Post-quantum migration in TLS 1.3 should not be understood as a flat substitution problem in which one signature algorithm is replaced by another and deployment cost is inferred directly from primitive-level benchmarks. In certificate-based authentication, the practical effect of a signature family depends on where it appears in the certification hierarchy, how much of that hierarchy is exposed during the handshake, and how cryptographic burden is distributed across client and server roles. This paper presents a local experimental study of TLS 1.3 authentication strategies built on OpenSSL 3 and oqsprovider. Using a reproducible laboratory, it compares ML-DSA and SLH-DSA across multiple certificate placements, hierarchy depths, and key-exchange modes, including classical, hybrid, and pure post-quantum configurations. The clearest discontinuity appears when SLH-DSA is placed in the server leaf certificate. In that configuration, handshake latency and server-side compute cost increase by orders of magnitude, while strategies that confine SLH-DSA to upper trust layers and preserve ML-DSA in the interactive leaf remain within a substantially more plausible operational range. The results further show that transport size alone does not explain the heavy regime: once SLH-DSA reaches the leaf, server-side cryptographic cost becomes dominant. The paper argues that post-quantum TLS migration is best evaluated as a problem of certificate-hierarchy design, chain exposure, and cryptographic cost concentration during live authentication.

翻译：TLS 1.3的后量子迁移不应被简单理解为单一签名算法的替换问题，其部署成本也无法直接从基本算法基准测试结果推算。在基于证书的认证体系中，签名算法族的实际效能取决于其在认证层级中的部署位置、握手过程中暴露的层级数量，以及客户端与服务器角色间密码运算负担的分配方式。本文基于OpenSSL 3与oqsprovider框架，对TLS 1.3认证策略开展本地实验研究。通过可复现的实验室环境，我们比较了ML-DSA与SLH-DSA在多种证书部署位置、层级深度及密钥交换模式（含经典、混合与纯后量子配置）下的表现。最显著的性能突变出现在SLH-DSA部署于服务器终端证书时：该配置导致握手延迟与服务器端计算成本呈数量级增长，而将SLH-DSA限制在上层信任链、终端交互证书保留ML-DSA的策略则能维持在显著更可行的运行范围内。研究进一步表明，单纯传输数据体积无法解释这种性能剧变——一旦SLH-DSA进入终端证书，服务器端密码运算成本即成为主导因素。本文论证，后量子TLS迁移的最佳评估方式应视为证书层级设计、链暴露范围及实时认证中密码成本集中度的综合性问题。