What we test
- TLS 1.3 negotiation — required for hybrid PQC.
- Hybrid groups — X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024.
- Pure ML-KEM — MLKEM768, MLKEM1024.
- Server preference — when offered the full menu, which group does your server actually pick?
- Classical fallback — old clients still need to connect.
- Legacy TLS 1.0/1.1 — raw-socket detection (advisory).
- Certificate signature — is it ML-DSA / SLH-DSA, or still classical RSA/ECDSA?