Hybrid Post-Quantum TLS
Turn on X25519 + ML-KEM at the edge — rollback on thresholds.
We enable hybrid key exchange X25519 + ML-KEM (standardized as NIST FIPS 203) at the edge.
If Err > 0.1% or P99 latency > +1%, we auto-rollback to classic TLS — fully auditable.
Apply for Free 7-Day Pilot
View 1-Page Audit Sample
Status
What you get
- Hybrid KEM handshake X25519 + ML-KEM with classic TLS kept in parallel.
- Guardrails & rollback: thresholds driven (Err/P99Δ), hash-stamped changes for audit.
- 1 external + 1 internal gateway, 2-week canary → blue/green rollout.
- 1-page audit + compatibility report (negotiation split, HRR, top-N failures, config/pcap hashes).
Where you’ll find us
Cloudflare Community
OWASP Chapters
Security & DevOps Discord/Slack
GitHub Discussions
Industry WeChat / Telegram groups
Keywords we watch: post-quantum, Kyber, ML-KEM, hybrid TLS.
FAQ
- Do we change app code? No. We operate at TLS termination (gateway/Cloudflare).
- What if it fails? Threshold-guarded auto-rollback; classic TLS kept in parallel; fully auditable.
- Certificates? ECDSA/RSA for now; adopt PQ signatures later.
- China deployments? Dual-track: TLCP (SM2/SM3/SM4) for compliance + PQC hybrid as enhancement.
© 2025 PQC Plane • Pilot only • Contact:
Allen Fan