All services are started and measured inside one docker-container.
Passing the --cap-add NET_ADMIN option to the container allows you to access the local loop of the docker-container.
The tc utility is used to limit the throughput of the local loop.
The throughput of the local loop during the measurement is limited to 100 Mbps.
A 200MB random string is used as test data on the https-server side. The line is generated in RAM, which excludes the influence of the speed of the HDD / SSD on the measurement results.
The environment has four components:
https-client — cURL;
stunnel_client: post-quantum tunnel entry point;
stunnel_server: post-quantum tunnel exit point;
https-server Python based.
The throughput of a TLSv1.2 connection through a post-quantum tunnel is approximately 66% lower than the throughput of a direct TLSv1.2 connection. The results are close for both post-quantum algorithms: NewHope1024 and Saber.