diff --git a/.gitignore b/.gitignore
index 9e0f3f8506edc729dffa08bcae7f110f0b2bd58b..2dc9425f8e2c8459242bee44fef14c77063e73f6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -49,3 +49,5 @@ tags
 emulation-exp/code/tmp/
 # emulation-exp/code/kex/data
 # emulation-exp/code/sig/data
+
+tmp/
diff --git a/pq-tls-benchmark-framework/emulation-exp/code/Makefile b/pq-tls-benchmark-framework/emulation-exp/code/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..4d60f59dbeb1f4e287f61b038f2cbf0d84565491
--- /dev/null
+++ b/pq-tls-benchmark-framework/emulation-exp/code/Makefile
@@ -0,0 +1,41 @@
+PWD=$(shell pwd)
+
+
+
+install_curl: install_ngtcp2 install_quictls
+	cd tmp && \
+	wget https://curl.se/download/curl-8.8.0.tar.gz && \
+	tar -zxvf curl-8.8.0.tar.gz
+	cd tmp/curl-8.8.0 && \
+	./configure --prefix=${PWD}/tmp/curl  --with-openssl=${PWD}/tmp/openssl && \
+	exit 1
+	make && \
+	make install
+
+install_ngtcp2: ensure_tmp_dir_exists install_libev
+	cd tmp && \
+	sh ../install-ngtcp2.sh
+
+# install_quictls: ensure_tmp_dir_exists
+# 	cd tmp && \
+# 	git clone --depth 1 -b openssl-3.1.4+quic https://github.com/quictls/openssl && \
+# 	cd openssl && \
+# 	./config enable-tls1_3 --prefix=<somewhere1> && \
+# 	make && \
+# 	make install
+
+install_libev:
+	sudo apt install libev-dev
+
+ensure_tmp_dir_exists:
+	mkdir -p tmp
+
+clean:
+	rm -rf tmp/curl-8.8.0
+	rm -rf tmp/curl-8.8.0.tar.gz
+	rm -rf tmp/ngtcp2
+	rm -rf tmp/wolfssl
+	rm -rf tmp/nghttp3
+
+echo_pwd:
+	echo $(PWD)
diff --git a/pq-tls-benchmark-framework/emulation-exp/code/install-ngtcp2.sh b/pq-tls-benchmark-framework/emulation-exp/code/install-ngtcp2.sh
new file mode 100644
index 0000000000000000000000000000000000000000..f7f0e2a209c9ef3eedc493845ba3b43872c96412
--- /dev/null
+++ b/pq-tls-benchmark-framework/emulation-exp/code/install-ngtcp2.sh
@@ -0,0 +1,29 @@
+# This script is copied from the ngtcp2 repositories README.md, it got modified sligthly. It gets executed by a Makefile.
+set -eux
+git clone --depth 1 -b v5.7.0-stable https://github.com/wolfSSL/wolfssl
+cd wolfssl
+autoreconf -i
+# For wolfSSL < v5.6.6, append --enable-quic.
+./configure --prefix=$PWD/build \
+    --enable-all --enable-aesni --enable-harden --enable-keylog-export \
+    --disable-ech
+make -j$(nproc)
+make install
+cd ..
+
+git clone --recursive https://github.com/ngtcp2/nghttp3
+cd nghttp3
+autoreconf -i
+./configure --prefix=$PWD/build --enable-lib-only
+make -j$(nproc) check
+make install
+cd ..
+
+git clone --recursive https://github.com/ngtcp2/ngtcp2
+cd ngtcp2
+autoreconf -i
+# For Mac users who have installed libev with MacPorts, append
+# LIBEV_CFLAGS="-I/opt/local/include" LIBEV_LIBS="-L/opt/local/lib -lev"
+./configure PKG_CONFIG_PATH=$PWD/../wolfssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig \
+    --with-wolfssl
+make -j$(nproc) check
diff --git a/pq-tls-benchmark-framework/emulation-exp/code/install-prereqs-ubuntu.sh b/pq-tls-benchmark-framework/emulation-exp/code/install-prereqs-ubuntu.sh
index b389a0361073c215f9cce89fa9f5b4574d509924..46d3cba3848270f03b6030a08038c2e241292ccf 100755
--- a/pq-tls-benchmark-framework/emulation-exp/code/install-prereqs-ubuntu.sh
+++ b/pq-tls-benchmark-framework/emulation-exp/code/install-prereqs-ubuntu.sh
@@ -1,8 +1,10 @@
 #!/bin/bash
 set -ex
 
