1
I'm trying to use ab
to do some performance benchmarks of my website after having made some performance tweaks.
Specifically, I'd like to test the difference in performance between the following cipher suites - all supported by my website:
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
The three commands that I've tried are:
ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-RSA-AES128-GCM-SHA256 https://bytes.fyi/
ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-AES128-GCM-SHA256 https://bytes.fyi/
ab -l -n 1000 -c 10 -H "Accept-Encoding: gzip, deflate, br" -Z ECDHE-ECDSA-CHACHA20-POLY1305 https://bytes.fyi/
The first two work fine, but the third generates the following error:
error setting cipher list [ECDHE-ECDSA-CHACHA20-POLY1305]
1995798240:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1385:
I think my versions of ab
and openssl
are both up-to-date enough to support the test:
pi@pi3:~ $ which ab && ab -V
/usr/bin/ab
This is ApacheBench, Version 2.3 <$Revision: 1757674 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
pi@pi3:~ $ which openssl && openssl version
/usr/bin/openssl
OpenSSL 1.1.0f 25 May 2017
The docs for Apache Benchmark don't give much detail on how to check/modify the available cipher suites that can be specified:
-Z ciphersuite
Specify SSL/TLS cipher suite (See openssl ciphers)
I think the above implies that I should be able to use any of the cipher suites listed by the openssl ciphers
command.
All three of my target cipher suites are indeed listed, so I'm confused why my ab
test is failing for the ECDHE-ECDSA-CHACHA20-POLY1305 suite.
Here's some output to show my target suite is supported by my version of openssl:
pi@pi3:~ $ openssl ciphers -v | grep ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD