Import of old SSLeay release: SSLeay 0.9.0b
diff --git a/test/CAssdh.cnf b/test/CAssdh.cnf
new file mode 100644
index 0000000..4e0a908
--- /dev/null
+++ b/test/CAssdh.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DH certs - CA
+
+RANDFILE = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_rsa_key = no
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = CU
+countryName_value = CU
+
+organizationName = Organization Name (eg, company)
+organizationName_value = La Junta de la Revolucion
+
+commonName = Common Name (eg, YOUR name)
+commonName_value = Junta
+
diff --git a/test/CAssdsa.cnf b/test/CAssdsa.cnf
new file mode 100644
index 0000000..a6b4d18
--- /dev/null
+++ b/test/CAssdsa.cnf
@@ -0,0 +1,23 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - CA
+
+RANDFILE = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_rsa_key = no
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = ES
+countryName_value = ES
+
+organizationName = Organization Name (eg, company)
+organizationName_value = Hermanos Locos
+
+commonName = Common Name (eg, YOUR name)
+commonName_value = Hermanos Locos CA
diff --git a/test/CAssrsa.cnf b/test/CAssrsa.cnf
new file mode 100644
index 0000000..eb24a6d
--- /dev/null
+++ b/test/CAssrsa.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - CA
+
+RANDFILE = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_key = no
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = ES
+countryName_value = ES
+
+organizationName = Organization Name (eg, company)
+organizationName_value = Hermanos Locos
+
+commonName = Common Name (eg, YOUR name)
+commonName_value = Hermanos Locos CA
+
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index ee48d54..b3de767 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -13,7 +13,7 @@
MAKEDEPEND= makedepend -f$(MAKEFILE)
PEX_LIBS=
-EX_LIBS= -lnsl -lsocket
+EX_LIBS= #-lnsl -lsocket
CFLAGS= $(INCLUDES) $(CFLAG)
@@ -30,11 +30,15 @@
SHATEST= shatest
SHA1TEST= sha1test
MDC2TEST= mdc2test
+RMDTEST= rmdtest
MD2TEST= md2test
MD5TEST= md5test
-RC4TEST= rc4test
+HMACTEST= hmactest
RC2TEST= rc2test
+RC4TEST= rc4test
+RC5TEST= rc5test
BFTEST= bftest
+CASTTEST= casttest
DESTEST= destest
RANDTEST= randtest
DHTEST= dhtest
@@ -42,20 +46,24 @@
METHTEST= methtest
SSLTEST= ssltest
-EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(RC4TEST) \
- $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RANDTEST) $(DHTEST) \
- $(RC2TEST) $(BFTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
+EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(HMACTEST) \
+ $(RC2TEST) $(RC4TEST) $(RC5TEST) \
+ $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+ $(RANDTEST) $(DHTEST) \
+ $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
# $(METHTEST)
-OBJ= $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD5TEST).o $(RC4TEST).o \
- $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o \
- $(RANDTEST).o $(DHTEST).o \
- $(RC2TEST).o $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o
-SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(RC4TEST).c \
- $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c \
- $(RANDTEST).c $(DHTEST).c \
- $(RC2TEST).c $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c
+OBJ= $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD5TEST).o $(HMACTEST).o \
+ $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+ $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+ $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o
+SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(HMACTEST).c \
+ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+ $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+ $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c
EXHEADER=
HEADER= $(EXHEADER)
@@ -84,8 +92,8 @@
ctags $(SRC)
tests: exe apps \
- test_des test_idea test_sha test_md5 test_md2 test_mdc2 \
- test_rc2 test_rc4 test_bf \
+ test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+ test_rc2 test_rc4 test_rc5 test_bf test_cast \
test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \
test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \
test_ss test_ssl test_ca
@@ -94,7 +102,7 @@
@(cd ../apps; $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
test_des:
- ./$(DESTEST)
+ #./$(DESTEST)
test_idea:
./$(IDEATEST)
@@ -109,18 +117,30 @@
test_md5:
./$(MD5TEST)
+test_hmac:
+ ./$(HMACTEST)
+
test_md2:
./$(MD2TEST)
-test_rc2:
- ./$(RC2TEST)
+test_rmd:
+ ./$(RMDTEST)
test_bf:
./$(BFTEST)
+test_cast:
+ ./$(CASTTEST)
+
+test_rc2:
+ ./$(RC2TEST)
+
test_rc4:
./$(RC4TEST)
+test_rc5:
+ ./$(RC5TEST)
+
test_rand:
./$(RANDTEST)
@@ -226,22 +246,33 @@
$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+ $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+ $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
$(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+ $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+ $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
$(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
diff --git a/test/Sssdsa.cnf b/test/Sssdsa.cnf
new file mode 100644
index 0000000..8e170a2
--- /dev/null
+++ b/test/Sssdsa.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+
+RANDFILE = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_rsa_key = no
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = ES
+countryName_value = ES
+
+organizationName = Organization Name (eg, company)
+organizationName_value = Tortilleras S.A.
