From e976f95756e21f08c29d84e1e8efdbd08f6f8999 Mon Sep 17 00:00:00 2001 From: goldbe-cf Date: Tue, 30 Jun 2026 11:48:58 +0300 Subject: [PATCH 1/5] Update gre-ipsec-tunnels.mdx Add info about ipsec downgrade protection: Edit A (small tweak to line 101) and Edit B (new section inserted between lines 259 and 261). --- .../reference/gre-ipsec-tunnels.mdx | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/src/content/partials/networking-services/reference/gre-ipsec-tunnels.mdx b/src/content/partials/networking-services/reference/gre-ipsec-tunnels.mdx index 931ff8593da..4bc18eb6735 100644 --- a/src/content/partials/networking-services/reference/gre-ipsec-tunnels.mdx +++ b/src/content/partials/networking-services/reference/gre-ipsec-tunnels.mdx @@ -98,7 +98,7 @@ For information on how to set up an IPsec tunnel, refer to Date: Tue, 30 Jun 2026 11:54:14 +0300 Subject: [PATCH 2/5] Update pqc-cloudflare-products.mdx added ipsec downgrades protection row and references to the cloudflare ipsec section --- .../pqc-cloudflare-products.mdx | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/content/docs/ssl/post-quantum-cryptography/pqc-cloudflare-products.mdx b/src/content/docs/ssl/post-quantum-cryptography/pqc-cloudflare-products.mdx index 03de0216e15..e62ee411ea6 100644 --- a/src/content/docs/ssl/post-quantum-cryptography/pqc-cloudflare-products.mdx +++ b/src/content/docs/ssl/post-quantum-cryptography/pqc-cloudflare-products.mdx @@ -135,12 +135,13 @@ Reference: [Proxy endpoints](/cloudflare-one/networks/resolvers-and-proxies/prox IKEv2 key exchange for IPsec tunnels between third-party branch connectors and Cloudflare's global network. -| Protection | Status | -| ------------- | ------------------------------------------------- | -| Key agreement | ✅ ML-KEM-768/1024 + DH Group 20 (P-384) in IKEv2 | -| Signatures | Not yet | +| Protection | Status | +| -------------------- | ------------------------------------------------- | +| Key agreement | ✅ ML-KEM-768/1024 + DH Group 20 (P-384) in IKEv2 | +| Downgrade protection | 🚧 [`IKE_SA_INIT_FULL_TRANSCRIPT_AUTH`](/cloudflare-wan/reference/gre-ipsec-tunnels/#downgrade-protection-beta) | +| Signatures | Not yet | -Reference: [PQC SASE](https://blog.cloudflare.com/post-quantum-sase/), [GRE and IPsec tunnels](/cloudflare-wan/reference/gre-ipsec-tunnels/#tested-third-party-vendor-interoperability), [draft-ietf-ipsecme-ikev2-mlkem](https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-mlkem/). +Reference: [PQC SASE](https://blog.cloudflare.com/post-quantum-sase/), [GRE and IPsec tunnels](/cloudflare-wan/reference/gre-ipsec-tunnels/#tested-third-party-vendor-interoperability), [draft-ietf-ipsecme-ikev2-mlkem](https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-mlkem/), [draft-ietf-ipsecme-ikev2-downgrade-prevention](https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-downgrade-prevention/). The IPsec ESP dataplane can alternatively be keyed using the [Cloudflare One Appliance](#cloudflare-one-appliance) control plane instead of IKEv2. From b5166b5ff3461174553247e2e6f8aba62bffdbb6 Mon Sep 17 00:00:00 2001 From: goldbe-cf Date: Tue, 30 Jun 2026 12:00:15 +0300 Subject: [PATCH 3/5] Update pqc-and-zero-trust.mdx added new paragraph after line 106 on downgrade protection --- .../docs/ssl/post-quantum-cryptography/pqc-and-zero-trust.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/content/docs/ssl/post-quantum-cryptography/pqc-and-zero-trust.mdx b/src/content/docs/ssl/post-quantum-cryptography/pqc-and-zero-trust.mdx index 8d89ef619f9..d4375b79482 100644 --- a/src/content/docs/ssl/post-quantum-cryptography/pqc-and-zero-trust.mdx +++ b/src/content/docs/ssl/post-quantum-cryptography/pqc-and-zero-trust.mdx @@ -105,6 +105,8 @@ Traffic leaves the Cloudflare network over a post-quantum Cloudflare IPsec link The hybrid key agreement is negotiated using ML-KEM as an additional Key Exchange to classical Diffie-Hellman during the IKEv2 handshake, as defined in [RFC 9370](https://datatracker.ietf.org/doc/rfc9370/) and [draft-ietf-ipsecme-ikev2-mlkem](https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-mlkem/). For the list of validated third-party platforms and their supported parameters, refer to [Tested third-party vendor interoperability](/cloudflare-wan/reference/gre-ipsec-tunnels/#tested-third-party-vendor-interoperability). +Cloudflare also supports downgrade protection for IPsec tunnels