diff --git a/src/content/docs/ssl/post-quantum-cryptography/index.mdx b/src/content/docs/ssl/post-quantum-cryptography/index.mdx index b4441080bdbe712..26e5b0d72e7b36c 100644 --- a/src/content/docs/ssl/post-quantum-cryptography/index.mdx +++ b/src/content/docs/ssl/post-quantum-cryptography/index.mdx @@ -14,7 +14,7 @@ Post-quantum cryptography (PQC) refers to cryptographic algorithms that have bee To protect you against the risk of [harvest now, decrypt later](https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later), and considering all the [connections](#three-connections-in-the-life-of-a-request) that take place when your website or application is on Cloudflare, we have deployed and are actively expanding the use of [post-quantum hybrid key agreement](#hybrid-key-agreement). -Refer to [Cloudflare Radar](https://radar.cloudflare.com/adoption-and-usage#post-quantum-encryption-adoption) for current statistics on the adoption of PQ encryption in requests to Cloudflare. +Refer to [Cloudflare Radar](https://radar.cloudflare.com/adoption-and-usage#post-quantum-encryption-adoption) for current statistics on the adoption of PQ encryption in requests to Cloudflare, and visit [pq.cloudflareresearch.com](https://pq.cloudflareresearch.com) to check if your connection is secured using PQ key agreement. :::caution[TLS 1.3] Cloudflare post-quantum key agreements are only supported in protocols based on TLS 1.3 (including HTTP/3) and are disabled for websites in [FIPS mode](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#fips-compliance). diff --git a/src/content/docs/ssl/post-quantum-cryptography/pqc-support.mdx b/src/content/docs/ssl/post-quantum-cryptography/pqc-support.mdx index 1c89cbb7fe937c6..a99b5b458fe42ca 100644 --- a/src/content/docs/ssl/post-quantum-cryptography/pqc-support.mdx +++ b/src/content/docs/ssl/post-quantum-cryptography/pqc-support.mdx @@ -7,13 +7,14 @@ head: [] description: Consider information about post-quantum cryptography at Cloudflare - deployed key agreements and software support. --- -Cloudflare's deployment of post-quantum [hybrid key agreements](/ssl/post-quantum-cryptography/#hybrid-key-agreement) is supported by different software as listed below. +Cloudflare's deployment of post-quantum [hybrid key agreements](/ssl/post-quantum-cryptography/#hybrid-key-agreement) is supported by different software as listed below. [Contributions](https://github.com/cloudflare/cloudflare-docs/blob/production/CONTRIBUTING.md) to keep the listing up-to-date are welcome! ## X25519MLKEM768 - Default for [Firefox 132+](https://www.mozilla.org/firefox/channel/desktop/) (Beta) - Default for [Chrome 131+](https://www.google.com/chrome/beta/) (Beta) - Cloudflare's [fork of Go](https://github.com/cloudflare/go) - [BoringSSL](https://boringssl.googlesource.com/boringssl/) +- [rustls-post-quantum 0.2.0+](https://crates.io/crates/rustls-post-quantum) ([blog](https://www.memorysafety.org/blog/pq-key-exchange/)) ## X25519Kyber768Draft00 @@ -32,5 +33,4 @@ Cloudflare's deployment of post-quantum [hybrid key agreements](/ssl/post-quantu - [Zig 0.11.0+](https://ziglang.org/) - [nginx](https://www.nginx.org/) when [compiled with BoringSSL](https://mailman.nginx.org/pipermail/nginx/2023-August/NOISOYU3QTB2DGIYUBGF7CAMQHDI2QLT.html) ([guide](https://blog.centminmod.com/2023/10/03/2860/how-to-enable-cloudflare-post-quantum-x25519kyber768-key-exchange-support-in-centmin-mod-nginx/)) - [Caddy HTTP server](https://caddyserver.com/) nightly [compiled with Go 1.23+](https://gist.github.com/bwesterb/2f7bfa7ae689de0d242b56ea3ecac424) -- [Botan C++ library 3.2.0+](https://botan.randombit.net/) ([instructions](https://github.com/randombit/botan/discussions/3747)) -- ISRG's fork of [Rustls](https://www.memorysafety.org/blog/pq-key-exchange/) \ No newline at end of file +- [Botan C++ library 3.2.0+](https://botan.randombit.net/) ([instructions](https://github.com/randombit/botan/discussions/3747)) \ No newline at end of file