to-end walkthrough of how Cloudflare One on-ramps and off-ramps fit together, refer to PQC and Cloudflare One.
Inbound TLS 1.3 (including QUIC) from end-user clients to Cloudflare's edge.
| Protection | Status |
|---|---|
| Key agreement | ✅ X25519MLKEM768 |
| Signatures | 📝 Planned via Merkle Tree Certificates ↗ |
Reference: PQC for all websites and APIs ↗.
Products covered: any proxied hostname or HTTPS application behind Cloudflare, including:
- The Cloudflare developer platform: Workers custom domains,
*.workers.dev, Pages, R2 public buckets, Stream, and Images. - API Shield-protected APIs.
- The Cloudflare API and dashboard.
- Cloudflare Access self-hosted applications (browser-to-edge leg).
This section only covers the inbound TLS connection from the end-user client to Cloudflare's edge. When a Worker fetches data from a backend storage service (D1, KV, Durable Objects, R2, Workers AI, Hyperdrive, and similar), that connection is governed by the Cloudflare internal network section. When a Worker calls out to a third-party origin via fetch(), it is governed by the Cloudflare to origin section. The Agentless via proxy endpoints on-ramp to Cloudflare Gateway terminates inbound TLS in its own edge stack and is covered separately below.
Service-to-service TLS connections between Cloudflare data centers and internal services.
| Protection | Status |
|---|---|
| Key agreement | 🚧 X25519MLKEM768 |
| Signatures | Not yet |
Reference: PQC generally available ↗, Roadmap ↗.
Most internal connections have been migrated to X25519MLKEM768. A long tail of services is still in the process of being upgraded.
Outbound TLS 1.3 connections from Cloudflare's edge to customer origin servers.
| Protection | Status |
|---|---|
| Key agreement | ✅ X25519MLKEM768 |
| Signatures | Not yet |
Reference: PQC to your origin.
Products covered: any Cloudflare-proxied zone's origin pull, and the egress leg of Cloudflare Gateway (SWG, HTTPS inspection) when Gateway fetches third-party origin content on behalf of the client. Gateway's post-quantum support on this leg is independent of which on-ramp the client uses to reach Cloudflare.
Outbound TLS 1.3 tunnel from cloudflared on a customer origin to Cloudflare's global network.
| Protection | Status |
|---|---|
| Key agreement | ✅ X25519MLKEM768 |
| Signatures | Not yet |
Reference: PQ Cloudflare Tunnel ↗, PQC and Cloudflare One.
Products covered: Workers VPC private-network access and any Cloudflare One off-ramp that egresses via cloudflared (for example, Cloudflare Access self-hosted applications).
The sections below cover the connections and services that make up Cloudflare One. For an end-to-end walkthrough of how on-ramps and off-ramps fit together, refer to PQC and Cloudflare One.
MASQUE tunnel (TLS 1.3) from an end-user device to Cloudflare's global network, established by the Cloudflare One Client (formerly WARP).
| Protection | Status |
|---|---|
| Key agreement | ✅ X25519MLKEM768 |
| Signatures | Not yet |
Reference: PQC and Cloudflare One: Cloudflare One Client.
This connection also serves as a post-quantum on-ramp for traffic that traverses Cloudflare Gateway.
Cloudflare Mesh provides private IP connectivity between devices and servers using the Cloudflare One Client on each Mesh node and client device.
Mesh inherits its post-quantum protection from the Cloudflare One Client connection, which is used as both the on-ramp and the off-ramp for Mesh traffic.
Cloudflare Gateway is a Secure Web Gateway that runs on Cloudflare's edge and filters HTTPS traffic egressing to the public Internet. Gateway has no client-side component; clients reach Gateway via one of several post-quantum on-ramps:
- The Cloudflare One Client.
- A Cloudflare IPsec tunnel.
- The Agentless via proxy endpoints on-ramp.
The egress leg from Gateway to third-party origin servers is covered by Cloudflare to origin and is independent of the on-ramp.
Reference: PQC and Cloudflare One: Secure Web Gateway.
Cloudflare Gateway proxy endpoints let browsers route their egress HTTPS traffic through Cloudflare Gateway for inspection and filtering, without an agent installed on the device. Browsers are configured via a Proxy Auto-Configuration (PAC) file or system proxy settings to forward traffic to a Cloudflare-hosted proxy endpoint, which terminates TLS at Cloudflare's edge.
| Protection | Status |
|---|---|
| Key agreement | ✅ X25519MLKEM768 |
| Signatures | Not yet |
Reference: Proxy endpoints, PQC and Cloudflare One: Secure Web Gateway.
IKEv2 key exchange for IPsec tunnels between third-party branch connectors and Cloudflare's global network.
| Protection | Status |
|---|---|
| Key agreement | ✅ ML-KEM-768/1024 + DH Group 20 (P-384) in IKEv2 |
| Signatures | Not yet |
Reference: PQC SASE ↗, GRE and IPsec tunnels, draft-ietf-ipsecme-ikev2-mlkem ↗.
The IPsec ESP dataplane can alternatively be keyed using the Cloudflare One Appliance control plane instead of IKEv2.
TLS 1.3 control-plane connection used by the Cloudflare One Appliance (formerly Magic WAN Connector) to establish keys for its IPsec ESP dataplane tunnels.
| Protection | Status |
|---|---|
| Key agreement | ✅ X25519MLKEM768 |
| Signatures | Not yet |
Reference: PQC SASE ↗, Cloudflare One Appliance, PQC and Cloudflare One.
This listing is maintained alongside the rest of the Cloudflare SSL/TLS documentation. If you spot an inaccuracy or have an update after a product announcement, contributions are welcome.