[SSL] Restructure PQC docs and add signatures + product matrix#30142
Merged
RebeccaTamachiro merged 3 commits intoproductionfrom Apr 27, 2026
Merged
[SSL] Restructure PQC docs and add signatures + product matrix#30142RebeccaTamachiro merged 3 commits intoproductionfrom
RebeccaTamachiro merged 3 commits intoproductionfrom
Conversation
Contributor
|
This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:
|
Contributor
bwesterb
reviewed
Apr 21, 2026
bwesterb
reviewed
Apr 21, 2026
Member
|
Product should have a look at the presentation of the product table, but looks good to me otherwise. |
bwesterb
reviewed
Apr 21, 2026
lukevalenta
force-pushed
the
lvalenta/pqc-docs-signatures-scaffold
branch
from
e1e9219 to
4346840
Compare
Prepares the post-quantum docs for the rollout of post-quantum
signatures (ML-DSA) alongside the already-deployed hybrid key
agreement (X25519MLKEM768).
Changes to src/content/docs/ssl/post-quantum-cryptography/:
- pqc-support.mdx: restructured from a flat bullet list into three
category-scoped tables (Browsers, Libraries, Servers). Each row
now has separate columns for key agreement (X25519MLKEM768) and
signatures (ML-DSA), replacing the previous per-hybrid prose
sections. X25519Kyber768Draft00 tracking is dropped: that draft
has been superseded by the standardized X25519MLKEM768 hybrid and
every listed library has migrated.
New ML-DSA software support captured (all verified against upstream
release notes or source):
- OpenSSL 3.5.0+ (native, all three parameter sets)
- BoringSSL (native)
- GnuTLS 3.8.10+ (usable in TLS handshakes; all private key
encodings — seed, expandedKey, both)
- Node.js 24.5.0+ (via bundled OpenSSL 3.5)
- Go 1.26 (internal impl; public crypto/mldsa proposed for 1.27,
tracked at golang/go#77626)
- Java 24+ APIs via JEP 497 (not yet in javax.net.ssl TLS)
- Cloudflare's CIRCL 1.5.0+ via sign/mldsa
- Rust: rustls-post-quantum (unstable, behind aws-lc-rs-unstable)
and pure-Rust RustCrypto ml-dsa crate
- Botan 3.6.0+
- liboqs 0.14.0+, oqs-provider 0.9.0+
Intro updated to call out that ML-DSA-44 is the variant Cloudflare
is currently evaluating for deployment and to point readers to the
PQC in Cloudflare products page for the per-product status.
Rustls entry corrected: X25519MLKEM768 ships through the
rustls-post-quantum crate (enabled by default in rustls 0.23.27+),
not directly in the main rustls crate.
Botan key-agreement entry clarified: TLS default is since 3.7.0.
- pqc-cloudflare-products.mdx (new): product-level matrix organized
by the Cloudflare-operated connection or service that provides the
secure communication channel. Each section has a brief
description, a Protection table (key agreement + signatures), a
References line, and a 'Products covered' callout where multiple
Cloudflare products share the same underlying connection or
service.
Sections, all cross-checked against source docs:
- Visitor to Cloudflare (TLS 1.3 including QUIC)
- Cloudflare internal network
- Cloudflare to origin
- Cloudflare One Client (MASQUE)
- Cloudflare Tunnel (cloudflared)
- Cloudflare One Appliance
- Cloudflare IPsec (closed beta)
Signatures are 'Not yet' across all Cloudflare-operated surfaces
today, except for the 'planned via Merkle Tree Certificates' entry
for visitor-facing TLS.
- index.mdx: introduction updated to reference the April 2026
roadmap post (blog.cloudflare.com/post-quantum-roadmap/) announcing
Cloudflare's 2029 target for full post-quantum security. The
post-quantum signatures section now links to the PQC in Cloudflare
products page for the current deployment list. Replaces the
pq.cloudflareresearch.com browser check with Cloudflare Radar's
equivalent page (radar.cloudflare.com/post-quantum#browser-support).
lukevalenta
force-pushed
the
lvalenta/pqc-docs-signatures-scaffold
branch
from
4346840 to
7d27a66
Compare
Pin Brave (1.73.86+) and Opera (116+) stable releases that first shipped Chromium 131 with X25519MLKEM768 default. Add hybrid key agreement names to OpenSSL and GnuTLS entries. Switch Chrome PQ signatures reference to the IETF Merkle Tree Certificates draft and mark it as planned.
