httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: [users@httpd] How to benchmark ChaCha20-Poly1305 capable websites using Apache Benchmark (ab) tool?
Date Tue, 25 Jul 2017 14:30:21 GMT
2017-07-25 14:52 GMT+03:00 Matt Holdsworth <>:
> I'm trying to use 'ab' to do some performance benchmarks of my website after having made
some performance tweaks.
> Specifically, I'd like to test the difference in performance between the following cipher
suites - all supported by my website:
> The three commands that I've tried are:
> ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-RSA-AES128-GCM-SHA256
> ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-AES128-GCM-SHA256
> ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-CHACHA20-POLY1305
> The first two work fine, but the third generates the following error:
> error setting cipher list [ECDHE-ECDSA-CHACHA20-POLY1305]
> 1995798240:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1385:
> I think my versions of ab and openssl are both up-to-date enough to support the test:
> pi@pi3:~ $ which ab && ab -V
> /usr/bin/ab
> This is ApacheBench, Version 2.3 <$Revision: 1757674 $>

1. Looking at
(Thu Aug 25 12:53:03 2016 UTC)
and history of httpd/httpd/branches/2.4.x/support/ab.c file that was
changed in that revision,

I think your version of AB does not support OpenSSL 1.1.0 at all,
as support for 1.1.0 was added by later revisions of that file,
"Support OpenSSL 1.1.0"

> Copyright 1996 Adam Twiss, Zeus Technology Ltd,
> Licensed to The Apache Software Foundation,
> pi@pi3:~ $ which openssl && openssl version
> /usr/bin/openssl
> OpenSSL 1.1.0f  25 May 2017
> The docs for Apache Benchmark don't give much detail on how to check/modify the available
cipher suites that can be specified:
> -Z ciphersuite
> Specify SSL/TLS cipher suite (See openssl ciphers)

2. Maybe it is also worth to try "-f TLS1.2". Though as the two other
ciphers work, maybe you do not need it.

> I think the above implies that I should be able to use any of the cipher suites listed
by the openssl ciphers command?
> All three of my target cipher suites are indeed listed, so I'm confused why my ab test
is failing for the ECDHE-ECDSA-CHACHA20-POLY1305 suite.
> Any tips would be much appreciated!
> Btw, I asked the same question on, here:

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message