This article will demonstrate how to measure SSL and TLS performance using the openssl s_time utility from OpenSSL, the cryptography and SSL/TLS Toolkit. This utility allows you to connect to a remote host with SSL. Note that the connection must be SSL and does not support a plaintext or any other type of connection. The utility works as follows:
- Request a page from a server using SSL
- Responds with the time to transfer the payload data by:
- Measuring the number of connections within a given timeframe
- Measuring the amount of data transferred
- Calculating the average time spent on each connection
For other SSL connection debugging read our article on openssl s_client.
openssl s_time examples
The simplest way to measure SSL performance:
openssl s_time -connect example.com:443The output is in the screenshot below.
The following options are supported for more advanced performance timing:
| Option | Description |
| -help | Show all of the available options |
| -connect | Followed by host:port to connect to |
| -www | The webpage to fetch. If not defined, so data will be transferred |
| -cert | The client certificate to use if required for authentication to the website. If required, the server will prompt you. |
| -key | The key to use if required for authentication to the website. Note that the key may be included in the -cert file |
| -new | Use a new session ID for each connection |
| -reuse | Use the same session ID |
| -cipher | Specify the ciphers to be used for TLSv1.2 and below |
| -ciphersuites | Specify the ciphers to be used for TLSv1.3 |
| -time | How long to run the command for, in seconds |
| -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3 | Specify with SSL or TLS version to time with |
Conclusion
This article has demonstrated how to time SSL connections using the openssl s_time utility. Leave us a comment with any questions or more in depth examples you would like to see.
Leave a Reply