When will Cloudflare be deprecated?

Cloudflare has deployed PQC on the edge but full product coverage timeline is not published.

Infrastructure

Is Cloudflare Quantum Safe?

Not Quantum Safe

Partially. Cloudflare has been a PQC leader — deploying experimental hybrid PQC key exchange (X25519+ML-KEM-768) on its edge network since 2022. However, full PQC coverage across all Cloudflare products is not yet complete.

Key Takeaway: Cloudflare is NOT quantum safe. Scan your Cloudflare-protected infrastructure with QScout. Verify PQC key exchange is active on edge connections. Audit origin server TLS for PQC readiness. Monitor Cloudflare blog for product-level PQC announcements.

Technical Analysis

Cloudflare is partially quantum safe and is one of the most advanced infrastructure providers in PQC deployment. **Current State:** Cloudflare's edge network supports hybrid PQC TLS key exchange (X25519+ML-KEM-768) for connections from browsers that support it (Chrome 124+, Firefox experimental). Origin-to-Cloudflare connections and many Cloudflare products still use classical TLS. **PQC Progress:** Cloudflare has been a consistent PQC pioneer: - **Edge TLS**: Hybrid X25519+ML-KEM-768 key exchange deployed on Cloudflare's edge for supporting clients. - **Research**: Cloudflare published extensive PQC performance research and benchmarks. - **CIRCL**: Cloudflare's cryptographic library includes ML-KEM and ML-DSA implementations. - **Origin connections**: TLS from Cloudflare to customer origin servers typically uses classical key exchange. - **Cloudflare Tunnel**: Uses classical TLS for tunnel connections. **HNDL Risk:** Edge-to-client connections with PQC-capable browsers are protected. However, origin-to-Cloudflare connections, Cloudflare Workers, and API calls to Cloudflare services still use classical key exchange in most cases. **What Organizations Should Do:** Verify that your Cloudflare configuration enables PQC key exchange on the edge. Audit origin server TLS configurations. Use QScout to map your complete Cloudflare-connected cryptographic surface.

Full Name	Cloudflare CDN and Security
Category	infrastructure
Quantum Vulnerability	Cloudflare edge supports hybrid PQC TLS for capable clients. Origin connections and many Cloudflare products still use classical key exchange vulnerable to quantum attack.
NIST Status	Cloudflare is aligned with NIST FIPS 203 (ML-KEM). Hybrid PQC deployed on edge network. Full product-wide PQC coverage in progress.
Deprecation Timeline	Cloudflare has deployed PQC on the edge but full product coverage timeline is not published.
Replaced By	Cloudflare is deploying ML-KEM-768 (FIPS 203) across its network in hybrid mode with X25519

Migration Guidance

Scan your Cloudflare-protected infrastructure with QScout. Verify PQC key exchange is active on edge connections. Audit origin server TLS for PQC readiness. Monitor Cloudflare blog for product-level PQC announcements.

Related Algorithms

TLS 1.3

Transport Layer Security 1.3

ECDH

Elliptic Curve Diffie-Hellman

ML-KEM

Module-Lattice-Based Key-Encapsulation Mechanism (FIPS 203)

Akamai

Akamai Technologies CDN and Security

Fastly

Fastly Edge Cloud Platform

How Qtonic Quantum Can Help

QScout Surface/Silver/Gold — Discover every instance of Cloudflare in your infrastructure. 7-day cryptographic inventory with HNDL exposure scoring.

Assessment Methodology — 70 security modules covering cryptographic discovery, quantum threat modeling, and migration planning.

Back to Algorithm Database — Explore 25+ cryptographic algorithms and their quantum safety status.

Don’t Know Where Cloudflare Lives in Your Stack?

QScout discovers every instance of Cloudflare across your infrastructure in 7 days — with zero operational disruption. 72-hour time to first findings.

Schedule Assessment Try Risk Calculator

Assess your quantum-vulnerable cryptography with QScout, validate readiness with QStrike, or plan your migration with QSolve.