GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tempesta-tech → tls-perf

tempesta-tech / tls-perf

Licence: GPL-2.0 License
TLS handshakes benchnarking tool

Programming Languages

C++
36643 projects - #6 most used programming language
Makefile
30231 projects

Labels

tlsbenchmarkperformanceddos

Projects that are alternatives of or similar to tls-perf

dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+688.89%)
Mutual labels:  tls, ddos
proxy
A simple golang tcp proxy.
Stars: ✭ 101 (+461.11%)
Mutual labels:  tls
autobench
Benchmark your application on CI
Stars: ✭ 16 (-11.11%)
Mutual labels:  benchmark
glassbench
A micro-benchmark framework to use with cargo bench
Stars: ✭ 29 (+61.11%)
Mutual labels:  benchmark
json-serialization-benchmarking
Miscellaneous benchmarks for JSON serialization on JVM/Android
Stars: ✭ 48 (+166.67%)
Mutual labels:  benchmark
MaskedFaceRepresentation
Masked face recognition focuses on identifying people using their facial features while they are wearing masks. We introduce benchmarks on face verification based on masked face images for the development of COVID-safe protocols in airports.
Stars: ✭ 17 (-5.56%)
Mutual labels:  benchmark
danetls
Program to test DANE enabled TLS Services
Stars: ✭ 18 (+0%)
Mutual labels:  tls
FewCLUE
FewCLUE 小样本学习测评基准,中文版
Stars: ✭ 251 (+1294.44%)
Mutual labels:  benchmark
websploit
Websploit is an advanced MITM framework.
Stars: ✭ 105 (+483.33%)
Mutual labels:  ddos
IGUANA
IGUANA is a benchmark execution framework for querying HTTP endpoints and CLI Applications such as Triple Stores. Contact: [email protected]
Stars: ✭ 22 (+22.22%)
Mutual labels:  benchmark
dtls
Datagram Transport Layer Security (DTLS) client.
Stars: ✭ 72 (+300%)
Mutual labels:  tls
Raven-Storm
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
Stars: ✭ 235 (+1205.56%)
Mutual labels:  ddos
extract-tls-secrets
Decrypt HTTPS/TLS connections on the fly with Wireshark
Stars: ✭ 226 (+1155.56%)
Mutual labels:  tls
iohk-monitoring-framework
This framework provides logging, benchmarking and monitoring.
Stars: ✭ 27 (+50%)
Mutual labels:  benchmark
criterion-compare-action
⚡️📊 Compare the performance of Rust project branches
Stars: ✭ 16 (-11.11%)
Mutual labels:  benchmark
BIRL
BIRL: Benchmark on Image Registration methods with Landmark validations
Stars: ✭ 66 (+266.67%)
Mutual labels:  benchmark
liar
Flexible, stand-alone benchmarking
Stars: ✭ 16 (-11.11%)
Mutual labels:  benchmark
netplus
An easy-to-learn, high performance network io library written in modern cpp (c++11), It borrows concepts from Netty, and with well defined internal modules, It enables you to write rpc, http/https,websocket application with just few lines。
Stars: ✭ 43 (+138.89%)
Mutual labels:  tls
sbcOS
Barebone Opensource Powered SBC
Stars: ✭ 59 (+227.78%)
Mutual labels:  tls
insecure
Secure your dev servers, insecurely!
Stars: ✭ 41 (+127.78%)
Mutual labels:  tls
View All Similar Projects ➔

TLS handshakes benchmarking tool

A tool to stress test the TLS handshake by triggering processor intensive cryptographic computations on the server side.

Inspired by and partially based on THC-SSL-DOS tool (see the fork of the original tool at https://github.com/azet/thc-tls-dos). The key differences from the THC tool are:

  1. this benchmark does TLS handshake only and quickly resets TCP connection. It doesn't try to send or read any data or execute a renegotiation.

  2. this benchmark is multi-threaded and with better epoll() based IO, more efficient state machine and less looping. Multi-threading is required for ECC handshakes with the cryptographic calculations more expensive on the client side than on the server side.