+
+0.commonName = Common Name (eg, YOUR name)
+0.commonName_value = Torti
+
+1.commonName = Common Name (eg, YOUR name)
+1.commonName_value = Gordita
+
diff --git a/test/Sssrsa.cnf b/test/Sssrsa.cnf
new file mode 100644
index 0000000..8c79a03
--- /dev/null
+++ b/test/Sssrsa.cnf
@@ -0,0 +1,26 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - Server
+
+RANDFILE = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_key = no
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = ES
+countryName_value = ES
+
+organizationName = Organization Name (eg, company)
+organizationName_value = Tortilleras S.A.
+
+0.commonName = Common Name (eg, YOUR name)
+0.commonName_value = Torti
+
+1.commonName = Common Name (eg, YOUR name)
+1.commonName_value = Gordita
diff --git a/test/certCA.srl b/test/certCA.srl
index f5c8955..2bbd69c 100644
--- a/test/certCA.srl
+++ b/test/certCA.srl
@@ -1 +1 @@
-32
+70
diff --git a/test/methtest.c b/test/methtest.c
index 55d1ac7..630d29d 100644
--- a/test/methtest.c
+++ b/test/methtest.c
@@ -1,5 +1,5 @@
/* test/methtest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
diff --git a/test/r160test.c b/test/r160test.c
new file mode 100644
index 0000000..a172e39
--- /dev/null
+++ b/test/r160test.c
@@ -0,0 +1,57 @@
+/* test/r160test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
diff --git a/test/riptest b/test/riptest
new file mode 100644
index 0000000..8685d0c
--- /dev/null
+++ b/test/riptest
Binary files differ
diff --git a/test/testenc b/test/testenc
index 7bcf3d1..42db56c 100644
--- a/test/testenc
+++ b/test/testenc
@@ -34,7 +34,8 @@
des-cbc des-ede-cbc des-ede3-cbc \
idea-ecb idea-cfb idea-ofb idea-cbc \
rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
- bf-ecb bf-cfb bf-ofb bf-cbc
+ bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
+ cast5-ecb cast5-cfb cast5-ofb cast5-cbc
do
echo $i
$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
diff --git a/test/testkey.pem b/test/testkey.pem
index c8eba82..562e77c 100644
--- a/test/testkey.pem
+++ b/test/testkey.pem
@@ -1,9 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAK8j1FaU9b+TMyeiXGzIGJZ/Coj39v2v4a4NviCjWELm14fdcdg4
-3Q99LTLyvLDnq7sLQX4gOMaLM4rmGMgeuGsCAwEAAQJAAaFRvqSQTQIvvbSzK4gJ
-Qo1YKcI1GFNkxFv4YxFiJu0/LXaw9U/iDSlUdH15F6ezndqojovnn731Pmf7e08F
-MQIhAOCi7P0RtrV3O/KB0MYldxFOKNwp5lzH+um7jBq6oRw1AiEAx5fGT9fIFl6Z
-hXgWYy+eO8QPjEXDcLTgc5/VbE3o1h8CIBIre4nYxfOVqmaqM23jl+bxcIKmbPiy
-QExpnCKJWADFAiAL73CFb8LgS5HkoFS+Y6eTrVq8qaNRRw+w+lrZ2iLVQwIgRk40
-WRSH7Yv90rv1PpcQ4wxSnu3lfyFO1XZ/J1UxdfA=
+MIIBOgIBAAJBAMIvB0MXsW7gNKJp7/7fTjmd/vdXk51GcgIxergzS13i6nCAL+97
+vD7erU7M5s6kWCm4/U8Q6wcY7jwauiUO7iUCAwEAAQJBAIsOypCNYw8XmBnG64sF
+tysjrfbKzHcQf4x6intmoE42dSc1SkyJXvQiNcXaiS5bGBGrfRkabE8j4X9mmMd6
+S/ECIQD0YIYwjPYLDDJGa2kog42JSiEu15dAOcAJTsnhiHvKbwIhAMtrXLguHYKb
+ScrW/q8Uq+eRcMHwgbuBvnqmzAMln6qrAiAEctFehuJftxwfLgtfAm4MJr5N5PzK
+3YJCaR3BrkNanwIgNcJh9qr5UZMIpXq8RDkKVWCylA6jupJHbNK4B/zhfZECIB+9
+Is3OLPuWFJmk9eQcUaNQZJ5WwEBsaGQ12JeW7Kpe
-----END RSA PRIVATE KEY-----
diff --git a/test/testreq.pem b/test/testreq.pem
index ebae21d..b20137b 100644
--- a/test/testreq.pem
+++ b/test/testreq.pem
@@ -2,8 +2,8 @@
MIIBQjCB7QIBADCBhzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDET
MBEGA1UEAxMKRXJpYyBZb3VuZzEfMB0GCSqGSIb3DQEJARYQZWF5QG1pbmNvbS5v
-ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvI9RWlPW/kzMnolxsyBiWfwqI
-9/b9r+GuDb4go1hC5teH3XHYON0PfS0y8ryw56u7C0F+IDjGizOK5hjIHrhrAgMB
-AAGgADANBgkqhkiG9w0BAQQFAANBAAJIIXcUJRF4IW0bTYoBAAWnvWNA6gl2lvNF
-OTkJTP7rQG0kdx/YNbBKAosMUUtEk38o2fzsv64jzXL8weUwoPM=
+ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCLwdDF7Fu4DSiae/+3045nf73
+V5OdRnICMXq4M0td4upwgC/ve7w+3q1OzObOpFgpuP1PEOsHGO48GrolDu4lAgMB
+AAGgADANBgkqhkiG9w0BAQQFAANBAItCGg8qCPSoASvm3QUx/6PpreQclDO0bM2l
+eacLlzSHBUvaSqapR/pHfHG2r9l6PuEr/rrYHo+ZrAraSyPhEBc=
-----END CERTIFICATE REQUEST-----
diff --git a/test/times b/test/times
new file mode 100644
index 0000000..49aeebf
--- /dev/null
+++ b/test/times
@@ -0,0 +1,113 @@
+
+More number for the questions about SSL overheads....
+
+The following numbers were generated on a pentium pro 200, running linux.
+They give an indication of the SSL protocol and encryption overheads.
+
+The program that generated them is an unreleased version of ssl/ssltest.c
+which is the SSLeay ssl protocol testing program. It is a single process that
+talks both sides of the SSL protocol via a non-blocking memory buffer
+interface.
+
+How do I read this? The protocol and cipher are reasonable obvious.
+The next number is the number of connections being made. The next is the
+number of bytes exchanged bewteen the client and server side of the protocol.
+This is the number of bytes that the client sends to the server, and then
+the server sends back. Because this is all happening in one process,
