pqc-gateway is a PQC gateway developed based on pipy proxy (https://github.com/flomesh-io/pipy), which uses the OpenSSL 3.5 cryptography library.
The configuration of pqc-gateway adopts the standard Gateway API (https://kubernetes.io/docs/concepts/services-networking/gateway/). Users can run pqc-gateway in two modes:
-
Standalone mode. This is usually used for simple scenarios like development and testing. The gateway can be started by specifying a single YAML configuration file.
-
Cluster mode. In this mode, multiple nodes can share the configuration to achieve high availability and horizontal scaling.
git clone [email protected]:pqfif-oss/pqc-gateway.git
cd pqc-gateway
git submodule update --init
make
sudo make installAnd verify:
caishu@caishu-macair4 pqc-gateway % gw -v
Version:
Tag :
Commit : c49e5bb9d128d2c6a2f720564384675b45851091
Date : Sun, 12 Oct 2025 11:40:45 +0800
Pipy Version:
Tag : 2.0.0-alpha.1
Commit : 72a6d5eb7a7d38a7c326f076b07a803bf84f1f1c
Date : Sat, 11 Oct 2025 11:38:14 +0800
caishu@caishu-macair4 pqc-gateway % gw -h
PQC-enabled Gateway
Usage: gw -c <dirname/filename> [-w|--watch] [-d|--debug]
or: gw -s <dirname[:[ip:]port]>
or: gw -v
or: gw -h
Options:
-c, --config <dirname/filename> Point to the configuration file or directory
-s, --serve <dirname[:[ip:]port]> Start configuration server with specified directory
-w, --watch Monitor configuration changes and perform live updates
-d, --debug Print debugging log for each request
-v, --version Print version information
-h, --help Print help informationcaishu@caishu-macair4 pqc-gateway % gw -c examples/pqc-termination/config.yaml
2025-10-12 22:52:35.506 [INF] [listener] Listening on TCP port 9443 at 0.0.0.0
2025-10-12 22:52:35.506 [INF] FGW startedresources:
- kind: Gateway
metadata:
name: plain-http
spec:
listeners:
- name: 301-redirect
port: 80
protocol: HTTP
- kind: HTTPRoute
spec:
parentRefs:
- kind: Gateway
name: plain-http
sectionName: 301-redirect
rules:
- filters:
- type: RequestTermination
requestTermination:
response:
status: 301
headers:
location: https://pqfif-oss.ai/
body: Permenent Moved to https://pqfif-oss.ai/
- kind: Gateway
metadata:
name: https-pqc
spec:
listeners:
- port: 443
protocol: HTTPS
tls:
mode: Terminate
pqc:
keyExchange: X25519:X25519MLKEM768
certificates:
- tls.crt: a.b.example.com.crt
tls.key: a.b.example.com.key
- kind: HTTPRoute
spec:
parentRefs:
- kind: Gateway
name: https-pqc
port: 443
hostnames:
- a.b.example.com
rules:
- filters:
- type: RequestHeaderModifier
requestHeaderModifier:
set:
- name: Host
