Cloudflare now uses post-quantum cryptography to talk to your origin server

Cloudflare has announced that it is rolling out support for post-quantum secure outbound connections by implementing a hybrid key agreement system with classical (X25519) and post-quantum cryptography (Kyber). This will help mitigate the "store now, decrypt later" threat posed by quantum computers. Cloudflare is offering three settings for their customers to configure how they interact with origins that support or prefer post-quantum key agreement: 1. Off - Do not send a post-quantum keyshare in ClientHello and do not accept one from the origin. This setting can be used if your server does not have any form of quantum resistance, but this is strongly discouraged due to security implications. 2. Supported - Send a classical (X25519) then a post-quantum keyshare in ClientHello and accept both types of keyshares from the origin. This setting will introduce an extra roundtrip for origins that support post-quantum key agreement but is recommended as it provides quantum resistance without sacrificing compatibility with non-post-quantum-capable servers. 3. Preferred - Only send a post-quantum keyshare in ClientHello and accept only post-quantum keyshares from the origin. This setting will not introduce an extra roundtrip for origins that support post-quantum key agreement but may cause issues with some non-post-quantum capable servers as they require classical (X25519) key exchange to establish a connection. Cloudflare is also using these settings to scan origin server configurations, helping them determine the best setting for zones that haven't been configured yet by removing the extra roundtrip caused by HelloRetryRequest for origins that support post-quantum cryptography. The scanner pipeline they built will not only benefit post-quantum origins but also speed up non post-quantum origins by sending the most preferred keyshare directly to them, thus eliminating an additional roundtrip due to HRR (Hello Retry Request). Cloudflare's implementation of hybrid key agreement is a significant step towards making the internet more secure and resistant against potential attacks from quantum computers. Encouraging customers to configure their zones appropriately and sharing experiences or seeking help at [email protected] will further enhance the adoption and effectiveness of this technology.