You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/ssl/post-quantum-cryptography/index.mdx
+7-4Lines changed: 7 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,12 +10,12 @@ head: []
10
10
description: Get an overview of how Cloudflare is implementing post-quantum cryptography to protect you against store now, decrypt later.
11
11
---
12
12
13
-
For years, Cloudflare has been researching and [writing about postquantum](https://blog.cloudflare.com/tag/post-quantum/).
13
+
For years, Cloudflare has been researching and [writing about post-quantum](https://blog.cloudflare.com/tag/post-quantum/).
14
14
15
-
To protect you against the risk of [store now, decrypt later](https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later), and considering all the [connections](#three-connections-in-the-life-of-a-request) that take place when your website or application is on Cloudflare, we have deployed and are actively expanding the use of post-quantum hybrid key agreement.
15
+
To protect you against the risk of [store now, decrypt later](https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later), and considering all the [connections](#three-connections-in-the-life-of-a-request) that take place when your website or application is on Cloudflare, we have deployed and are actively expanding the use of [post-quantum hybrid key agreement](#hybrid-key-agreement).
16
16
17
17
:::caution[TLS 1.3]
18
-
Post-quantum key agreements are only supported in protocols based on TLS 1.3 (including HTTP/3) and are disabled for websites in [FIPS mode](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#fips-compliance).
18
+
Cloudflare post-quantum key agreements are only supported in protocols based on TLS 1.3 (including HTTP/3) and are disabled for websites in [FIPS mode](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#fips-compliance).
19
19
:::
20
20
21
21
## Three building blocks of TLS
@@ -41,7 +41,7 @@ Cloudflare has deployed the following hybrid key agreements:
A hybrid key agreement lays the groundwork as more and more [clients](#visitor-to-cloudflare) adopt post-quantum cryptography, while also maintaining the current security provided by X25519. It is a safer path in case of an unexpected breakthrough that renders all variants of ML-KEM insecure.
44
+
A hybrid key agreement lays the groundwork as more and more [clients](#1-visitor-to-cloudflare) adopt post-quantum cryptography, while also maintaining the current security provided by X25519. It is a safer path in case of an unexpected breakthrough that renders all variants of ML-KEM insecure.
45
45
46
46
## Three connections in the life of a request
47
47
@@ -73,3 +73,6 @@ As announced in [September 2023](https://blog.cloudflare.com/post-quantum-crypto
73
73
74
74
### 3. Cloudflare to your origin
75
75
76
+
Finally, Cloudflare also supports [hybrid key agreements](#hybrid-key-agreement) when connecting to origins. In this case, post-quantum secured connections will depend on the origin servers also supporting PQC.
77
+
78
+
Refer to [Post-quantum cryptography between Cloudflare and origin servers](/ssl/post-quantum-cryptography/pqc-to-origin/) for details.
Copy file name to clipboardExpand all lines: src/content/docs/ssl/post-quantum-cryptography/pqc-support.mdx
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,22 +2,20 @@
2
2
pcx_content_type: reference
3
3
title: PQC support
4
4
sidebar:
5
-
order: 3
5
+
order: 2
6
6
head: []
7
7
description: Consider information about post-quantum cryptography at Cloudflare - deployed key agreements and software support.
8
8
---
9
9
10
-
Cloudflare's deployment of post-quantum hybrid key agreements is supported by the following [third-parties](#software-support) and is in use within the following [Cloudflare products](#cloudflare-products).
10
+
Cloudflare's deployment of post-quantum hybrid key agreements is supported by different software as listed below.
11
11
12
-
## Software support
13
-
14
-
### X25519MLKEM768
12
+
## X25519MLKEM768
15
13
- Default for [Firefox 132+](https://www.mozilla.org/firefox/channel/desktop/) (Beta)
16
14
- Default for [Chrome 131+](https://www.google.com/chrome/beta/) (Beta)
17
15
- Cloudflare's [fork of Go](https://github.com/cloudflare/go)
0 commit comments