{"id":18897349,"url":"https://github.com/tempesta-tech/tls-perf","last_synced_at":"2025-04-15T02:09:03.914Z","repository":{"id":43472817,"uuid":"255713511","full_name":"tempesta-tech/tls-perf","owner":"tempesta-tech","description":"TLS handshakes benchnarking tool","archived":false,"fork":false,"pushed_at":"2023-09-13T12:02:42.000Z","size":82,"stargazers_count":52,"open_issues_count":0,"forks_count":10,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-04-15T02:08:58.191Z","etag":null,"topics":["benchmark","ddos","performance","tls"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tempesta-tech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-14T20:04:19.000Z","updated_at":"2025-04-08T21:33:21.000Z","dependencies_parsed_at":"2024-11-08T08:50:00.148Z","dependency_job_id":null,"html_url":"https://github.com/tempesta-tech/tls-perf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tempesta-tech%2Ftls-perf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tempesta-tech%2Ftls-perf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tempesta-tech%2Ftls-perf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tempesta-tech%2Ftls-perf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tempesta-tech","download_url":"https://codeload.github.com/tempesta-tech/tls-perf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248991544,"owners_count":21194894,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["benchmark","ddos","performance","tls"],"created_at":"2024-11-08T08:37:02.780Z","updated_at":"2025-04-15T02:09:03.897Z","avatar_url":"https://github.com/tempesta-tech.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TLS handshakes benchmarking tool\n\nA tool to stress test the TLS handshake by triggering processor intensive\ncryptographic computations on the server side.\n\nInspired by and partially based on THC-SSL-DOS tool (see the fork of the\noriginal tool at https://github.com/azet/thc-tls-dos). The key differences\nfrom the THC tool are:\n\n1. this benchmark does TLS handshake only and quickly resets TCP connection.\n It doesn't try to send or read any data or execute a renegotiation.\n\n2. this benchmark is multi-threaded and with better `epoll()` based IO, more\n efficient state machine and less looping. Multi-threading is required for\n ECC handshakes with the cryptographic calculations more expensive on\n the client side than on the server side.\n\n3. Much richer statistics.\n\n\n# Usage\n\n## Build\n```\n$ make\ng++ -O2 -march=native -mtune=native -Wall -DL1DSZ=64 -c main.cc -o main.o\ng++ -o tls-perf main.o -lpthread -lssl -lcrypto\n```\n\n## Using custom openssl build\nProvide `Makefile.local` with two variables:\n```\nSSL_INCLUDE := /path/to/ssl/include/dir\nSSL_LIBDIR := /path/to/ssl/libdir\n```\n\nThis would add specified directories to compiler/linker search paths and also would\nadd rpath to the resulting binary.\n\n## Help\n```\n$ ./tls-perf --help\n\n./tls-perf [options] \u003cip\u003e \u003cport\u003e\n -h,--help Print this help and exit\n -d,--debug Run in debug mode\n -q,--quiet Show less statistics in the run time\n -l \u003cN\u003e Limit parallel connections for each thread (default: 1)\n -n \u003cN\u003e Total number of handshakes to establish\n -t \u003cN\u003e Number of threads (default: 1).\n -T,--to Duration of the test (in seconds)\n -c \u003ccipher\u003e Force cipher choice\n (use `openssl ciphers` to list available cipher suites),\n -C \u003ccurve\u003e Force specific curve for elliptic curve algorithms (use\n `openssl ecparam -list_curves` to list available curves).\n -V,--tls \u003cversion\u003e Set TLS version for handshake:\n '1.2', '1.3' or 'any' for both (default: '1.2')\n -K,--tickets \u003cmode\u003e Process TLS Session tickets and session resumption,\n 'on', 'off' or 'advertise', (default: 'off')\n -F,--keylogfile \u003cf\u003e File to dump keys for traffic analysers\n -s,--sni \u003cservernameindicator\u003e SNI to use for the given \u003cip\u003e\n\n127.0.0.1:443 address is used by default.\n\nTo list available ciphers on a remote peer use:\n$ nmap --script ssl-enum-ciphers -p \u003cPORT\u003e \u003cIP\u003e\n\n```\n\n## Examples\n\nBechmark TLS v1.3 handshakes for 10 seconds through 8 threads with 100\nconcurrent connections in each tread:\n```\n./tls-perf -T 10 -l 100 -t 8 --tls 1.3 192.168.76.7 8081\n```\n\nBechmark 100 handshakes, leave TLS version and cipher choice for OpenSSL:\n```\n./tls-perf -n 100 --tls any ::1 8081\n```\n\n## Run\n\n**tls-perf** starts to establish new connections slowly and prints\n```\n( All peers are active, start to gather statistics )\n```\nThis time all the requested peers managing all the requested connections are\nactive and **tls-perf** starts to gather statistics for the final report. Thus,\nyou might see smaller number for `MEASURES` than you saw per-second statistic\nlines.\n\nThe slow start also warms up all the caches of the benchmarked system, so\nyou don't need to make additional load before the benchmark.\n\n```\n$ ./tls-perf -l 1000 -t 2 -T 10 192.168.100.4 443\nRunning TLS benchmark with following settings:\nHost: 192.168.100.4 : 443\nTLS version: 1.2\nCipher: ECDHE-ECDSA-AES128-GCM-SHA256\nTLS tickets: off\nDuration: 3000\n\nset open files limit to 2008\nTLS hs in progress 252 [382 h/s], TCP open conns 252 [146 hs in progress], Errors 0\nTLS hs in progress 400 [495 h/s], TCP open conns 400 [497 hs in progress], Errors 0\nTLS hs in progress 549 [620 h/s], TCP open conns 549 [932 hs in progress], Errors 0\n( All peers are active, start to gather statistics )\nTLS hs in progress 834 [448 h/s], TCP open conns 834 [1071 hs in progress], Errors 0\nTLS hs in progress 945 [548 h/s], TCP open conns 945 [1055 hs in progress], Errors 0\nTLS hs in progress 908 [529 h/s], TCP open conns 908 [1092 hs in progress], Errors 0\nTLS hs in progress 946 [603 h/s], TCP open conns 946 [1047 hs in progress], Errors 0\nTLS hs in progress 969 [615 h/s], TCP open conns 969 [1031 hs in progress], Errors 0\nTLS hs in progress 994 [618 h/s], TCP open conns 994 [1006 hs in progress], Errors 0\nTLS hs in progress 941 [585 h/s], TCP open conns 941 [1059 hs in progress], Errors 0\n========================================\n TOTAL: SECONDS 7; HANDSHAKES 5443\n MEASURES (seconds): MAX h/s 618; AVG h/s 561; 95P h/s 448; MIN h/s 448\n LATENCY (microseconds): MIN 26; AVG 50; 95P 74; MAX 3945\n```\n\n`95P` parameters in resulting statistics show 95'th percentile: 95% of TLS\nhandshakes per second measurements are better than the number and 95% of TLS\nhandshakes require less microseconds than the number.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftempesta-tech%2Ftls-perf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftempesta-tech%2Ftls-perf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftempesta-tech%2Ftls-perf/lists"}