This article will demonstrate how to measure SSL and TLS performance using the openssl s_time utility from OpenSSL, the cryptography and SSL/TLS Toolkit. This utility allows you to connect to a remote host with SSL. Note that the connection must be SSL and does not support a plaintext or any other type of connection. The utility works as follows:
- Request a page from a server using SSL
- Responds with the time to transfer the payload data by:
- Measuring the number of connections within a given timeframe
- Measuring the amount of data transferred
- Calculating the average time spent on each connection
For other SSL connection debugging read our article on openssl s_client.
openssl s_time examples
The simplest way to measure SSL performance:
openssl s_time -connect example.com:443
The output is in the screenshot below.
The following options are supported for more advanced performance timing:
|-help||Show all of the available options|
|-connect||Followed by host:port to connect to|
|-www||The webpage to fetch. If not defined, so data will be transferred|
|-cert||The client certificate to use if required for authentication to the website. If required, the server will prompt you.|
|-key||The key to use if required for authentication to the website. Note that the key may be included in the -cert file|
|-new||Use a new session ID for each connection|
|-reuse||Use the same session ID|
|-cipher||Specify the ciphers to be used for TLSv1.2 and below|
|-ciphersuites||Specify the ciphers to be used for TLSv1.3|
|-time||How long to run the command for, in seconds|
|-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3||Specify with SSL or TLS version to time with|
This article has demonstrated how to time SSL connections using the openssl s_time utility. Leave us a comment with any questions or more in depth examples you would like to see.