From 58964a492275ca9a59a0cd9c8155cb2491b4b909 Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Mon, 21 Dec 1998 10:56:39 +0000 Subject: Import of old SSLeay release: SSLeay 0.9.0b --- test/CAssdh.cnf | 24 ++++++++++++ test/CAssdsa.cnf | 23 +++++++++++ test/CAssrsa.cnf | 24 ++++++++++++ test/Makefile.ssl | 67 +++++++++++++++++++++++--------- test/Sssdsa.cnf | 27 +++++++++++++ test/Sssrsa.cnf | 26 +++++++++++++ test/certCA.srl | 2 +- test/methtest.c | 2 +- test/r160test.c | 57 +++++++++++++++++++++++++++ test/riptest | Bin 0 -> 13325 bytes test/testenc | 3 +- test/testkey.pem | 14 +++---- test/testreq.pem | 8 ++-- test/times | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 14 files changed, 358 insertions(+), 32 deletions(-) create mode 100644 test/CAssdh.cnf create mode 100644 test/CAssdsa.cnf create mode 100644 test/CAssrsa.cnf create mode 100644 test/Sssdsa.cnf create mode 100644 test/Sssrsa.cnf create mode 100644 test/r160test.c create mode 100644 test/riptest create mode 100644 test/times (limited to 'test') diff --git a/test/CAssdh.cnf b/test/CAssdh.cnf new file mode 100644 index 0000000000..4e0a908679 --- /dev/null +++ b/test/CAssdh.cnf @@ -0,0 +1,24 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DH certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CU +countryName_value = CU + +organizationName = Organization Name (eg, company) +organizationName_value = La Junta de la Revolucion + +commonName = Common Name (eg, YOUR name) +commonName_value = Junta + diff --git a/test/CAssdsa.cnf b/test/CAssdsa.cnf new file mode 100644 index 0000000000..a6b4d1810c --- /dev/null +++ b/test/CAssdsa.cnf @@ -0,0 +1,23 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Hermanos Locos + +commonName = Common Name (eg, YOUR name) +commonName_value = Hermanos Locos CA diff --git a/test/CAssrsa.cnf b/test/CAssrsa.cnf new file mode 100644 index 0000000000..eb24a6dfc0 --- /dev/null +++ b/test/CAssrsa.cnf @@ -0,0 +1,24 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# create RSA certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Hermanos Locos + +commonName = Common Name (eg, YOUR name) +commonName_value = Hermanos Locos CA + diff --git a/test/Makefile.ssl b/test/Makefile.ssl index ee48d5493d..b3de76751e 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -13,7 +13,7 @@ MAKE= make -f $(MAKEFILE) MAKEDEPEND= makedepend -f$(MAKEFILE) PEX_LIBS= -EX_LIBS= -lnsl -lsocket +EX_LIBS= #-lnsl -lsocket CFLAGS= $(INCLUDES) $(CFLAG) @@ -30,11 +30,15 @@ IDEATEST= ideatest SHATEST= shatest SHA1TEST= sha1test MDC2TEST= mdc2test +RMDTEST= rmdtest MD2TEST= md2test MD5TEST= md5test -RC4TEST= rc4test +HMACTEST= hmactest RC2TEST= rc2test +RC4TEST= rc4test +RC5TEST= rc5test BFTEST= bftest +CASTTEST= casttest DESTEST= destest RANDTEST= randtest DHTEST= dhtest @@ -42,20 +46,24 @@ DSATEST= dsatest METHTEST= methtest SSLTEST= ssltest -EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(RC4TEST) \ - $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RANDTEST) $(DHTEST) \ - $(RC2TEST) $(BFTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) +EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(HMACTEST) \ + $(RC2TEST) $(RC4TEST) $(RC5TEST) \ + $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \ + $(RANDTEST) $(DHTEST) \ + $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) # $(METHTEST) -OBJ= $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD5TEST).o $(RC4TEST).o \ - $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o \ - $(RANDTEST).o $(DHTEST).o \ - $(RC2TEST).o $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o -SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(RC4TEST).c \ - $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c \ - $(RANDTEST).c $(DHTEST).c \ - $(RC2TEST).c $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c +OBJ= $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD5TEST).o $(HMACTEST).o \ + $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ + $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ + $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \ + $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o +SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(HMACTEST).c \ + $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ + $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ + $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \ + $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c EXHEADER= HEADER= $(EXHEADER) @@ -84,8 +92,8 @@ tags: ctags $(SRC) tests: exe apps \ - test_des test_idea test_sha test_md5 test_md2 test_mdc2 \ - test_rc2 test_rc4 test_bf \ + test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \ + test_rc2 test_rc4 test_rc5 test_bf test_cast \ test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \ test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \ test_ss test_ssl test_ca @@ -94,7 +102,7 @@ apps: @(cd ../apps; $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all) test_des: - ./$(DESTEST) + #./$(DESTEST) test_idea: ./$(IDEATEST) @@ -109,18 +117,30 @@ test_mdc2: test_md5: ./$(MD5TEST) +test_hmac: + ./$(HMACTEST) + test_md2: ./$(MD2TEST) -test_rc2: - ./$(RC2TEST) +test_rmd: + ./$(RMDTEST) test_bf: ./$(BFTEST) +test_cast: + ./$(CASTTEST) + +test_rc2: + ./$(RC2TEST) + test_rc4: ./$(RC4TEST) +test_rc5: + ./$(RC5TEST) + test_rand: ./$(RANDTEST) @@ -226,22 +246,33 @@ $(SHATEST): $(SHATEST).o $(DLIBCRYPTO) $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) +$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) + $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) +$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) + $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) $(BFTEST): $(BFTEST).o $(DLIBCRYPTO) $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) +$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) + $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) +$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + $(DESTEST): $(DESTEST).o $(DLIBCRYPTO) $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) diff --git a/test/Sssdsa.cnf b/test/Sssdsa.cnf new file mode 100644 index 0000000000..8e170a28ef --- /dev/null +++ b/test/Sssdsa.cnf @@ -0,0 +1,27 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Tortilleras S.A. + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Torti + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Gordita + diff --git a/test/Sssrsa.cnf b/test/Sssrsa.cnf new file mode 100644 index 0000000000..8c79a03fca --- /dev/null +++ b/test/Sssrsa.cnf @@ -0,0 +1,26 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# create RSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Tortilleras S.A. + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Torti + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Gordita diff --git a/test/certCA.srl b/test/certCA.srl index f5c89552bd..2bbd69c2e5 100644 --- a/test/certCA.srl +++ b/test/certCA.srl @@ -1 +1 @@ -32 +70 diff --git a/test/methtest.c b/test/methtest.c index 55d1ac7934..630d29dc91 100644 --- a/test/methtest.c +++ b/test/methtest.c @@ -1,5 +1,5 @@ /* test/methtest.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written diff --git a/test/r160test.c b/test/r160test.c new file mode 100644 index 0000000000..a172e393ca --- /dev/null +++ b/test/r160test.c @@ -0,0 +1,57 @@ +/* test/r160test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ diff --git a/test/riptest b/test/riptest new file mode 100644 index 0000000000..8685d0ce53 Binary files /dev/null and b/test/riptest differ diff --git a/test/testenc b/test/testenc index 7bcf3d145c..42db56c2be 100644 --- a/test/testenc +++ b/test/testenc @@ -34,7 +34,8 @@ for i in rc4 \ des-cbc des-ede-cbc des-ede3-cbc \ idea-ecb idea-cfb idea-ofb idea-cbc \ rc2-ecb rc2-cfb rc2-ofb rc2-cbc \ - bf-ecb bf-cfb bf-ofb bf-cbc + bf-ecb bf-cfb bf-ofb bf-cbc rc4 \ + cast5-ecb cast5-cfb cast5-ofb cast5-cbc do echo $i $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher diff --git a/test/testkey.pem b/test/testkey.pem index c8eba82668..562e77cb9f 100644 --- a/test/testkey.pem +++ b/test/testkey.pem @@ -1,9 +1,9 @@ -----BEGIN RSA PRIVATE KEY----- -MIIBOQIBAAJBAK8j1FaU9b+TMyeiXGzIGJZ/Coj39v2v4a4NviCjWELm14fdcdg4 -3Q99LTLyvLDnq7sLQX4gOMaLM4rmGMgeuGsCAwEAAQJAAaFRvqSQTQIvvbSzK4gJ -Qo1YKcI1GFNkxFv4YxFiJu0/LXaw9U/iDSlUdH15F6ezndqojovnn731Pmf7e08F -MQIhAOCi7P0RtrV3O/KB0MYldxFOKNwp5lzH+um7jBq6oRw1AiEAx5fGT9fIFl6Z -hXgWYy+eO8QPjEXDcLTgc5/VbE3o1h8CIBIre4nYxfOVqmaqM23jl+bxcIKmbPiy -QExpnCKJWADFAiAL73CFb8LgS5HkoFS+Y6eTrVq8qaNRRw+w+lrZ2iLVQwIgRk40 -WRSH7Yv90rv1PpcQ4wxSnu3lfyFO1XZ/J1UxdfA= +MIIBOgIBAAJBAMIvB0MXsW7gNKJp7/7fTjmd/vdXk51GcgIxergzS13i6nCAL+97 +vD7erU7M5s6kWCm4/U8Q6wcY7jwauiUO7iUCAwEAAQJBAIsOypCNYw8XmBnG64sF +tysjrfbKzHcQf4x6intmoE42dSc1SkyJXvQiNcXaiS5bGBGrfRkabE8j4X9mmMd6 +S/ECIQD0YIYwjPYLDDJGa2kog42JSiEu15dAOcAJTsnhiHvKbwIhAMtrXLguHYKb +ScrW/q8Uq+eRcMHwgbuBvnqmzAMln6qrAiAEctFehuJftxwfLgtfAm4MJr5N5PzK +3YJCaR3BrkNanwIgNcJh9qr5UZMIpXq8RDkKVWCylA6jupJHbNK4B/zhfZECIB+9 +Is3OLPuWFJmk9eQcUaNQZJ5WwEBsaGQ12JeW7Kpe -----END RSA PRIVATE KEY----- diff --git a/test/testreq.pem b/test/testreq.pem index ebae21d94c..b20137b6e3 100644 --- a/test/testreq.pem +++ b/test/testreq.pem @@ -2,8 +2,8 @@ MIIBQjCB7QIBADCBhzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDET MBEGA1UEAxMKRXJpYyBZb3VuZzEfMB0GCSqGSIb3DQEJARYQZWF5QG1pbmNvbS5v -ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvI9RWlPW/kzMnolxsyBiWfwqI -9/b9r+GuDb4go1hC5teH3XHYON0PfS0y8ryw56u7C0F+IDjGizOK5hjIHrhrAgMB -AAGgADANBgkqhkiG9w0BAQQFAANBAAJIIXcUJRF4IW0bTYoBAAWnvWNA6gl2lvNF -OTkJTP7rQG0kdx/YNbBKAosMUUtEk38o2fzsv64jzXL8weUwoPM= +ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCLwdDF7Fu4DSiae/+3045nf73 +V5OdRnICMXq4M0td4upwgC/ve7w+3q1OzObOpFgpuP1PEOsHGO48GrolDu4lAgMB +AAGgADANBgkqhkiG9w0BAQQFAANBAItCGg8qCPSoASvm3QUx/6PpreQclDO0bM2l +eacLlzSHBUvaSqapR/pHfHG2r9l6PuEr/rrYHo+ZrAraSyPhEBc= -----END CERTIFICATE REQUEST----- diff --git a/test/times b/test/times new file mode 100644 index 0000000000..49aeebf216 --- /dev/null +++ b/test/times @@ -0,0 +1,113 @@ + +More number for the questions about SSL overheads.... + +The following numbers were generated on a pentium pro 200, running linux. +They give an indication of the SSL protocol and encryption overheads. + +The program that generated them is an unreleased version of ssl/ssltest.c +which is the SSLeay ssl protocol testing program. It is a single process that +talks both sides