From Mageia wiki
Jump to: navigation, search
(page created)
 
m
Line 120: Line 120:
  
  
[[QA Team portal|return to the QA portal]]
+
[[QA Team portal|Return to the QA portal]]
  
 
[[Category:QA_procedures]]
 
[[Category:QA_procedures]]

Revision as of 10:16, 28 February 2012

$ urpmq -i openssl

Name        : openssl
Version     : 1.0.0d
Release     : 2.1.mga1
Group       : System/Libraries
Size        : 890800                       Architecture: x86_64
Source RPM  : openssl-1.0.0d-2.1.mga1.src.rpm
URL         : http://www.openssl.org/
Summary     : Secure Sockets Layer communications libs & utils
Description :
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.


There are some useful commands you can use to test openssl on this website.


To print the openssl version in use:

$ openssl version
OpenSSL 1.0.0d 8 Feb 2011


To print the version with the build flags:

$ openssl version -a
OpenSSL 1.0.0d 8 Feb 2011
built on: Sun Jan  1 12:48:40 UTC 2012
platform: linux-x86_64
options:  bn(64,64) rc4(1x,char) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPK11_LIB_LOCATION="/usr/lib64/pkcs11/PKCS11_API.so" -m64 -DL_ENDIAN -DTERMIO -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic


To show all supported cyphers:

# list all available ciphers
openssl ciphers -v

# list only TLSv1 ciphers
openssl ciphers -v -tls1

# list only high encryption ciphers (keys larger than 128 bits)
openssl ciphers -v 'HIGH'

# list only high encryption ciphers using the AES algorithm
openssl ciphers -v 'AES+HIGH'


To run a speed test on all cyphers, which proves they are functional:

$ openssl speed
Doing mdc2 for 3s on 16 size blocks: 1523544 mdc2's in 3.00s
Doing mdc2 for 3s on 64 size blocks: 407943 mdc2's in 3.00s
Doing mdc2 for 3s on 256 size blocks: 103829 mdc2's in 2.99s
Doing mdc2 for 3s on 1024 size blocks: 26024 mdc2's in 3.00s
Doing mdc2 for 3s on 8192 size blocks: 3261 mdc2's in 3.00s
etc..


To check multi core functionality, compare the speed with rsa single core to multi core:

$ openssl speed rsa
...<snip>...
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000134s 0.000011s   7435.7  89229.9
rsa 1024 bits 0.000663s 0.000063s   1507.4  15917.6
rsa 2048 bits 0.004054s 0.000120s    246.7   8361.8
rsa 4096 bits 0.028490s 0.000448s     35.1   2234.5


$ openssl speed rsa -multi 4 (Replace 4 with however many cores you want to use)
...<snip>... (this output looks quite different)

                  sign    verify    sign/s verify/s
rsa  512 bits 0.000034s 0.000003s  29101.3 348484.8
rsa 1024 bits 0.000167s 0.000009s   5971.5 112788.0
rsa 2048 bits 0.001034s 0.000030s    967.5  33135.7
rsa 4096 bits 0.007283s 0.000114s    137.3   8754.4


If you have a server you can test this on you can test connection performance (It is probably not a good idea to use a public server or mageia.org!)

$ openssl s_time -connect <remote.host>:443
No CIPHER specified
Collecting connection statistics for 30 seconds
...<snip>...
1055 connections in 4.61s; 228.85 connections/user sec, bytes read 0
1055 connections in 31 real seconds, 0 bytes read per connection


Now timing with session id reuse.
starting
...<snip>...
21542 connections in 3.46s; 6226.01 connections/user sec, bytes read 0
21542 connections in 31 real seconds, 0 bytes read per connection


If you don't have a server to test that with then you can emulate one using the s_server option:

# on one host, set up the server (using default port 4433)
openssl s_server -cert mycert.pem -www

# on second host (or even the same one), run s_time
openssl s_time -connect myhost:4433 -www / -new -ssl3


Return to the QA portal