-apt update
-apt install -y git \
+# Make sure to have a recent version of openssl installed by default. For example by having an up to date os version.
+
+sudo apt update
+sudo apt install -y git \
                build-essential \
                autoconf \
                automake \
@@ -12,45 +14,64 @@ apt install -y git \
                libpcre3-dev \
                wget
 
-NGINX_VERSION=1.20.1
-CMAKE_VERSION=3.18
-CMAKE_BUILD=3
+NGINX_VERSION=1.26.1
+CMAKE_VERSION=3.30
+CMAKE_BUILD=0
 
 mkdir -p tmp
 cd tmp
 ROOT=$(pwd)
 
 # Fetch all the files we need
-wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-Linux-x86_64.sh
-git clone -n --single-branch --branch main https://github.com/open-quantum-safe/liboqs.git
-cd liboqs
-git checkout 2e2ddb4e0493014694820471396984b30d59cf97
-cd ..
-git clone -n --single-branch --branch OQS-OpenSSL_1_1_1-stable https://github.com/open-quantum-safe/openssl.git
-cd openssl
-git checkout 63b48cdde3cdf8dab966e31ea277e03e2d233f57
-cd ..
+wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh
+git clone --no-checkout --single-branch --branch main https://github.com/open-quantum-safe/liboqs.git
+(cd liboqs && git checkout d2089c5017fc45f4dce2f6516b3e9ad337946600)
+git clone --no-checkout --single-branch --branch main https://github.com/open-quantum-safe/oqs-provider.git
+(cd oqs-provider && git checkout 8f37521d5e27ab4d1e0d69a4b4a5bd17927b24b9)
+git clone --no-checkout --single-branch --branch master https://github.com/openssl/openssl.git
+(cd openssl && git checkout 2a45839778955ffcab01918f10544d46e42f9a5b)
 wget nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && tar -zxvf nginx-${NGINX_VERSION}.tar.gz
 
 # Install the latest CMake
 mkdir cmake
-sh cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-Linux-x86_64.sh --skip-license --prefix=${ROOT}/cmake
+sh cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh --skip-license --prefix=${ROOT}/cmake
+
+# Build OpenSSL so 'libcrypto.so' is avaiable for the build of liboqs. With Ubuntu 22.04 not longer needed.
+# (
+#     cd openssl-source
+#     ./Configure --prefix=${ROOT}/openssl/ --openssldir=${ROOT}/openssl/
+#     make
+#     make install
+# )
+
 
 # build liboqs
-cd liboqs
-mkdir build && cd build
-${ROOT}/cmake/bin/cmake -GNinja -DCMAKE_INSTALL_PREFIX=${ROOT}/openssl/oqs ..
-ninja && ninja install
+(
+    cd liboqs
+    mkdir build && cd build
+    # --install-prefix could do the same
+    # It needs the libcrypto library, either in .a or .so format, in 'openssl' it is .so and in 'openssl-source' it is .a
+    # -- Found OpenSSL: /absolute-path-to/tmp/openssl/lib64/libcrypto.so (found suitable version "3.0.2", minimum required is "1.1.1")
+    # OPENSSL_ROOT_DIR=${ROOT}/openssl/ ${ROOT}/cmake/bin/cmake -GNinja -DCMAKE_INSTALL_PREFIX=${ROOT}/openssl/oqs ..
+    ${ROOT}/cmake/bin/cmake -GNinja -DCMAKE_INSTALL_PREFIX=${ROOT}/openssl/oqs ..
+    ninja && ninja install
+)
 