value: pqfif-oss.ai
- type: FileLog
key: pqc-gateway
fileLog:
filename: /opt/pqc-gateway/log/accesslog.json
maxFileSize: 1024000000
- type: RateLimit
key: rate-limit
rateLimit:
burst: 1500
requests: 1000
interval: 1
backlog: 500
response:
status: 429
headers:
rate-limit-by: pqc-gateway
body: Rate Limit Reached, by PQC-Gateway.
backendRefs:
- kind: Backend
name: www
- kind: Backend
metadata:
name: www
spec:
targets:
- address: pqfif-oss.ai
port: 443
- kind: BackendTLSPolicy
spec:
targetRefs:
- kind: Backend
name: www
validation:
hostname: pqfif-oss.ai
caCertificates:
ca.crt: pqfif-oss.crt
secrets:
pqfif-oss.crt: |
-----BEGIN CERTIFICATE-----
MIIE9DCCA9ygAwIBAgISBhPxLiifQ/KuBF4SgPhuXZmGMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTMwHhcNMjUxMDI5MDEwOTI0WhcNMjYwMTI3MDEwOTIzWjAXMRUwEwYDVQQD
EwxwcWZpZi1vc3MuYWkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY
mFjr7Mu2d4HocA6HIjHv0mNjZwGckE4QFpSc9Rm2BTBWtoJBYtQxC3nA1OHBNhMf
XHAWIdAcUxOMPAyMXRVH+MeUKUGPwuOyKbYbd42oc+rYY5E30iZQYaEEvfp2Igal
oD3cB0uPtwYktheSLsmu3BYsLMNslCMtn53UQNqYJj1nhze2TKSj7lIx44cs7Tju
cKW1mH3Dh5b7LkVsomwk/2NCtuR81F9rlnMkegyliWiG8XEDeVMOiBxuWqXwgAxm
DaSiILW5CRwANY88iaeKjE5X/R4oGTpj0FYD6fUyDTdAP5qQcTPX17R+QUi0BaqO
92U2h4dmyv9tg0PvSKyNAgMBAAGjggIcMIICGDAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFFjJsqpo5qVIzNgr6EKyv3++RWZoMB8GA1UdIwQYMBaAFOernw8sM6BT015P
eMiyhA471pIzMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAoYXaHR0cDovL3Ix
My5pLmxlbmNyLm9yZy8wFwYDVR0RBBAwDoIMcHFmaWYtb3NzLmFpMBMGA1UdIAQM
MAowCAYGZ4EMAQIBMC0GA1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly9yMTMuYy5sZW5j
ci5vcmcvNy5jcmwwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwBJnJtp3h187Pw2
3s2HZKa4W68Kh4AZ0VVS++nrKd34wwAAAZotuMRBAAAEAwBIMEYCIQD4se81h0Wh
Y6RNKWwxaOCq/MMLlAvkkPFXRunD2PdEKQIhAMJYvNi4Yx4qx0sRTxY5GkUI1onO
VQTfQzmNAfc373o8AHYAlpdkv1VYl633Q4doNwhCd+nwOtX2pPM2bkakPw/KqcYA
AAGaLbjEiwAABAMARzBFAiEAkuCLORwxAxuVF2roPkqzZ1Kg75yDffoVGd1ra+29
iycCICFDIJyKI1tQNk132LH52gJVyIKoL4eEL52c2eZTkHYFMA0GCSqGSIb3DQEB
CwUAA4IBAQCZi/O8CtF/XvN8BRLm49bk6UrxCM9yx96Q0KlNeajta9zuON5Fc6gg
odyllhAu40LMniNztJUXuDv3VjQPhnb9PrwL+zWUZTSgAd0elVVzzdkAw+kkE5+9
wz0hndpeJE8y6XqevqXsZ74guZmvWz9XnBv5klqPLr/u3Ai2Qyn0SijTrwKVZv8O
9zJ+MOHkffqfA1fkiOKn7Ec8i6JjPypiXY+tPtGWkQrulGWG29AuokFMAz5kahRn
P7muHOWzl0jwOeYxNeUMmrFCVGy4FHgHsKMfpd4YfdXJHAWIUBmZiw0R1r6lzVeD
QPptTUAto+Wfyijh7n3dOkz361NtmA0p
-----END CERTIFICATE-----
a.b.example.com.crt: |
-----BEGIN CERTIFICATE-----
MIIPYzCCBdmgAwIBAgIUJvbOsJE8NfaS+5/ebRaqk4b9EHAwCwYJYIZIAWUDBAMR
MBoxGDAWBgNVBAMMD2EuYi5leGFtcGxlLmNvbTAeFw0yNTEwMDkwMjA4MTJaFw0z
NTEwMDcwMjA4MTJaMBoxGDAWBgNVBAMMD2EuYi5leGFtcGxlLmNvbTCCBTIwCwYJ
YIZIAWUDBAMRA4IFIQA6O7/8WBaC+XI5o7HlbJokJm6DIR+rbq+qQ7IC4mCtyXgx
kqTBQYep6XKqa2a4R7AtBmSdp7FLJlLSEiy/9OAnrKjPymUL6eAdJqR/13OsPWHI
jmBxBhx3qUf43WHzw/XewYILGjL8F7mSRkvZ3Tl6aCu8JlKCub5HIv7R957JsYW0
cNUrvNcGd6s9SQKlKlqFe+Bl5L8aj46kzLihBQDvLPsNiCUeJoxRSvgMniL6lx9m
LU3FC5OgXZVnitWqRA6s32R9cvKsrvkxWbV3pntQH8hBePyniQMylu6GFaF3FBov
qVUq70aMHcL9oX+TFV5iDFpNGYlJu3kCuuhqcUvw6LEu4lfG4p9J53QoWplvAk0k
c67MXgd8R4P9wRjSyaCr/W3rnI4m8EC1VNw/NAcL/35bBY5H/qK+58Y0AnuhgbH5
FY9So/+OQ5jN5+X27219X6brdrFup5vKFEOTkdkSdhRdKxRhCe7aPs18fT39duu0
CI12FgcZELxxngwj/bPFAtN9MHYjId/y/uczBdszzxzD8FjHCid5CovigJUlawt1
ov+Q0bzkorpS7HoqgrkI+X/pEmoOwaJGCUxLttY1tTxYogAmiH48HO9PlZs/CHDS
f/XvYP4UDxV6295olrEsOB/zINrG6Q6WfXe+Z4FmzrFgDB3TVg1k3YeX544bZLXc
SPSPaMA0xg27U7xVzkeu+FayXdZpgmq2jUx/HRs8MKmXxPZ5XzhAT/4k40/7qM7A
pIWGcEr8T1hasTFMORXu/9jIl6EeTpPbpuNM36SqmBZuevsgKQYBRhV+T+rD6Rl6
48NUoarJXJoOiE7XSROl/FQnUJN7KmiV1kHvluuPN/fcu98yn7aZhBBLVbBAoK3q
1ixMcufBmtis9z4Z0MCXs4mw8NofXweWo0ELYZjcd+fG3i6HK1bY0lBfWpmZRPxe
vtAU8vBoItwIsDJ6UDNZGwuY0h36pF7yaBd5UCl2qPSaO1awp77q2CxTuG8yb/hA
nPGQSnZMRgsGaEuPTLYn0WhUxIaciRGaaSJiJASGPbiL8ESZ13QDAD587ud353Xp
wt/K47/7kzWVpO6XC7OzvAAG4X6cG44hn7LiptPf2KoJ/xGbEDm2EsvvEhotTLO8
esH0E0Xb4PcwxGRvVLmJaSCAmGMFKVQ/60elrC2Tb/TwNh7B26rb68vCxbZ7DzSr
JBRKUtFQO42K4KgNM7ooQw/ovqAP1edNYryX9Q6uU67/PfSmhmo0jZc3sPF6CPtx
ZcvF5a+0qygcmVD8j3IZQT3B3GQsLRp0fW+jq6RWuFbXwLJBBrsKvSjuKJUlvX6k
BIWHz3MOzX1RJPqRBJE4Zm4tOuYYku/O3juzyAmAnzRJ1O5yMfnc2FdHT6nh4kIq
4x/54Vm2b8GErabaTdhiyb2ohhjXSEHnyGPRU6EXseQ+udPZZxrnoBP/cPPLDsxJ
e5Q+821ySx9GSDa1ZAOxHfE90mROc3yiaT5/a8rQJOfS7+OJbowGsQErjOUm5LjR
xVPMXXMrpppMrRMDfxZX7h/uLLKONAeXP2FRV+sXlUaPD42QcRYQ0M7ipXo1mA/v
9UrmtemcON5+YWRMh4X1LVgELAzuHIupBF3bs4Fh6m/Yi+3vSv1fq00iKg6j6jgq
Y0ZMiUb80Rta3JofDu/TNyD/12KNZ99x1Czjq1DLFpmRxZZYu8vSeIXIqCgexXPk
tQ/V0kiOoftGeWWQvMWspZF2UNaGDnPRBQAXudvFoyEwHzAdBgNVHQ4EFgQUEhFe
KecQI2tiFTMLMvx7bDDiUb0wCwYJYIZIAWUDBAMRA4IJdQBNicJTlS/tdQOEpbta
4xSiYxzly4L5VvfsuyO9FNWzxpsoTbhcvtitK3LydOczqgwC9KM3zDKazwdYMsgA
yf6AdQzMHJ86FYSaG8qDOX2HtroqUJmLkjhgDYxgkhXvd2cwLeUvQtGs/VgvyH0J
NAvoYGmoTNcdr7L29WkHe8x3lAaq3CgN+A0t2t1rt6GIqhXVxGZOOKed3vQIXXX/
ejy1SLObCEyjPYKuRYB4/Yl7ArBbRMwdUH689ok1kEOsY6pWQedRgn+TnwdhjX1g
1tCIY7FLkcoPq7Z575P7wyy9gQeBWcKL7t0yyz3BgR4Dw1IyvZ3fqcfStVR01IlX
qQoMgWfWVXmW6nLSXGPRqDXu2u3khRcgJ8xffVV4LSbzuDjb7LwTlYcMaEPINFIb
4+hPwnPGNGYiuQYPyGQNp0i9eWZsZBaIxUVgsXGs67YgtzLA9l+kjh5gM0Rtd0oI
3On5rFXOxD9Dfztpr04UenWmRBOAWV+5PVVZOvJhTNeAFYLDfmXSTzrdFJCgoN6U
7v1dXxFqcS5HF3APifgcdHF1e0gBTFIgJr7HFzBEy+JItuCLcPltU+xi76jV7pWA
X6NOeeDAS5q7+jHHp14L4XJUFUT7YlYyM3VvQGD7aOLNnJ3skIK8x4FJ4PsZgdaB
6Q7+eDWhP+YQk+hAtkXkQpVu8Or0DMvQA4XxobNxVlMFxhYZUIx1NHZ1/ioSYcqK
/w0mIP8VrzriAihYgk78wuGbLY+82mejb23W7udgP1alKxRaIY8PE3ZdPkvOufWv
72bkW7H1wlHnbnnC14/PmpzbxoarVXPr2V20Tcf7pLWS7oJx0cdfClZEkaR7KE3G
2vUS3AI9ojH5NUMfc+htDesloF8I/joU35eZTRPiOeOuTyoW8s+yTf0gwVfVBDo+
aZCUbiWAjnTV0m39DgtuS7/Bw5ejIa0/MRusdXpy8fuQ0HLsR6H3iCH6fkKmwM16
wJYJgdds4YUoBFv8tiEK3zOcQFe+rgMMpzZVc18KrY4eRwCgCZeSY5COQmrpluI3
9EpwSEYhIRQUGhjDV9yzv8T0qx2LZME+6glpqbZgQR8gXEPvLR0zBV5kwXvoKAOx
xUIbgPyjqVZWAAZ+e2I79k5/RvtPE07ImIhz9kslxFIUOKAHINxizDl3npfBF0Pe
4hd2E20fRd/0M4ja+WaIPaI3R5UlkvBLL2E0ryNxaPxN/iRbRTPA3fHtv5jvPjyN
Myy+quDKLqY5hEZqD+aJ94TOdETAZu7AtvY+s/hEGz+HMzPDgqFRogv5WBDYUNCh
ox/nJIOjj0Ahf4StWacL83ZhUPL02e8jf6Ldy2UsvjkzNlSVK0qjROPgVL1EnI2Y
FNK4u4x81M6TFx6MRpfADH2yKARdDJDohaN+qBKdqigTKdNaEUfHv0ePJmKsFLaS
YmTdZA8MLg5dMPBgKy/GUhu0yUILlJsy1E7Vs8c5c4VGAexNKPf4z/wxKvxgoq+u
ZC7/FkQ5PpJabI2uB6ViU2YtApKMB2qsl1Kc/9fsYDZfB3TSprs8Ta9K/o6nL11/
0Q1nHoQHY5AlCVFmSQRFRh60iEjO1BAHtwC6RVA7Bybfm4e83VuEjtaljp6Q2EdW
0R5mz0lo2c9YKxmjNJmCba2BRLzVEr5pjXLrpAkpC6FC9PkkMf2NFk3+L0n6leOC
S7aDYQUMUaN4ocqOatBTJ89cW6C0CB2DXANk98d8/cNekOTQz0pqW37WJe+35mb8
CoeG2gbgtKCG/gDdhVGLePZaVARf75+yNRcFqnFYTql/5Uaj3u1P+IgeX3rnroEF
bshHGBfXaqtwi2u+6NaA2Z05gaw24nKclEOOQlueFOMXSl5C091dVGtq6kK7ZDdO
YGpNey+49kdn6cPICjVYcyn8Ixzfgk7Yi6F3pw9mdoVNfJU6doB0vegwxoMJjBaT
uh+sf8/9HtR4ucTdf6/afWvGomDTRm2iojGFXw+osZtny/XqX7O+P8+q92qhnXYM
uC9kJgU7h6mmasmKZyUDDg5itj8eAbGFrzB2aZTSt1zZfcExYegqOVKEQIqhdYSM
luAo2B4OBlsGMWQljXkal7ap1ZDvAbLMabquhGjAmtXWq7DQqAPfc5AmvNHwlN8F
qgS3/ZPax/VDqpefumNCbT5uJgUxS/FNWzHbEwbV4PCdAaibfpocUgv9aNodyLTD
40r9hSqQxS0xNaBabTDi3O17jLU3tQMY/effS6aVypwrVFuJtNxF0nH86zRiXLP7
fTfZB6rT89YaF1cXAfen9aJUrK1D3CEFoqPKYTyZxYJ35KWk1l7rJEypNR71+xXE
LuM0PgR57AC6eA79bAZFc1iYHlurmBuq2/jxD9CTb3V0ZFFUmPdKZB4LYlijJOwZ
Y92zqiVaBRmVRLMLsAtWQO+QTAIK199Co+/6ZG7qTPEip5F2jskowCGhHyGckdKR
qo3Db52O0KgH2zsSeQTov1HS0Ih6FJJ29KT7EOP2Es1OJzEO7Qv74+aqApbA5U3M
OVp9S26gTvHwTsEk+NBeBLMI9ASIDUhtcTiQn38LDqMMpDDZY+kcVcRsYoiuYZH9
8pxBH0ZAC2uyt3XhvAlMgXyirgawT+Dr1zOBErnnntPChW09d1MuYXMhlCUYKaPW
vMR4q5FSOowJq/fac5x/t3Y3GciiUIQcqPmGX9/W/v7n0O5TZ2BBznmhIfPV60v7
ixuSzE10iki9LUcpJKXa32oENYSmCsHi+uGMmGEtY5xE0+1b9nL48sxUP+K8vpao
cvsfMmqwHbuua25/iAz5Uq2afz2KpmjoePu/5gyipbspWCsWzG23Eupg59s75JNn
cGQOCSSZktLf4NNAVCnFZk1Rjesgh0u47WOyL0pJfZGTuP2aGXB9ux30Hv1FrS2O
F4C+TXvNknMdeFDP4rgWjNQUiTZfvuitPuDmxw5mIpD5kEAhjre8MIbk5LmKHvBa
fXMtFWS8P5APeKj7evEM+hoKhSc8jADj8n0hjLPBHcH8nGPn1+K/DPy7pHBA18xy
WqfLPqAczMLdI98vhDj5JjYWsVZViGvO3K/rgIxKOQwkV08QHlusPZ+Jkqxcynp2
