httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: [users@httpd] How to benchmark ChaCha20-Poly1305 capable websites using Apache Benchmark (ab) tool?
Date Tue, 25 Jul 2017 14:30:21 GMT
2017-07-25 14:52 GMT+03:00 Matt Holdsworth <matt.holdsworth@boots.co.uk>:
> I'm trying to use 'ab' to do some performance benchmarks of my website after having made
some performance tweaks.
>
> Specifically, I'd like to test the difference in performance between the following cipher
suites - all supported by my website:
>
> ECDHE-RSA-AES128-GCM-SHA256
> ECDHE-ECDSA-AES128-GCM-SHA256
> ECDHE-ECDSA-CHACHA20-POLY1305
>
> The three commands that I've tried are:
>
> ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-RSA-AES128-GCM-SHA256
https://bytes.fyi/
> ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-AES128-GCM-SHA256
https://bytes.fyi/
> ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-CHACHA20-POLY1305
https://bytes.fyi/
>
> The first two work fine, but the third generates the following error:
>
> error setting cipher list [ECDHE-ECDSA-CHACHA20-POLY1305]
> 1995798240:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1385:
> I think my versions of ab and openssl are both up-to-date enough to support the test:
>
> pi@pi3:~ $ which ab && ab -V
> /usr/bin/ab
> This is ApacheBench, Version 2.3 <$Revision: 1757674 $>

1. Looking at http://svn.apache.org/r1757674
(Thu Aug 25 12:53:03 2016 UTC)
and history of httpd/httpd/branches/2.4.x/support/ab.c file that was
changed in that revision,

I think your version of AB does not support OpenSSL 1.1.0 at all,
as support for 1.1.0 was added by later revisions of that file,

http://svn.apache.org/viewvc?view=revision&revision=1787728
"Support OpenSSL 1.1.0"


> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
> Licensed to The Apache Software Foundation, http://www.apache.org/
>
> pi@pi3:~ $ which openssl && openssl version
> /usr/bin/openssl
> OpenSSL 1.1.0f  25 May 2017
>
> The docs for Apache Benchmark don't give much detail on how to check/modify the available
cipher suites that can be specified:
>
> -Z ciphersuite
> Specify SSL/TLS cipher suite (See openssl ciphers)

2. Maybe it is also worth to try "-f TLS1.2". Though as the two other
ciphers work, maybe you do not need it.
https://httpd.apache.org/docs/2.4/programs/ab.html


> I think the above implies that I should be able to use any of the cipher suites listed
by the openssl ciphers command?
>
> All three of my target cipher suites are indeed listed, so I'm confused why my ab test
is failing for the ECDHE-ECDSA-CHACHA20-POLY1305 suite.
>
> Any tips would be much appreciated!
>
> Btw, I asked the same question on superuser.com, here:
>
> https://superuser.com/questions/1231720/how-to-benchmark-chacha20-poly1305-capable-websites-using-apache-benchmark-ab
>

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message