IPsec downgrade protection prevents quantum attacks on key exchange
Cloudflare IPsec now supports the IKE_SA_INIT_FULL_TRANSCRIPT_AUTH IKEv2 extension to protect against downgrade attacks on IPsec tunnels.
IKEv2's original authentication design has each endpoint sign only its own outbound messages, not the full handshake transcript. A quantum-capable on-path attacker can exploit this to bypass post-quantum key exchange by downgrading the connection to classical cryptography. The IKE_SA_INIT_FULL_TRANSCRIPT_AUTH extension addresses this by having both peers sign the entire handshake transcript during the authentication exchange, preventing an attacker from manipulating the negotiation without detection.
Key details:
- Available in beta for Cloudflare WAN and Magic Transit IPsec tunnels.
- Cloudflare sends the
IKE_SA_INIT_FULL_TRANSCRIPT_AUTHnotification unconditionally as a responder when the feature flag is enabled. - Both the initiator (your device) and responder (Cloudflare) must support the extension for downgrade protection to be effective.
- This feature is currently gated by a per-account feature flag. Contact your account team to turn it on.
Refer to Downgrade protection for more details.
Fetched July 8, 2026