LBeGUkNT+znETLZGk/g9i3ARnBMXGyUoNz5eaIOQmaKssLbmBAwvUGNvcHiYo77Q
2OcHGSIoPVFrcJTJzNryFiNXXXqHlpeYnrLDzNbr7wAAAAAAAAAAAAAAAAAAAAAA
AAAAER8sPA==
-----END CERTIFICATE-----
a.b.example.com.key: |
-----BEGIN PRIVATE KEY-----
MIIKPgIBADALBglghkgBZQMEAxEEggoqMIIKJgQgYT/rleoWjbeMyEjGicHEQNzN
cDoePdgT6B8TaZ7+4mMEggoAOju//FgWgvlyOaOx5WyaJCZugyEfq26vqkOyAuJg
rckxxuDuvLDkrD2HVDMfalezml5uBvH8P411aYLEzA92TTy2xsV0jRpEvkJBPpNu
xK/dVZ8wsD6lK5pPcuBSvaXkQ1Nz8aYofdaq6TxUuRDkXaJeWEorP5w3GYe9i8mh
BlFQQAHLGBCDFG3jJGkEuSzjRijTIAEJGXHJGIgYtEWitBFZEjEQghEbNFCSlCnb
RgZCRgYIs4mSEo7gOGnZQmYbBpJgiFALJyXaEEEQCI3aFmoSJWKkRASioJGTKGHR
AETABpDZhECZlkhJEkjcpEEZREwcQCEBQIEDMABEIm0TBzCTSBLSmCDBMISjEJIK
g0BIBkAIRlBCwGikwkgcIwUIuQ1LRi6CRGIiN4IQpyxcBETioIUiAE1KwEDSggDM
olHJEAETCSnjOGxENlKLkoQMNiIck0UkRQURhEQDlySholCZhI2jICwMFYoYtRAk
QTIENXHLFDERBwbKuAkhgkWZgBELCQ6MGCXIQkhYthBcSCUgFQ1YoEjSKI1RNmhh
MFEMt1AgAImgEmIRBCwLBwUglVGRNnLiIgyisACASGQklQwSpIVcJiUkAQUKkBFi
hk1JNoLURmHJwiCgAhEDCAggIY3jkJAcwyFAGBJIpmiJJHIZJSLBQkYUlADKMEhM
Nm1LMlAjwXHDkijDBEDAmA2jIHHSMo0aqUXTMGXYInDDtHFJxlAbB2kaOS6SEEEa
IipgRoUjSEjZIEYcsY0ZlASgIkWASI4EMkTbBJFjNgBhtjCZgmERSWQTMSbTOIoB
IIYDFEzLNAJaMGBJkAkUOE4QMEiElI1aBiwESQAZF04UFzEaB0QKSCwDuFHCRmqK
Mo7IGGoMuUnSRmIUBwijki0SKGEKJEkbqUiiCIwkiUWRSBIKNIBAOBIahjCZRikh
opBQJk2hog3CGGnBgpAatIWgImgAgGgbg3ATMmLEEEbSNiKDmAzbgAFjSGULBgAB
QEnjAJFkuGRbCCKTwA3jJCmjoIEMtgDAtEwZAkwJySiglmkESA4IuEgYyEjaIBEI
mYVbBEEMl1CQgowcSIJSlmQLuRCgNIpcIE7ZAC7CGCBARIxIggQEBQ1kwhDCApAA
BGLLtixCxAwSAIUQGRJDpk1iEjHcBg3IEAUCN2gJiAkYhIFSgpEQRQqAtnFKMFBM
IhJzWvJO+Zibhm0wFbxvxVtbF9PjK9sY4zJEmQ1KxbQ8ZqmREodMVju3abAIl2l6
th5UzqJ+aBuRf3qyg2oeu7db8RuwlMlEZyVNl2fSIPv0Y73uOzdTF9d6aEW9KSQS
HwzdJ0combks56hUXTWBCWzNli4dv7DIxLDiwSe3fEyq9BSmqu4O9hNXw35RXoW+
Oiuszs0CugGrIU+bfuTu5roKhykV1dRSFNf831KvR3OJsBECyCJAi/tY7cpPbL7q
/xhx7Fwhm2Fi+wAJiFEWLWSn4EwI+9KSeiqLVnQbET/sHN+K/vdfH4+P0MtGwSJv
d6Jg38HZqctMsGMT46taXTGfzhur32ju41ynt0zSi1H/tfb8AVAJtyQs2JPOgAwA
y07BtbgEJ5Q2gR8MICIhqtKaAj8Bl5isoflZ9KSodS8TdJEa2WwbLhibGjgbx+Q6
Qjqtu9CdM020JDICoTjE4RnjHwmZH5yb1F8bI0EsWiF1NSy599c8OeP+g/tg9koJ
XyZMXoTER+mv3EmLjcsg/6FRWpmWb7MfVl9iBGa8DnoVADSnLxmxDzn3Axto2rGy
sVvvCeE4oXJ59o7i4o9qznmCFgvUZ7qBGQTSLJ1n4UPwDioLkI65Yd6zNZ2F3r/S
3xr7t++jCcVi5abKKghoyJXr++LV1NB4rdMsOUJVsgxXz5eQY5g/zJYiKB3fBTbZ
3F4FnJROOJxBzER9B22TQTLSWuu82xMPXFWgvoIzfDU3TGDdyQN0y4E0iqUQgPNx
sZQLouxabVM7xdCe2clM+2MwigMrDK9qPwbHWHNSwMqGGqZHipOgdAkdVUtgLZE2
TgAoSrCdWqq9OLm1X7Pk/BLWSfyg3GMoBiJXV/DekZOLZSTFa0gSQb0Mk454/5L2
F0cLMKfn3v1Hv8OvAEKIkdWjoWd/aMXS8ZywGlVh+5ca1kzTCCpfqNTuQCgvaP/W
dwelDmJoh7LoVgS3Xyo458ikqFWR43ByuHAfjUk9LHm0adHefxAZhGr0z468FoUu
SIzHYO+WmGYzwe1Lp6oKz7bIAiRnPOhd5Ev3mqIjP0rmwtftPu9aO0zEDmEFmQS6
uWqjGrxzcYEkU76YwPJkx3iBgEma88ze0lsSvDuOSXiq4pVxuI1heMl5mCMEIOjG
ZEUEYPJxHYupIW70h1PlVW8oa1457Lmyy11Jv4NxxpzuuQc2N3OigwYyfyoiH+rP
gAepvasDUrpWmv/WCFDC9YN28rqlaBBWNhCkMRcq0Q5MFNaVMkuzkecHAyTYnLLm
+kzl3wE8LHE0OzjFpgcnr1lGrJBS1j7gOE4NNzdnFaCLPrMexg9DMKnoUox1GlTF
EJE6rADHPXwMXq8jeQV7JbS4UdZH+h3ZoE0zmRCasyEn+tL3OaEOPT/pakFM53IK
/axLFMsxg9k/jg4y5Oloc9418Nqc5JdEm9HkF9td2SwLzfO0tpVgqQBASY+dzYtq
uw6QlxeDmQN4BkJnCK885iOw/cYmksB89u91etKMSKLht9V88Be4HS6xVZJhGsT1
b+pLyxrZvNgb3KzTM46G3VN0herri6HyuBmye3XSaPY8mCIeajGZvN7um3a4mohS
IrR2SleAi0u7iS9u9ua3P0ARDCIjnZ43ZjwZYUnMr1zB0HLGffZFrgjvMEM+l+6a
lqiSs4WaSZoiOaS31HrJph9D/wbniqO+BsZ4xX0h7RtsbbI14lETw1I23xIv48M0
N6mvOCSexn4s2AZfWYSNDLwQylUT2HNEppAHV/Vzdex3O02GCMELVOIf6COq5P+N
KvzgR/aipbDmuQkdXIb3wtl/XaNiQDKYtlWaq3KSD3Y7lqsVqHBT6y1dWorlL+DW
7lnLy2cXbTg+Iokk4NTYBJsybNd6IgbByuHCBnh85AvpJX29XpyObEFu4H0NVMgS
VN6OMM90g6vhrC/A80MXLQOeRK0TvJNke7O6KNw1ZwghcvgZMjtSVBkrMkpJGC8Q
pEZzkzmW76g4oFfm2ANdZnqTcM+QKG5LqydTy2BgGwtoN/brApurqU0e13iaq+y1
E9yJBzCrtTUHVossqbgr86OYN3oHx6p+8deqKra4mdOzczyrdrQNuAPLE5ssc8DU
RQAQPcEu3LIGET2F2B9NrSyjhKDFzJPtrcPpV43Xm2dhKif5LoVuH+oC2I+aTCsN
XuAiD4tyxCMhxeUQe5kbaPfxLHJVAUOrJWBALIK/uRx7Nw==
-----END PRIVATE KEY-----
- To test this configuration, add a.b.example.com to /etc/hosts and resolve to 127.0.0.1
caishu@caishu-macair4 ~ % echo "Q" | openssl s_client -connect 127.0.0.1:443 -tls1_3 -servername a.b.example.com
Connecting to 127.0.0.1
CONNECTED(00000003)
depth=0 CN=a.b.example.com
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN=a.b.example.com
verify return:1
---
Certificate chain
0 s:CN=a.b.example.com
i:CN=a.b.example.com
a:PKEY: ML-DSA-44, 10496 (bit); sigalg: ML-DSA-44
v:NotBefore: Oct 9 02:08:12 2025 GMT; NotAfter: Oct 7 02:08:12 2035 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIPYzCCBdmgAwIBAgIUJvbOsJE8NfaS+5/ebRaqk4b9EHAwCwYJYIZIAWUDBAMR
MBoxGDAWBgNVBAMMD2EuYi5leGFtcGxlLmNvbTAeFw0yNTEwMDkwMjA4MTJaFw0z
NTEwMDcwMjA4MTJaMBoxGDAWBgNVBAMMD2EuYi5leGFtcGxlLmNvbTCCBTIwCwYJ
YIZIAWUDBAMRA4IFIQA6O7/8WBaC+XI5o7HlbJokJm6DIR+rbq+qQ7IC4mCtyXgx
kqTBQYep6XKqa2a4R7AtBmSdp7FLJlLSEiy/9OAnrKjPymUL6eAdJqR/13OsPWHI
jmBxBhx3qUf43WHzw/XewYILGjL8F7mSRkvZ3Tl6aCu8JlKCub5HIv7R957JsYW0
cNUrvNcGd6s9SQKlKlqFe+Bl5L8aj46kzLihBQDvLPsNiCUeJoxRSvgMniL6lx9m
LU3FC5OgXZVnitWqRA6s32R9cvKsrvkxWbV3pntQH8hBePyniQMylu6GFaF3FBov
qVUq70aMHcL9oX+TFV5iDFpNGYlJu3kCuuhqcUvw6LEu4lfG4p9J53QoWplvAk0k
c67MXgd8R4P9wRjSyaCr/W3rnI4m8EC1VNw/NAcL/35bBY5H/qK+58Y0AnuhgbH5