 # build nginx (which builds OQS-OpenSSL)
-cd ${ROOT}
-cd nginx-${NGINX_VERSION}
-./configure --prefix=${ROOT}/nginx \
-                --with-debug \
-                --with-http_ssl_module --with-openssl=${ROOT}/openssl \
-                --without-http_gzip_module \
-                --with-cc-opt="-I ${ROOT}/openssl/oqs/include" \
-                --with-ld-opt="-L ${ROOT}/openssl/oqs/lib";
-sed -i 's/libcrypto.a/libcrypto.a -loqs/g' objs/Makefile;
-sed -i 's/EVP_MD_CTX_create/EVP_MD_CTX_new/g; s/EVP_MD_CTX_destroy/EVP_MD_CTX_free/g' src/event/ngx_event_openssl.c;
-make && make install;
+# NOTE openssl gets built a second time here, maybe this can be avoided
+(
+    cd nginx-${NGINX_VERSION}
+    # NOTE why --without-http_gzip_module
+    ./configure --prefix=${ROOT}/nginx \
+                    --with-debug \
+                    --with-http_v2_module \
+                    --with-http_v3_module \
+                    --with-http_ssl_module --with-openssl=${ROOT}/openssl \
+                    --without-http_gzip_module \
+                    --with-cc-opt="-I ${ROOT}/openssl/include" \
+                    --with-ld-opt="-L ${ROOT}/openssl/lib64";
+    # sed -i 's/libcrypto.a/libcrypto.a -loqs/g' objs/Makefile;
+    # NOTE why change this?
+    sed -i 's/EVP_MD_CTX_create/EVP_MD_CTX_new/g; s/EVP_MD_CTX_destroy/EVP_MD_CTX_free/g' src/event/ngx_event_openssl.c;
+    make && make install;
+)
diff --git a/pq-tls-benchmark-framework/emulation-exp/code/kex/nginx.conf b/pq-tls-benchmark-framework/emulation-exp/code/kex/nginx.conf
index 99e2a997adb29c032ccd9d87529b6baba68064a6..d1e2fabf1ce17ca25be5f9487043488d4925df56 100644
--- a/pq-tls-benchmark-framework/emulation-exp/code/kex/nginx.conf
+++ b/pq-tls-benchmark-framework/emulation-exp/code/kex/nginx.conf
@@ -1,115 +1,63 @@
-# Our experiment used: worker_processes 21
-worker_processes  4;
+# Running nginx with sudo results in a 403 Forbidden error. This can be solved by running ngins without sudo through using ports which do not require root access. For example, 8080 and 8443.
 
-error_log  logs/error.log;
-#error_log  logs/error.log debug;
-
-#pid        logs/nginx.pid;
+worker_processes 4;
 
+error_log logs/debug.log debug;
+error_log logs/error.log;
 
 events {
-    worker_connections  1024;
+    worker_connections 1024;
 }
 
-
 http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
-    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-    #                  '$status $body_bytes_sent "$http_referer" '
-    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+    include mime.types;
+    default_type application/octet-stream;
 
-    #access_log  logs/access.log  main;
+    log_format quic '$remote_addr - $remote_user [$time_local] '
+    '"$request" $status $body_bytes_sent '
+    '"$http_referer" "$http_user_agent" "$http3"';
+    access_log logs/access.log quic;
 
-    sendfile        on;
-    #tcp_nopush     on;
-
-    #keepalive_timeout  0;
-    keepalive_timeout  65;
-
-    #gzip  on;
+    sendfile on;
+    keepalive_timeout 65;
+    # gzip on;
 
     server {
-        listen       80;
-        server_name  localhost;
-
-        #charset koi8-r;
+        listen 8080;
+        # server_name can matter if multiple virtual servers are running on the same port, otherwise the first one defined is used anyway.
+        server_name localhost;
 
-        #access_log  logs/host.access.log  main;
+        # redirect to https
+        return 307 https://$host:8443$request_uri;
 
-        location / {
-            root   html;
-            index  index.html index.htm;
-        }
-
-        #error_page  404              /404.html;
-
-        # redirect server error pages to the static page /50x.html
-        #
-        error_page   500 502 503 504  /50x.html;
-        location = /50x.html {
-            root   html;
-        }
-
-        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-        #
-        #location ~ \.php$ {
-        #    proxy_pass   http://127.0.0.1;
-        #}
-
-        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-        #
-        #location ~ \.php$ {
-        #    root           html;
-        #    fastcgi_pass   127.0.0.1:9000;
-        #    fastcgi_index  index.php;
-        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-        #    include        fastcgi_params;
-        #}
-
-        # deny access to .htaccess files, if Apache's document root
-        # concurs with nginx's one
-        #
-        #location ~ /\.ht {
-        #    deny  all;
-        #}
+        # location / {
+        #     root html;
+        #     index index.html index.htm;
+        # }
     }
 
-
-    # another virtual host using mix of IP-, name-, and port-based configuration
-    #
-    #server {
-    #    listen       8000;
-    #    listen       somename:8080;
-    #    server_name  somename  alias  another.alias;
-
-    #    location / {
-    #        root   html;
-    #        index  index.html index.htm;
-    #    }
-    #}
-
-
-    # HTTPS server
-    #
     server {
-        listen       10.0.0.1:4433 ssl;
-        server_name  localhost;
-
-        ssl_certificate      server.crt;
-        ssl_certificate_key  server.key;
+        listen 8443 quic reuseport default_server;
+        listen [::]:8443 quic reuseport default_server; # for ipv6 addresses
+        listen 8443 ssl;
+        listen [::]:8443 ssl;
 
-        ssl_session_cache    shared:SSL:1m;
-        ssl_session_timeout  5m;
+        http3 on;
+        # ssl_protocols TLSv1.3;
 
-        ssl_protocols TLSv1.3;
-        client_header_timeout 67234s;
+        # quic_retry on;
+        # ssl_early_data on;
+        ssl_certificate server.crt;
+        ssl_certificate_key server.key;
 
         location / {
-            root   html;
-            index  index.html index.htm;
+            root html;
+            index index.html index.htm;
+
+            add_header alt-svc 'h3=":$server_port", ma=1800'; # h3-23 is the draft version of the HTTP/3 protocol
+            add_header x-quic 'h3';
+            add_header Cache-Control 'no-store';
         }
     }
 
-}
+}
\ No newline at end of file
diff --git a/pq-tls-benchmark-framework/emulation-exp/code/kex/nginx.conf.old b/pq-tls-benchmark-framework/emulation-exp/code/kex/nginx.conf.old
new file mode 100644
index 0000000000000000000000000000000000000000..f3339b2fdf62a0d5bc280572e3250ac62cac49fc
--- /dev/null
+++ b/pq-tls-benchmark-framework/emulation-exp/code/kex/nginx.conf.old
@@ -0,0 +1,142 @@
+# Our experiment used: worker_processes 21
+worker_processes  4;
+
+error_log logs/debug.log debug;
+error_log  logs/error.log;
+#error_log  logs/error.log debug;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    log_format quic '$remote_addr - $remote_user [$time_local] '
+                    '"$request" $status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent" "$http3"';
+
+    access_log  logs/access.log  quic;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        #charset koi8-r;
+
+        #access_log  logs/host.access.log  main;
+
+        location / {
+            root   html;
+            index  index.html index.htm;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS/TLS server
+    #
+    server {
+        # listen       10.0.0.1:4433 ssl;
+        listen       4433 ssl;
+        server_name  localhost;
+
+        ssl_certificate      server.crt;
+        ssl_certificate_key  server.key;
+
+        ssl_session_cache    shared:SSL:1m;
+        ssl_session_timeout  5m;
+
+        ssl_protocols TLSv1.3;
+        client_header_timeout 67234s;
+
+        location / {
+            root   html;
+            index  index.html index.htm;
+        }
+    }
+
+    # HTTPS/QUIC server
+    server {
+        # listen       10.0.0.1:8443 quic;
+        listen       8443 quic reuseport;
+        listen 8443 ssl;
+        server_name  localhost;
+
+        ssl_certificate      server.crt;
+        ssl_certificate_key  server.key;
+
+        ssl_session_cache    shared:SSL:1m;
+        ssl_session_timeout  5m;
+
+        location / {
+            # used to advertise the availability of HTTP/3
+            add_header Alt-Svc 'h3=":8443"; ma=86400';
+            root   html;
+            index  index.html index.htm;
+        }
+    }
+
+}
diff --git a/pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/setup.sh b/pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/setup.sh
index 45c406c25abb25273b3c13f7c3cc75e59333d52a..becff33d760dd93732c62480f693d1fd49e37ab8 100755
--- a/pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/setup.sh
+++ b/pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/setup.sh
@@ -17,19 +17,22 @@ make s_timer.o
 ##########################
 # Setup network namespaces
 ##########################
-${ROOT}/setup_ns.sh
+sudo ${ROOT}/setup_ns.sh
 
