Post-quantum migration in TLS 1.3 should not be understood as a flat substitution problem in which one signature algorithm is replaced by another and deployment cost is inferred directly from primitive-level benchmarks. In certificate-based authentication, the practical effect of a signature family depends on where it appears in the certification hierarchy, how much of that hierarchy is exposed during the handshake, and how cryptographic burden is distributed across client and server roles. This paper presents a local experimental study of TLS 1.3 authentication strategies built on OpenSSL 3 and oqsprovider. Using a reproducible laboratory, it compares ML-DSA and SLH-DSA across multiple certificate placements, hierarchy depths, and key-exchange modes, including classical, hybrid, and pure post-quantum configurations. The clearest discontinuity appears when SLH-DSA is placed in the server leaf certificate. In that configuration, handshake latency and server-side compute cost increase by orders of magnitude, while strategies that confine SLH-DSA to upper trust layers and preserve ML-DSA in the interactive leaf remain within a substantially more plausible operational range. The results further show that transport size alone does not explain the heavy regime: once SLH-DSA reaches the leaf, server-side cryptographic cost becomes dominant. The paper argues that post-quantum TLS migration is best evaluated as a problem of certificate-hierarchy design, chain exposure, and cryptographic cost concentration during live authentication.

翻译：后量子密码迁移不应被理解为一种平面替换问题——即用一种签名算法替代另一种签名算法，并直接依据基本算法基准推断部署成本。在基于证书的认证中，签名方案族的实际效果取决于其在证书层次结构中所处的位置、握手过程中暴露该层次结构的程度，以及加密码本负担在客户端与服务器角色间的分布方式。本文基于OpenSSL 3和oqsprovider，对TLS 1.3认证策略进行了局部实验研究。利用可复现的实验环境，我们比较了ML-DSA和SLH-DSA在多种证书放置位置、层次结构深度及密钥交换模式（包括经典、混合和纯后量子配置）下的性能表现。最显著的性能突变出现在将SLH-DSA置于服务器端叶证书的场景中。在此配置下，握手延迟与服务器端计算代价呈数量级增长；而将SLH-DSA限制在上层信任层、同时在交互叶证书中保留ML-DSA的策略，其运行开销仍处于实际可行的范围内。实验结果进一步表明，传输尺寸本身无法解释该高负载机制：一旦SLH-DSA进入叶证书层，服务器端密码代价即成为主导因素。本文论证了后量子TLS迁移的最优评估方式：应将其视为实时认证过程中证书层次结构设计、链暴露与密码代价集中度的综合问题。