I'm trying to use 'ab' to do some performance benchmarks of my website after having made some performance tweaks.
Specifically, I'd like to test the difference in performance between the following cipher suites - all supported by my website: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 The three commands that I've tried are: ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-RSA-AES128-GCM-SHA256 https://bytes.fyi/ ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-AES128-GCM-SHA256 https://bytes.fyi/ ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-CHACHA20-POLY1305 https://bytes.fyi/ The first two work fine, but the third generates the following error: error setting cipher list [ECDHE-ECDSA-CHACHA20-POLY1305] 1995798240:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1385: I think my versions of ab and openssl are both up-to-date enough to support the test: pi@pi3:~ $ which ab && ab -V /usr/bin/ab This is ApacheBench, Version 2.3 <$Revision: 1757674 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ pi@pi3:~ $ which openssl && openssl version /usr/bin/openssl OpenSSL 1.1.0f 25 May 2017 The docs for Apache Benchmark don't give much detail on how to check/modify the available cipher suites that can be specified: -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers) I think the above implies that I should be able to use any of the cipher suites listed by the openssl ciphers command? All three of my target cipher suites are indeed listed, so I'm confused why my ab test is failing for the ECDHE-ECDSA-CHACHA20-POLY1305 suite. Any tips would be much appreciated! Btw, I asked the same question on superuser.com, here: https://superuser.com/questions/1231720/how-to-benchmark-chacha20-poly1305-capable-websites-using-apache-benchmark-ab Cheers, Matt Boots UK Limited, Registered 928555, Nottingham NG2 3AA This e-mail (including any attachments) is confidential. It may be read, copied and used only by the intended recipient. If you are not the intended recipient you should not copy it or use it for any purpose or disclose its contents to any other person. If you have received this message in error, please notify us and remove it from your system. We cannot accept liability for any damage you incur as a result of virus infection. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