FY9So/+OQ5jN5+X27219X6brdrFup5vKFEOTkdkSdhRdKxRhCe7aPs18fT39duu0
CI12FgcZELxxngwj/bPFAtN9MHYjId/y/uczBdszzxzD8FjHCid5CovigJUlawt1
ov+Q0bzkorpS7HoqgrkI+X/pEmoOwaJGCUxLttY1tTxYogAmiH48HO9PlZs/CHDS
f/XvYP4UDxV6295olrEsOB/zINrG6Q6WfXe+Z4FmzrFgDB3TVg1k3YeX544bZLXc
SPSPaMA0xg27U7xVzkeu+FayXdZpgmq2jUx/HRs8MKmXxPZ5XzhAT/4k40/7qM7A
pIWGcEr8T1hasTFMORXu/9jIl6EeTpPbpuNM36SqmBZuevsgKQYBRhV+T+rD6Rl6
48NUoarJXJoOiE7XSROl/FQnUJN7KmiV1kHvluuPN/fcu98yn7aZhBBLVbBAoK3q
1ixMcufBmtis9z4Z0MCXs4mw8NofXweWo0ELYZjcd+fG3i6HK1bY0lBfWpmZRPxe
vtAU8vBoItwIsDJ6UDNZGwuY0h36pF7yaBd5UCl2qPSaO1awp77q2CxTuG8yb/hA
nPGQSnZMRgsGaEuPTLYn0WhUxIaciRGaaSJiJASGPbiL8ESZ13QDAD587ud353Xp
wt/K47/7kzWVpO6XC7OzvAAG4X6cG44hn7LiptPf2KoJ/xGbEDm2EsvvEhotTLO8
esH0E0Xb4PcwxGRvVLmJaSCAmGMFKVQ/60elrC2Tb/TwNh7B26rb68vCxbZ7DzSr
JBRKUtFQO42K4KgNM7ooQw/ovqAP1edNYryX9Q6uU67/PfSmhmo0jZc3sPF6CPtx
ZcvF5a+0qygcmVD8j3IZQT3B3GQsLRp0fW+jq6RWuFbXwLJBBrsKvSjuKJUlvX6k
BIWHz3MOzX1RJPqRBJE4Zm4tOuYYku/O3juzyAmAnzRJ1O5yMfnc2FdHT6nh4kIq
4x/54Vm2b8GErabaTdhiyb2ohhjXSEHnyGPRU6EXseQ+udPZZxrnoBP/cPPLDsxJ
e5Q+821ySx9GSDa1ZAOxHfE90mROc3yiaT5/a8rQJOfS7+OJbowGsQErjOUm5LjR
xVPMXXMrpppMrRMDfxZX7h/uLLKONAeXP2FRV+sXlUaPD42QcRYQ0M7ipXo1mA/v
9UrmtemcON5+YWRMh4X1LVgELAzuHIupBF3bs4Fh6m/Yi+3vSv1fq00iKg6j6jgq
Y0ZMiUb80Rta3JofDu/TNyD/12KNZ99x1Czjq1DLFpmRxZZYu8vSeIXIqCgexXPk
tQ/V0kiOoftGeWWQvMWspZF2UNaGDnPRBQAXudvFoyEwHzAdBgNVHQ4EFgQUEhFe
KecQI2tiFTMLMvx7bDDiUb0wCwYJYIZIAWUDBAMRA4IJdQBNicJTlS/tdQOEpbta
4xSiYxzly4L5VvfsuyO9FNWzxpsoTbhcvtitK3LydOczqgwC9KM3zDKazwdYMsgA
yf6AdQzMHJ86FYSaG8qDOX2HtroqUJmLkjhgDYxgkhXvd2cwLeUvQtGs/VgvyH0J
NAvoYGmoTNcdr7L29WkHe8x3lAaq3CgN+A0t2t1rt6GIqhXVxGZOOKed3vQIXXX/
ejy1SLObCEyjPYKuRYB4/Yl7ArBbRMwdUH689ok1kEOsY6pWQedRgn+TnwdhjX1g
1tCIY7FLkcoPq7Z575P7wyy9gQeBWcKL7t0yyz3BgR4Dw1IyvZ3fqcfStVR01IlX
qQoMgWfWVXmW6nLSXGPRqDXu2u3khRcgJ8xffVV4LSbzuDjb7LwTlYcMaEPINFIb
4+hPwnPGNGYiuQYPyGQNp0i9eWZsZBaIxUVgsXGs67YgtzLA9l+kjh5gM0Rtd0oI
3On5rFXOxD9Dfztpr04UenWmRBOAWV+5PVVZOvJhTNeAFYLDfmXSTzrdFJCgoN6U
7v1dXxFqcS5HF3APifgcdHF1e0gBTFIgJr7HFzBEy+JItuCLcPltU+xi76jV7pWA
X6NOeeDAS5q7+jHHp14L4XJUFUT7YlYyM3VvQGD7aOLNnJ3skIK8x4FJ4PsZgdaB
6Q7+eDWhP+YQk+hAtkXkQpVu8Or0DMvQA4XxobNxVlMFxhYZUIx1NHZ1/ioSYcqK
/w0mIP8VrzriAihYgk78wuGbLY+82mejb23W7udgP1alKxRaIY8PE3ZdPkvOufWv
72bkW7H1wlHnbnnC14/PmpzbxoarVXPr2V20Tcf7pLWS7oJx0cdfClZEkaR7KE3G
2vUS3AI9ojH5NUMfc+htDesloF8I/joU35eZTRPiOeOuTyoW8s+yTf0gwVfVBDo+
aZCUbiWAjnTV0m39DgtuS7/Bw5ejIa0/MRusdXpy8fuQ0HLsR6H3iCH6fkKmwM16
wJYJgdds4YUoBFv8tiEK3zOcQFe+rgMMpzZVc18KrY4eRwCgCZeSY5COQmrpluI3
9EpwSEYhIRQUGhjDV9yzv8T0qx2LZME+6glpqbZgQR8gXEPvLR0zBV5kwXvoKAOx
xUIbgPyjqVZWAAZ+e2I79k5/RvtPE07ImIhz9kslxFIUOKAHINxizDl3npfBF0Pe