  3. Much richer statistics.

Usage

Build

$ make
g++ -O2 -march=native -mtune=native -Wall -DL1DSZ=64  -c main.cc -o main.o
g++ -o tls-perf main.o -lpthread -lssl -lcrypto

Help

$ ./tls-perf --help

./tls-perf [options] <ip> <port>
  -h,--help            Print this help and exit
  -d,--debug           Run in debug mode
  -q,--quiet           Show less statistics in the run time
  -l <N>               Limit parallel connections for each thread (default: 1)
  -n <N>               Total number of handshakes to establish
  -t <N>               Number of threads (default: 1).
  -T,--to              Duration of the test (in seconds)
  -c <cipher>          Force cipher choice
                       (use `openssl ciphers` to list available cipher suites),
  -C <curve>           Force specific curve for elliptic curve algorithms (use
                       `openssl ecparam -list_curves` to list available curves).
  -V,--tls <version>   Set TLS version for handshake:
                       '1.2', '1.3' or 'any' for both (default: '1.2')
  -K,--tickets <mode>  Process TLS Session tickets and session resumption,
                       'on', 'off' or 'advertise', (default: 'off')
  -F,--keylogfile <f>  File to dump keys for traffic analysers

127.0.0.1:443 address is used by default.

To list available ciphers on a remote peer use:
$ nmap --script ssl-enum-ciphers -p <PORT> <IP>

Examples

Bechmark TLS v1.3 handshakes for 10 seconds through 8 threads with 100 concurrent connections in each tread:

./tls-perf -T 10 -l 100 -t 8 --tls 1.3 192.168.76.7 8081

Bechmark 100 handshakes, leave TLS version and cipher choice for OpenSSL:

./tls-perf -n 100 --tls any ::1 8081

Run

tls-perf starts to establish new connections slowly and prints

( All peers are active, start to gather statistics )

This time all the requested peers managing all the requested connections are active and tls-perf starts to gather statistics for the final report. Thus, you might see smaller number for MEASURES than you saw per-second statistic lines.

The slow start also warms up all the caches of the benchmarked system, so you don't need to make additional load before the benchmark.

$ ./tls-perf -l 1000 -t 2 -T 10 192.168.100.4 443
Running TLS benchmark with following settings:
Host:        192.168.100.4 : 443
TLS version: 1.2
Cipher:      ECDHE-ECDSA-AES128-GCM-SHA256
TLS tickets: off
Duration:    3000

set open files limit to 2008
TLS hs in progress 252 [382 h/s], TCP open conns 252 [146 hs in progress], Errors 0
TLS hs in progress 400 [495 h/s], TCP open conns 400 [497 hs in progress], Errors 0
TLS hs in progress 549 [620 h/s], TCP open conns 549 [932 hs in progress], Errors 0
( All peers are active, start to gather statistics )
TLS hs in progress 834 [448 h/s], TCP open conns 834 [1071 hs in progress], Errors 0
TLS hs in progress 945 [548 h/s], TCP open conns 945 [1055 hs in progress], Errors 0
TLS hs in progress 908 [529 h/s], TCP open conns 908 [1092 hs in progress], Errors 0
TLS hs in progress 946 [603 h/s], TCP open conns 946 [1047 hs in progress], Errors 0
TLS hs in progress 969 [615 h/s], TCP open conns 969 [1031 hs in progress], Errors 0
TLS hs in progress 994 [618 h/s], TCP open conns 994 [1006 hs in progress], Errors 0
TLS hs in progress 941 [585 h/s], TCP open conns 941 [1059 hs in progress], Errors 0
========================================
 TOTAL:                  SECONDS 7; HANDSHAKES 5443
 MEASURES (seconds):     MAX h/s 618; AVG h/s 561; 95P h/s 448; MIN h/s 448
 LATENCY (microseconds): MIN 26; AVG 50; 95P 74; MAX 3945

95P parameters in resulting statistics show 95'th percentile: 95% of TLS handshakes per second measurements are better than the number and 95% of TLS handshakes require less microseconds than the number.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].