Cloudflare Research: Post-Quantum Key Agreement

On essentially all domains served (1) through Cloudflare, including this one, we have enabled hybrid post-quantum key agreement. We are also rolling out support for post-quantum key agreement for connection from Cloudflare to origins (3). Check out our blog post the state of the post-quantum Internet for more context.

Checking connection …

Deployed key agreements

Available with TLSv1.3 including HTTP/3 (QUIC)

Key agreement TLS identifier
X25519Kyber768Draft00 0x6399, 0xfe31
X25519Kyber512Draft00 0xfe30
X25519Kyber[x]Draft00 is a hybrid of X25519 and Kyber[x]Draft00 (in that order).

We are planning to deploy X25519MLKEM768 (0x11ec) soon.

Software support

References

Contact

You can reach us directly at ask-research@cloudflare.com with questions and feedback.