via the [`IKE_SA_INIT_FULL_TRANSCRIPT_AUTH`](https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-downgrade-prevention/) extension. Both the initiator and Cloudflare (responder) must support the extension for protection to be effective, see [Downgrade protection](/cloudflare-wan/reference/gre-ipsec-tunnels/#downgrade-protection-beta). + ## Secure Web Gateway A [secure web gateway (SWG)](https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/) is used to secure access to third-party websites on the public Internet by intercepting and inspecting TLS traffic. From e856cc275b660aa68455b44bab3cb72421f4e528 Mon Sep 17 00:00:00 2001 From: goldbe-cf Date: Tue, 30 Jun 2026 12:09:00 +0300 Subject: [PATCH 4/5] Create changelog entry 2026-07-07-ipsec-downgrade-protection.mdx --- .../2026-07-07-ipsec-downgrade-protection.mdx | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 src/content/changelog/cloudflare-wan/2026-07-07-ipsec-downgrade-protection.mdx diff --git a/src/content/changelog/cloudflare-wan/2026-07-07-ipsec-downgrade-protection.mdx b/src/content/changelog/cloudflare-wan/2026-07-07-ipsec-downgrade-protection.mdx new file mode 100644 index 00000000000..49adde22453 --- /dev/null +++ b/src/content/changelog/cloudflare-wan/2026-07-07-ipsec-downgrade-protection.mdx @@ -0,0 +1,20 @@ +--- +title: IPsec downgrade protection (beta) +description: Cloudflare IPsec now supports the IKE_SA_INIT_FULL_TRANSCRIPT_AUTH extension to prevent quantum downgrade attacks on IKEv2 tunnels. +date: 2026-07-07 +products: + - cloudflare-one +--- + +Cloudflare IPsec now supports the `IKE_SA_INIT_FULL_TRANSCRIPT_AUTH` IKEv2 extension to protect against quantum downgrade attacks on IPsec tunnels. Cloudflare helped develop this extension in ([draft-ietf-ipsecme-ikev2-downgrade-prevention](https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-downgrade-prevention/)) with the IETF IPSECME Working Group. + +IKEv2's original authentication design has each endpoint sign only its own outbound messages, not the full handshake transcript. A quantum-capable man-in-the-middle attacker can exploit this to bypass post-quantum key exchange by downgrading the connection to classical cryptography. The `IKE_SA_INIT_FULL_TRANSCRIPT_AUTH` extension addresses this by having both peers sign the entire handshake transcript during the authentication exchange, preventing an attacker from manipulating the negotiation without detection. + +Key details: + +- Available in beta for Cloudflare WAN and Magic Transit IPsec tunnels. +- Cloudflare sends the `IKE_SA_INIT_FULL_TRANSCRIPT_AUTH` notification unconditionally as a responder when the feature flag is enabled. +- Both the initiator (your device) and responder (Cloudflare) must support the extension for downgrade protection to be effective. +- This feature is currently gated by a per-account feature flag. Contact your account team to enable it. + +Refer to [Downgrade protection](/cloudflare-wan/reference/gre-ipsec-tunnels/#downgrade-protection-beta) for more details. From acd2a9c45f5200eef5bbce8e9d2ffc809726d91a Mon Sep 17 00:00:00 2001 From: goldbe-cf Date: Tue, 30 Jun 2026 12:19:38 +0300 Subject: [PATCH 5/5] Update gre-ipsec-tunnels.mdx to name the feature flag --- .../networking-services/reference/gre-ipsec-tunnels.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/partials/networking-services/reference/gre-ipsec-tunnels.mdx b/src/content/partials/networking-services/reference/gre-ipsec-tunnels.mdx index 4bc18eb6735..b4f7a9e4869 100644 --- a/src/content/partials/networking-services/reference/gre-ipsec-tunnels.mdx +++ b/src/content/partials/networking-services/reference/gre-ipsec-tunnels.mdx @@ -261,7 +261,7 @@ If route-based VPNs are not an option and you must use policy-based VPNs, be awa ### Downgrade protection (beta) :::note[Beta] -This feature is in beta. Contact your account team to enable this feature on your account. +This feature is in beta. Contact your account team to enable the `ipsec_downgrade_protection` flag on your account. ::: IKEv2's original authentication design has each endpoint sign only its own outbound messages, not the full handshake transcript. A quantum-capable man-in-the-middle attacker can exploit this to create a "split view" of the handshake, tricking the endpoints into downgrading a post-quantum connection back to classical cryptography even when both sides support post-quantum key exchange.