测试平台在linux下的ssl性能
使用openssl的evp参数可以快速方便地测试运行linux地服务器或客户端设备的ssl性能。
例子:openssl speed -evp aes-256-gcm
ayahuasec@AYAHUASEC-LAPTOP0:~$ openssl speed -evp aes-256-gcm
Doing aes-256-gcm for 3s on 16 size blocks: 85572354 aes-256-gcm's in 3.01s
Doing aes-256-gcm for 3s on 64 size blocks: 47740273 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 256 size blocks: 21305830 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 1024 size blocks: 7727741 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 8192 size blocks: 1130730 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 16384 size blocks: 574152 aes-256-gcm's in 3.00s
OpenSSL 1.1.1 11 Sep 2018
built on: Tue Nov 12 16:58:35 2019 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-kxN_24/openssl-1.1.1=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-256-gcm 454869.66k 1018459.16k 1818097.49k 2637735.59k 3087646.72k 3135635.46k其他常用的算法:aes-128-cfb、chacha20-poly1305。
在没有硬件aes的设备上推荐使用chacha20-poly1305,在有硬件aes的设备上则推荐使用aes-128-gcm。
通过cat /proc/cpuinfo | grep aes可以查看cpu是否支持硬件aes。
对于多核设备,可通过-multi n指定测试时fork的进程数,例如对于4核处理器:openssl speed -evp aes-128-gcm -multi 4