liboqs VS website

How about liboqs from OpenQuantumSafe? It includes an implementation of most PQC primitives proposed to date:

https://github.com/open-quantum-safe/liboqs

Part of the issue as a prospective cryptographic user/consumer is that not only do I not know which algorithm(s) should be used, the most likely library https://github.com/open-quantum-safe/liboqs also explicitly states that it shouldn't be used in production.

Hybrid deployment (E.G. with ECC using a curve like 25519) is a great recommendation and probably obvious, far more so than picking a winner among the available post quantum possibly safe algorithms.

Hi everyone! I am currently trying to modify some settings within OpenSSL. My goal is to change the default algorithms that OpenSSL uses for generating certificates and signatures, as well as the key exchange method. Specifically, I want OpenSSL to default to the ones provided by OQS (https://openquantumsafe.org/), Dilithium and Kyber.

NIST - https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization

NSA - https://www.tomshardware.com/news/us-national-security-agency-issues-update-on-crypto-resistant-encryption

ISARA - https://www.isara.com/products/isara-radiate.html

OQS (NIST reports on this) - https://openquantumsafe.org

MSFT - https://www.microsoft.com/en-us/research/project/post-quantum-tls

Wikipedia's take - https://en.wikipedia.org/wiki/Post-quantum_cryptography

Efforts: Open Quantum Safe project

One thing I will mention for "most secure" is that you could add a second layer of encryption based on liboqs which aims to be quantum resistant (mostly important for asymmetric algorithms, symmetric algorithms are already thought to be quantum resistant). We don't know if any of the quantum resistant algorithms are any good or not. They could all be broken, so only use them as a second layer on top of existing encryption schemes, but if you want "the best", then that's what I would do: use standard tools with the biggest variants of the algorithm and then put a layer of post-quantum crypto on top of it.

Traefik : A modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically. it's also well integrated with Let's Encrypt (Alternatives : HAProxy, Kong, NGINX)

Let's Encrypt

cert-manager is a CRD (Custom Resource Definition) that dynamically generates TLS/SSL certificates for our applications using Let's Encrypt (although it also supports other issuers).

Install Certbot Certbot is a CLI that helps to obtain and maintain Let's Encrypt cert.

Let's Encrypt. CapRover automatically configures each service with nginx. SSL certificates (on multiple domains too) are just the click of a button.

you should look at free services like https://letsencrypt.org/

Let's Encrypt Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security…letsencrypt.org

Today, you will learn how to deploy your node.js project to the internet via an Amazon Web Services EC2 Instance at little or no cost. You will learn how to create an AWS EC2 Instance and work in Amazon Linux 2, create and manage services with SYSTEMD, use NGINX as a reverse proxy and obtain an SSL certificate from Let's Encrypt to ensure your website is secure via HTTPS protocol. So let’s get to it and deploy your project to your EC2 Instance.

Luckily you can get the https easily. I’ve been using https://letsencrypt.org/ to get it encrypted. Was fast and free. No real barrier just a bunch of setup.