+the data is being encrypted, decrypted, encrypted and then decrypted again.
+It is a round trip of that many bytes. Because the one process performs
+both the client and server sides of the protocol and it sends this many bytes
+each direction, multiply this number by 4 to generate the number
+of bytes encrypted/decrypted/MACed. The first time value is how many seconds
+elapsed doing a full SSL handshake, the second is the cost of one
+full handshake and the rest being session-id reuse.
+
+SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
+SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
+SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
+SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
+SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
+SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
+SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
+
+SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
+SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
+SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
+SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
+SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
+SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
+
+SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
+SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
+SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
+SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
+SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
+SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
+SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
+
+SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
+SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
+SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
+SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
+SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
+SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
+SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
+
+What does this all mean? Well for a server, with no session-id reuse, with
+a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
+a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
+about 49 connections a second. Reality will be quite different :-).
+
+Remeber the first number is 1000 full ssl handshakes, the second is
+1 full and 999 with session-id reuse. The RSA overheads for each exchange
+would be one public and one private operation, but the protocol/MAC/cipher
+cost would be quite similar in both the client and server.
+
+eric (adding numbers to speculation)
+
+--- Appendix ---
+- The time measured is user time but these number a very rough.
+- Remember this is the cost of both client and server sides of the protocol.
+- The TCP/kernal overhead of connection establishment is normally the
+ killer in SSL. Often delays in the TCP protocol will make session-id
+ reuse look slower that new sessions, but this would not be the case on
+ a loaded server.
+- The TCP round trip latencies, while slowing indervidual connections,
+ would have minimal impact on throughput.
+- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
+- the required number of bytes are processed.
+- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
+- A 512bit server key was being used except where noted.
+- No server key verification was being performed on the client side of the
+ protocol. This would slow things down very little.
+- The library being used is SSLeay 0.8.x.
+- The normal mesauring system was commands of the form
+ time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
+ This modified version of ssltest should be in the next public release of
+ SSLeay.
+
+The general cipher performace number for this platform are
+
+SSLeay 0.8.2a 04-Sep-1997
+built on Fri Sep 5 17:37:05 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
+The 'numbers' are in 1000s of bytes per second processed.
+type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
+md2 131.02k 368.41k 500.57k 549.21k 566.09k
+mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
+md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
+sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
+sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
+rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
+des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
+des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
+idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
+rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
+blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
+ sign verify
+rsa 512 bits 0.0100s 0.0011s
+rsa 1024 bits 0.0451s 0.0012s
+rsa 2048 bits 0.2605s 0.0086s
+rsa 4096 bits 1.6883s 0.0302s
+