4hd2E20fRd/0M4ja+WaIPaI3R5UlkvBLL2E0ryNxaPxN/iRbRTPA3fHtv5jvPjyN
Myy+quDKLqY5hEZqD+aJ94TOdETAZu7AtvY+s/hEGz+HMzPDgqFRogv5WBDYUNCh
ox/nJIOjj0Ahf4StWacL83ZhUPL02e8jf6Ldy2UsvjkzNlSVK0qjROPgVL1EnI2Y
FNK4u4x81M6TFx6MRpfADH2yKARdDJDohaN+qBKdqigTKdNaEUfHv0ePJmKsFLaS
YmTdZA8MLg5dMPBgKy/GUhu0yUILlJsy1E7Vs8c5c4VGAexNKPf4z/wxKvxgoq+u
ZC7/FkQ5PpJabI2uB6ViU2YtApKMB2qsl1Kc/9fsYDZfB3TSprs8Ta9K/o6nL11/
0Q1nHoQHY5AlCVFmSQRFRh60iEjO1BAHtwC6RVA7Bybfm4e83VuEjtaljp6Q2EdW
0R5mz0lo2c9YKxmjNJmCba2BRLzVEr5pjXLrpAkpC6FC9PkkMf2NFk3+L0n6leOC
S7aDYQUMUaN4ocqOatBTJ89cW6C0CB2DXANk98d8/cNekOTQz0pqW37WJe+35mb8
CoeG2gbgtKCG/gDdhVGLePZaVARf75+yNRcFqnFYTql/5Uaj3u1P+IgeX3rnroEF
bshHGBfXaqtwi2u+6NaA2Z05gaw24nKclEOOQlueFOMXSl5C091dVGtq6kK7ZDdO
YGpNey+49kdn6cPICjVYcyn8Ixzfgk7Yi6F3pw9mdoVNfJU6doB0vegwxoMJjBaT
uh+sf8/9HtR4ucTdf6/afWvGomDTRm2iojGFXw+osZtny/XqX7O+P8+q92qhnXYM
uC9kJgU7h6mmasmKZyUDDg5itj8eAbGFrzB2aZTSt1zZfcExYegqOVKEQIqhdYSM
luAo2B4OBlsGMWQljXkal7ap1ZDvAbLMabquhGjAmtXWq7DQqAPfc5AmvNHwlN8F
qgS3/ZPax/VDqpefumNCbT5uJgUxS/FNWzHbEwbV4PCdAaibfpocUgv9aNodyLTD
40r9hSqQxS0xNaBabTDi3O17jLU3tQMY/effS6aVypwrVFuJtNxF0nH86zRiXLP7
fTfZB6rT89YaF1cXAfen9aJUrK1D3CEFoqPKYTyZxYJ35KWk1l7rJEypNR71+xXE
LuM0PgR57AC6eA79bAZFc1iYHlurmBuq2/jxD9CTb3V0ZFFUmPdKZB4LYlijJOwZ
Y92zqiVaBRmVRLMLsAtWQO+QTAIK199Co+/6ZG7qTPEip5F2jskowCGhHyGckdKR
qo3Db52O0KgH2zsSeQTov1HS0Ih6FJJ29KT7EOP2Es1OJzEO7Qv74+aqApbA5U3M
OVp9S26gTvHwTsEk+NBeBLMI9ASIDUhtcTiQn38LDqMMpDDZY+kcVcRsYoiuYZH9
8pxBH0ZAC2uyt3XhvAlMgXyirgawT+Dr1zOBErnnntPChW09d1MuYXMhlCUYKaPW
vMR4q5FSOowJq/fac5x/t3Y3GciiUIQcqPmGX9/W/v7n0O5TZ2BBznmhIfPV60v7
ixuSzE10iki9LUcpJKXa32oENYSmCsHi+uGMmGEtY5xE0+1b9nL48sxUP+K8vpao
cvsfMmqwHbuua25/iAz5Uq2afz2KpmjoePu/5gyipbspWCsWzG23Eupg59s75JNn
cGQOCSSZktLf4NNAVCnFZk1Rjesgh0u47WOyL0pJfZGTuP2aGXB9ux30Hv1FrS2O
F4C+TXvNknMdeFDP4rgWjNQUiTZfvuitPuDmxw5mIpD5kEAhjre8MIbk5LmKHvBa
fXMtFWS8P5APeKj7evEM+hoKhSc8jADj8n0hjLPBHcH8nGPn1+K/DPy7pHBA18xy
WqfLPqAczMLdI98vhDj5JjYWsVZViGvO3K/rgIxKOQwkV08QHlusPZ+Jkqxcynp2
LBeGUkNT+znETLZGk/g9i3ARnBMXGyUoNz5eaIOQmaKssLbmBAwvUGNvcHiYo77Q
2OcHGSIoPVFrcJTJzNryFiNXXXqHlpeYnrLDzNbr7wAAAAAAAAAAAAAAAAAAAAAA
AAAAER8sPA==
-----END CERTIFICATE-----
subject=CN=a.b.example.com
issuer=CN=a.b.example.com
---
No client certificate CA names sent
Peer signature type: mldsa44
Negotiated TLS1.3 group: X25519MLKEM768
---
SSL handshake has read 7765 bytes and written 1553 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 10496 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
DONESlack Channel : https://flomesh-io.slack.com/archives/C09MJ6QJ0SV
