Cloudflare Research: Post-Quantum Key Agreement

On a small number of domains, including this one, we have enabled hybrid post-quantum key agreement. Read our blog for the details.

You are using X25519 which is not post-quantum secure.

Want to enable the post-quantum key agreement on your test zone? Send an e-mail to, but do check out the fine print.

Deployed key agreements

Available with TLSv1.3 on HTTP/2 and below.

Key agreement TLS identifier
X25519Kyber512Draft00 0xfe30
X25519Kyber768Draft00 0xfe31
X25519Kyber[x]Draft00 is a hybrid of X25519 and Kyber[x]Draft00 (in that order).

Client support


You can reach us directly at with questions and feedback.