of the SSL protocol via a non-blocking memory buffer +interface. + +How do I read this? The protocol and cipher are reasonable obvious. +The next number is the number of connections being made. The next is the +number of bytes exchanged bewteen the client and server side of the protocol. +This is the number of bytes that the client sends to the server, and then +the server sends back. Because this is all happening in one process, +the data is being encrypted, decrypted, encrypted and then decrypted again. +It is a round trip of that many bytes. Because the one process performs +both the client and server sides of the protocol and it sends this many bytes +each direction, multiply this number by 4 to generate the number +of bytes encrypted/decrypted/MACed. The first time value is how many seconds +elapsed doing a full SSL handshake, the second is the cost of one +full handshake and the rest being session-id reuse. + +SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s +SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s +SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s +SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA +SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s +SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s +SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s + +SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s +SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s +SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA +SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s +SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s +SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s + +SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s +SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s +SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s +SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA +SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s +SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s +SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s + +SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s +SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s +SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s +SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA +SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s +SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s +SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s + +What does this all mean? Well for a server, with no session-id reuse, with +a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, +a pentium pro 200 running linux can handle the SSLv3 protocol overheads of +about 49 connections a second. Reality will be quite different :-). + +Remeber the first number is 1000 full ssl handshakes, the second is +1 full and 999 with session-id reuse. The RSA overheads for each exchange +would be one public and one private operation, but the protocol/MAC/cipher +cost would be quite similar in both the client and server. + +eric (adding numbers to speculation) + +--- Appendix --- +- The time measured is user time but these number a very rough. +- Remember this is the cost of both client and server sides of the protocol. +- The TCP/kernal overhead of connection establishment is normally the + killer in SSL. Often delays in the TCP protocol will make session-id + reuse look slower that new sessions, but this would not be the case on + a loaded server. +- The TCP round trip latencies, while slowing indervidual connections, + would have minimal impact on throughput. +- Instead of sending one 102400 byte buffer, one 8k buffer is sent until +- the required number of bytes are processed. +- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers. +- A 512bit server key was being used except where noted. +- No server key verification was being performed on the client side of the + protocol. This would slow things down very little. +- The library being used is SSLeay 0.8.x. +- The normal mesauring system was commands of the form + time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse + This modified version of ssltest should be in the next public release of + SSLeay. + +The general cipher performace number for this platform are + +SSLeay 0.8.2a 04-Sep-1997 +built on Fri Sep 5 17:37:05 EST 1997 +options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) +C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 131.02k 368.41k 500.57k 549.21k 566.09k +mdc2 535.60k 589.10k 595.88k 595.97k 594.54k +md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k +sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k +sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k +rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k +des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k +des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k +idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k +rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k +blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k + sign verify +rsa 512 bits 0.0100s 0.0011s +rsa 1024 bits 0.0451s 0.0012s +rsa 2048 bits 0.2605s 0.0086s +rsa 4096 bits 1.6883s 0.0302s + -- cgit v1.2.3