HYBRID POST-QUANTUM TLS • SAMPLE
1-Page Audit – Compatibility & Performance Snapshot
Edge handshake split: X25519 + ML-KEM with automatic rollback on thresholds.
Handshake Success (7-day)
99.92%
Rollback ratio
0.56%
Latency P50 / P99 (ms)
28 / 112
Δ vs. baseline
+1.3% / +3.8%
Top-N Failures (by AS / UA)
3
Legacy TLS stacks; non-SNI clients; TLS-inspecting middleboxes
Final Verification Summary
Verified domain: pqcplane.uk
Status: Hybrid Post-Quantum Key Agreement (X25519 + ML-KEM768)
Verification hash: 9d346f6c75d5fb5e4fb15a2da485a987303119e1ee7f9bf8e0cfb6d53dbdc1c6
Verified via Cloudflare PQC Research on Oct 29 2025.
Guardrails & Rollback
If Err > 0.1% or P99Δ > +1%, hybrid is auto-rolled back per edge POP and changes are hash-stamped for audit.
No code changes required; classic TLS kept in parallel.
Compatibility Notes
- Modern browsers (Chromium/Firefox/WebKit) — PASS
- Java 8u- TLS stacks without TLS 1.3 — Review
- Middleboxes doing TLS interception — Policy exception may be needed
Evidence (for audit)
- pq.cloudflareresearch.com handshake screenshot — sha256: 9d346f6c75d5fb5e4fb15a2da485a987303119e1ee7f9bf8e0cfb6d53dbdc1c6
- ServerHello/EncryptedExtensions PCAP sample — sha256: {{…}}
- Config snapshot (edge & origin) — sha256: {{…}}
What you get
- 2-week canary → blue/green rollout across 1 external + 1 internal gateway
- 1-page audit + compatibility report (negotiation split, HRR, top-N failures)
- Edge-only enablement; origin optional (Total TLS optional)
© 2025 PQC Plane • This page is a sample for demonstration only.