Skip to content

Commit 3990553

Browse files
RebeccaTamachiroRebeccaTamachiro
committed
Add outline for index.mdx and fill in TLS background info
1 parent 97c2825 commit 3990553

File tree

1 file changed

+29
-0
lines changed
  • src/content/docs/ssl/post-quantum-cryptography

1 file changed

+29
-0
lines changed

src/content/docs/ssl/post-quantum-cryptography/index.mdx

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,32 @@ head: []
1010
description: Consider information about how Cloudflare is implementing post-quantum cryptography to protect you against store now, decrypt later.
1111
---
1212

13+
For years, Cloudflare has been researching and [writing about post quantum](https://blog.cloudflare.com/tag/post-quantum/).
14+
15+
To protect you against the risk of [store now, decrypt later](https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later), and considering all the [connections](#three-connections-in-the-life-of-a-request) that take place when your website or application is on Cloudflare, we have deployed and are actively expanding the use of post-quantum hybrid key agreement.
16+
17+
:::caution[TLS 1.3]
18+
Post-quantum key agreements are only supported in protocols based on TLS 1.3 (including HTTP/3) and are disabled for websites in [FIPS mode](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#fips-compliance).
19+
:::
20+
21+
## Three building blocks of TLS
22+
23+
For a TLS handshake to happen, three types of encryption have to be in place:
24+
25+
- **Symmetric ciphers:** used to encrypt and decrypt data, ensuring confidentiality and integrity (such as `CHACHA20-POLY1305`).
26+
- **Key agreement:** a cryptographic protocol with which client and server can safely agree on a shared key (such as `ECDH`).
27+
- **Signature algorithms:** cryptographic algorithms used to generate the digital signatures in TLS certificates (such as `RSA` and `ECDSA`).
28+
29+
As explained in our [blog post](https://blog.cloudflare.com/pq-2024/#two-migrations), the first, most urgent migration that needs to happen has to do with key agreement.
30+
31+
### Hybrid key agreement
32+
33+
## Three connections in the life of a request
34+
35+
### Visitor to Cloudflare
36+
37+
As of [october 2023](https://blog.cloudflare.com/post-quantum-for-all/), all websites and APIs served through Cloudflare support post-quantum hybrid key agreement.
38+
39+
### Internal services
40+
41+
### Cloudflare to your origin

0 commit comments

Comments
 (0)