X25519MLKEM768 · TLS 1.3 · No code changes required

Post-quantum TLS.
Zero friction.

Point your domain at PQ-Proxy. Every connection is automatically protected with X25519MLKEM768 — the hybrid post-quantum key exchange standardized for TLS 1.3. Your backend doesn't change.

Start free trial → See how it works
X25519MLKEM768 (TLS 1.3)
Automatic Let's Encrypt per domain
Real client IP forwarding
Any backend — no code changes
$1.68/domain/day · $0.07/hr
Architecture

Your backend stays
exactly the same.

PQ-Proxy sits in front of your existing backend. It terminates post-quantum TLS from the client, then forwards the request to your backend over a standard connection.

👤
Client
Browser / App / API
X25519MLKEM768
🔐
PQ-Proxy
TLS 1.3 termination
HTTPS / TCP
🖥️
Your backend
Unchanged
Post-quantum TLS (X25519MLKEM768)
Standard connection to your backend
The client negotiates X25519MLKEM768 with PQ-Proxy. Real client IPs are forwarded via x-forwarded-for. PQ-Proxy obtains and renews Let's Encrypt certificates automatically per domain.
Setup

Three steps.
Under 5 minutes.

01
Create an account and add your domain

Sign up at proxy.fipsign.dev. Add your domain and point it to the backend you want to protect. PQ-Proxy supports any backend — cloud, on-premise, serverless, or Cloudflare Workers.

02
Update your DNS

Point your domain's A record to PQ-Proxy's IP. Disable the Cloudflare proxy if your domain is on Cloudflare — TLS must terminate at PQ-Proxy, not at Cloudflare.

A record · your-domain.com → 137.66.56.190
03
Done. Post-quantum TLS is active.

PQ-Proxy automatically provisions a Let's Encrypt certificate for your domain and starts accepting post-quantum TLS connections. Your backend receives normal HTTP/HTTPS requests — no changes required.

Read the full setup guide →
Use cases

Any backend.
Instant protection.

If it speaks HTTP or HTTPS and has a domain, PQ-Proxy can protect it.

🏦
Financial APIs
Protect payment APIs, banking endpoints, and transaction systems against harvest-now-decrypt-later attacks. Compliance-ready without changing a line of backend code.
zero backend changes
🏥
Healthcare & regulated data
Sensitive medical records and regulated data require forward-looking security. Post-quantum TLS ensures that traffic captured today cannot be decrypted by a future quantum computer.
harvest-now protection
🤖
AI agent infrastructure
AI agents communicate over HTTPS. Protect agent-to-agent and agent-to-API communication with post-quantum TLS — no SDK update, no code change.
agent communication
📡
IoT & device fleets
Devices that transmit telemetry, firmware updates, or configuration data are long-lived targets. Post-quantum TLS protects the communication layer without firmware changes.
device communication
⚙️
Internal APIs & microservices
Protect service-to-service communication. Point internal domains at PQ-Proxy and every call between your services is post-quantum protected — without touching service code.
service-to-service
🛡️
Compliance & enterprise
NIST finalized post-quantum standards in August 2024. Organizations that need to demonstrate compliance with FIPS 204-level security can deploy PQ-Proxy today — no security team required.
NIST PQC 2024
Pricing

Simple, per-domain
pricing.

One price per domain. Add or remove domains anytime — billing adjusts automatically.

$1.68/day
per domain · $0.07/hr · billed hourly from your wallet
$0.07
per hour
~$50
per month
7 days
free trial
X25519MLKEM768 post-quantum TLS on every connection
Automatic Let's Encrypt certificate — renewed automatically
Bring your own certificate (BYOC) supported
Real client IP forwarding via x-forwarded-for
Connection metrics — bytes, TLS handshake time, backend latency
Backend health monitoring with alerts
API access — manage domains and read metrics programmatically
Start 7-day free trial →

No credit card required for trial · Minimum top-up $10

Quantum-resistant TLS.
Today.

No code changes. No infrastructure. No cryptography expertise. Just point your domain and you're done.

Start free trial →

Questions? [email protected]

Also from FIPSign

PQ-Sign — Post-quantum token signing & certificates →