 ##########################
 # Generate ECDSA P-256 cert
 ##########################
+# Add custom build OpenSSL to the ld library path, so it can be used by the openssl binary
+# export LD_LIBRARY_PATH=${ROOT}/tmp/openssl/lib64:$LD_LIBRARY_PATH
+
 # generate curve parameters
 ${OPENSSL} ecparam -out prime256v1.pem -name prime256v1
 
 # generate CA key and cert
-${OPENSSL} req -x509 -new -newkey ec:prime256v1.pem -keyout ${NGINX_CONF_DIR}/CA.key -out ${NGINX_CONF_DIR}/CA.crt -nodes -subj "/CN=OQS test ecdsap256 CA" -days 365 -config ${OPENSSL_CNF}
+${OPENSSL} req -x509 -new -newkey ec:prime256v1.pem -keyout ${NGINX_CONF_DIR}/CA.key -out ${NGINX_CONF_DIR}/CA.crt -noenc -subj "/CN=oqstest CA ecdsap256" -days 365 -config ${OPENSSL_CNF}
 
 # generate server CSR
-${OPENSSL} req -new -newkey ec:prime256v1.pem -keyout ${NGINX_CONF_DIR}/server.key -out ${NGINX_CONF_DIR}/server.csr -nodes -subj "/CN=oqstest CA ecdsap256" -config ${OPENSSL_CNF}
+${OPENSSL} req -new -newkey ec:prime256v1.pem -keyout ${NGINX_CONF_DIR}/server.key -out ${NGINX_CONF_DIR}/server.csr -noenc -subj "/CN=oqstest server ecdsap256" -config ${OPENSSL_CNF}
 
 # generate server cert
 ${OPENSSL} x509 -req -in ${NGINX_CONF_DIR}/server.csr -out ${NGINX_CONF_DIR}/server.crt -CA ${NGINX_CONF_DIR}/CA.crt -CAkey ${NGINX_CONF_DIR}/CA.key -CAcreateserial -days 365
@@ -38,4 +41,6 @@ ${OPENSSL} x509 -req -in ${NGINX_CONF_DIR}/server.csr -out ${NGINX_CONF_DIR}/ser
 # Start nginx
 ##########################
 cp nginx.conf ${NGINX_CONF_DIR}/nginx.conf
-ip netns exec srv_ns ${NGINX_APP}
+echo "EXITING EARLY NOW"
+exit 0
+sudo ip netns exec srv_ns ${NGINX_APP}
diff --git a/pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/teardown.sh b/pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/teardown.sh
index efc4eaf092086813a143dd42398ec90ddd985669..b2a71b631934753fb039c143a99452894429c739 100755
--- a/pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/teardown.sh
+++ b/pq-tls-benchmark-framework/emulation-exp/code/kex/scripts/teardown.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+set -x
 
 ROOT="$(dirname $(pwd))"
 NGINX_APP=${ROOT}/tmp/nginx/sbin/nginx
@@ -6,7 +7,7 @@ NGINX_APP=${ROOT}/tmp/nginx/sbin/nginx
 ##########################
 # Stop nginx
 ##########################
-ip netns exec srv_ns ${NGINX_APP} -s stop
+sudo ip netns exec srv_ns ${NGINX_APP} -s stop
 
 ##########################
 # Remove files
@@ -18,5 +19,5 @@ rm -r scripts/__pycache__
 ##########################
 # Remove network namespaces
 ##########################
-ip netns del cli_ns
-ip netns del srv_ns
+sudo ip netns del cli_ns
+sudo ip netns del srv_ns
diff --git a/pq-tls-benchmark-framework/emulation-exp/code/setup_ns.sh b/pq-tls-benchmark-framework/emulation-exp/code/setup_ns.sh
index 6fc3e29721f23b77b7b0077a0b088f917fc5fb38..5e5e4d709580e5a2f5e55b8ab271cd39356c5271 100755
--- a/pq-tls-benchmark-framework/emulation-exp/code/setup_ns.sh
+++ b/pq-tls-benchmark-framework/emulation-exp/code/setup_ns.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -x
+set -ex
 
 ##########################
 # Setup network namespaces