Hey! > On 31 Aug 2016, at 13:31, Kjetil Birkeland Moe <[email protected]> wrote: > Is this problem due to the nginx config, or with OpenSSL? Yes. :-)
> "openssl s_time -connect bettercrypto.org:443 -cipher AES128-GCM-SHA256 -time
> 2"
s_time requires SSLv3 to be available on the server. You may turn off TLS
handshakes by passing -ssl3 (which is pretty useless these days). s_time
doesn’t accept protocol options like s_client does so one can’t make it work
with TLS only.
Of course your server must not have SSLv3 enabled for POODLE reasons.
---------
From the man page of openssl(1):
BUGS
Because this program does not have all the options of the s_client program to
turn protocols on and off, you may not be able to measure the performance of
all protocols with all servers.
---------
Here’s a little snippet that I use to get a rough estimate of the tcp and TLS
timings.
$ seq 5 | xargs -I@ -n1 curl -so /dev/null -w "tcp:%{time_connect},
ssldone:%{time_appconnect}\n" https://bettercrypto.org/
tcp:0.024, ssldone:0.321
tcp:0.019, ssldone:0.307
tcp:0.026, ssldone:0.313
tcp:0.016, ssldone:0.308
tcp:0.031, ssldone:0.330
You can get a bunch other timings with curl(1), just search for “time_” in the
man page.
If you want to skip cert verification you can also pass -k, --insecure to curl.
Hope this helps!
Best regards
MacLemon
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
