This article will demonstrate how to measure SSL and TLS performance using the openssl s_time utility from OpenSSL, the cryptography and SSL/TLS Toolkit. This utility allows you to connect to a remote host with SSL. Note that the connection must be SSL and does not support a plaintext or any other type of connection. The utility works as follows:
- Request a page from a server using SSL
- Responds with the time to transfer the payload data by:
- Measuring the number of connections within a given timeframe
- Measuring the amount of data transferred
- Calculating the average time spent on each connection
For other SSL connection debugging read our article on openssl s_client.
openssl s_time examples
The simplest way to measure SSL performance:
openssl s_time -connect example.com:443
The output is in the screenshot below.

The following options are supported for more advanced performance timing:
Option | Description |
-help | Show all of the available options |
-connect | Followed by host:port to connect to |
-www | The webpage to fetch. If not defined, so data will be transferred |
-cert | The client certificate to use if required for authentication to the website. If required, the server will prompt you. |
-key | The key to use if required for authentication to the website. Note that the key may be included in the -cert file |
-new | Use a new session ID for each connection |
-reuse | Use the same session ID |
-cipher | Specify the ciphers to be used for TLSv1.2 and below |
-ciphersuites | Specify the ciphers to be used for TLSv1.3 |
-time | How long to run the command for, in seconds |
-ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3 | Specify with SSL or TLS version to time with |
Conclusion
This article has demonstrated how to time SSL connections using the openssl s_time utility. Leave us a comment with any questions or more in depth examples you would like to see.
Leave a Reply