RebeccaTamachiro
approved these changes
Apr 27, 2026
nojvek
pushed a commit
to nojvek/cloudflare-docs
that referenced
this pull request
Apr 29, 2026
…flare#30142) * [SSL] Restructure PQC docs and add signatures + product matrix Prepares the post-quantum docs for the rollout of post-quantum signatures (ML-DSA) alongside the already-deployed hybrid key agreement (X25519MLKEM768). Changes to src/content/docs/ssl/post-quantum-cryptography/: - pqc-support.mdx: restructured from a flat bullet list into three category-scoped tables (Browsers, Libraries, Servers). Each row now has separate columns for key agreement (X25519MLKEM768) and signatures (ML-DSA), replacing the previous per-hybrid prose sections. X25519Kyber768Draft00 tracking is dropped: that draft has been superseded by the standardized X25519MLKEM768 hybrid and every listed library has migrated. New ML-DSA software support captured (all verified against upstream release notes or source): - OpenSSL 3.5.0+ (native, all three parameter sets) - BoringSSL (native) - GnuTLS 3.8.10+ (usable in TLS handshakes; all private key encodings — seed, expandedKey, both) - Node.js 24.5.0+ (via bundled OpenSSL 3.5) - Go 1.26 (internal impl; public crypto/mldsa proposed for 1.27, tracked at golang/go#77626) - Java 24+ APIs via JEP 497 (not yet in javax.net.ssl TLS) - Cloudflare's CIRCL 1.5.0+ via sign/mldsa - Rust: rustls-post-quantum (unstable, behind aws-lc-rs-unstable) and pure-Rust RustCrypto ml-dsa crate - Botan 3.6.0+ - liboqs 0.14.0+, oqs-provider 0.9.0+ Intro updated to call out that ML-DSA-44 is the variant Cloudflare is currently evaluating for deployment and to point readers to the PQC in Cloudflare products page for the per-product status. Rustls entry corrected: X25519MLKEM768 ships through the rustls-post-quantum crate (enabled by default in rustls 0.23.27+), not directly in the main rustls crate. Botan key-agreement entry clarified: TLS default is since 3.7.0. - pqc-cloudflare-products.mdx (new): product-level matrix organized by the Cloudflare-operated connection or service that provides the secure communication channel. Each section has a brief description, a Protection table (key agreement + signatures), a References line, and a 'Products covered' callout where multiple Cloudflare products share the same underlying connection or service. Sections, all cross-checked against source docs: - Visitor to Cloudflare (TLS 1.3 including QUIC) - Cloudflare internal network - Cloudflare to origin - Cloudflare One Client (MASQUE) - Cloudflare Tunnel (cloudflared) - Cloudflare One Appliance - Cloudflare IPsec (closed beta) Signatures are 'Not yet' across all Cloudflare-operated surfaces today, except for the 'planned via Merkle Tree Certificates' entry for visitor-facing TLS. - index.mdx: introduction updated to reference the April 2026 roadmap post (blog.cloudflare.com/post-quantum-roadmap/) announcing Cloudflare's 2029 target for full post-quantum security. The post-quantum signatures section now links to the PQC in Cloudflare products page for the current deployment list. Replaces the pq.cloudflareresearch.com browser check with Cloudflare Radar's equivalent page (radar.cloudflare.com/post-quantum#browser-support). * Replace table by list for readability on mobile devices * [SSL] Refine PQC library and browser version details Pin Brave (1.73.86+) and Opera (116+) stable releases that first shipped Chromium 131 with X25519MLKEM768 default. Add hybrid key agreement names to OpenSSL and GnuTLS entries. Switch Chrome PQ signatures reference to the IETF Merkle Tree Certificates draft and mark it as planned. --------- Co-authored-by: Rebecca Tamachiro <rtamachiro@cloudflare.com>
ghen2
reviewed
May 4, 2026
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Prepares the post-quantum docs for the rollout of post-quantum signatures (ML-DSA) alongside the already-deployed hybrid key agreement (X25519MLKEM768).
What's in this PR
pqc-support.mdx— restructured third-party software listingX25519Kyber768Draft00tracking is dropped — that draft has been superseded by the standardizedX25519MLKEM768hybrid and every listed library has migrated.New ML-DSA software support captured (all verified against upstream release notes or source):
crypto/mldsaproposed for 1.27)javax.net.sslTLS)sign/mldsarustls-post-quantum(unstable, behindaws-lc-rs-unstable) and the pure-Rust RustCryptoml-dsacrateCorrections along the way:
X25519MLKEM768ships through therustls-post-quantumcrate (enabled by default in rustls 0.23.27+), not directly in the main rustls crate.pqc-cloudflare-products.mdx(new) — product-level status matrixProduct-level matrix organized by the Cloudflare-operated connection or service that provides each product's secure communication channel. Many Cloudflare products share the same underlying connection or service — once that has been upgraded to post-quantum, every product on top of it inherits the same protection.
Each section has a brief description, a Protection table (key agreement + signatures), a References line, and a "Products covered" callout where multiple Cloudflare products share the same underlying connection or service.
Sections (all cross-checked against source docs and/or blog posts):
cloudflared) — ✅ X25519MLKEM768 · Not yet for signaturesindex.mdx— small updatespq.cloudflareresearch.comto Cloudflare Radar's equivalent page.Documentation checklist