From Mageia wiki
Revision as of 16:19, 28 June 2012 by Boklm (talk | contribs) (moved Testing procedure:L to Testing procedure:Openssl)
$ urpmq -i openssl Name : openssl Version : 1.0.0d Release : 2.1.mga1 Group : System/Libraries Size : 890800 Architecture: x86_64 Source RPM : openssl-1.0.0d-2.1.mga1.src.rpm URL : http://www.openssl.org/ Summary : Secure Sockets Layer communications libs & utils Description : The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL.
There are some useful commands you can use to test openssl on this website.
To print the openssl version in use:
$ openssl version OpenSSL 1.0.0d 8 Feb 2011
To print the version with the build flags:
$ openssl version -a OpenSSL 1.0.0d 8 Feb 2011 built on: Sun Jan 1 12:48:40 UTC 2012 platform: linux-x86_64 options: bn(64,64) rc4(1x,char) des(idx,cisc,16,int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DPK11_LIB_LOCATION="/usr/lib64/pkcs11/PKCS11_API.so" -m64 -DL_ENDIAN -DTERMIO -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM OPENSSLDIR: "/etc/pki/tls" engines: dynamic
To show all supported cyphers:
# list all available ciphers openssl ciphers -v # list only TLSv1 ciphers openssl ciphers -v -tls1 # list only high encryption ciphers (keys larger than 128 bits) openssl ciphers -v 'HIGH' # list only high encryption ciphers using the AES algorithm openssl ciphers -v 'AES+HIGH'
To run a speed test on all cyphers, which proves they are functional:
$ openssl speed Doing mdc2 for 3s on 16 size blocks: 1523544 mdc2's in 3.00s Doing mdc2 for 3s on 64 size blocks: 407943 mdc2's in 3.00s Doing mdc2 for 3s on 256 size blocks: 103829 mdc2's in 2.99s Doing mdc2 for 3s on 1024 size blocks: 26024 mdc2's in 3.00s Doing mdc2 for 3s on 8192 size blocks: 3261 mdc2's in 3.00s etc..
To check multi core functionality, compare the speed with rsa single core to multi core:
$ openssl speed rsa ...<snip>... sign verify sign/s verify/s rsa 512 bits 0.000134s 0.000011s 7435.7 89229.9 rsa 1024 bits 0.000663s 0.000063s 1507.4 15917.6 rsa 2048 bits 0.004054s 0.000120s 246.7 8361.8 rsa 4096 bits 0.028490s 0.000448s 35.1 2234.5 $ openssl speed rsa -multi 4 (Replace 4 with however many cores you want to use) ...<snip>... (this output looks quite different) sign verify sign/s verify/s rsa 512 bits 0.000034s 0.000003s 29101.3 348484.8 rsa 1024 bits 0.000167s 0.000009s 5971.5 112788.0 rsa 2048 bits 0.001034s 0.000030s 967.5 33135.7 rsa 4096 bits 0.007283s 0.000114s 137.3 8754.4
If you have a server you can test this on you can test connection performance (It is probably not a good idea to use a public server or mageia.org!)
$ openssl s_time -connect <remote.host>:443 No CIPHER specified Collecting connection statistics for 30 seconds ...<snip>... 1055 connections in 4.61s; 228.85 connections/user sec, bytes read 0 1055 connections in 31 real seconds, 0 bytes read per connection Now timing with session id reuse. starting ...<snip>... 21542 connections in 3.46s; 6226.01 connections/user sec, bytes read 0 21542 connections in 31 real seconds, 0 bytes read per connection
If you don't have a server to test that with then you can emulate one using the s_server option:
# on one host, set up the server (using default port 4433) openssl s_server -cert mycert.pem -www # on second host (or even the same one), run s_time openssl s_time -connect myhost:4433 -www / -new -ssl3