s_time.1s

openssl s_time [options] host:port

-connect host:port
    Specifies the target host and port to connect to. This is typically the first argument after options.

-time seconds
    Specifies the duration, in seconds, for which the test should run. The default is 30 seconds.

-new
    Forces a new SSL/TLS handshake for each connection established. This measures the cost of initial handshakes.

-reuse
    After the first full handshake, subsequent connections attempt to reuse the SSL session ID. This measures the cost of session resumption.

-bytes num
    Specifies the number of bytes to send and receive over the SSL/TLS connection after the handshake is complete. Useful for measuring data transfer performance.

-ssl2 | -ssl3 | -tls1_2 | -tls1_3
    Forces the use of a specific SSL/TLS protocol version for the connection.

-cipher string
    Specifies the cipher suite or list of cipher suites to be used for the connection.

-cert file
    Specifies the client certificate file in PEM format for client authentication.

-key file
    Specifies the client private key file in PEM format corresponding to the certificate.

-verify level
    Sets the server certificate verification level. A value of 1 enables verification.

-CAfile file
    Specifies a file containing trusted CA certificates in PEM format for server certificate verification.

-CApath directory
    Specifies a directory containing trusted CA certificates in PEM format for server certificate verification.

-mr
    Outputs results per connection rather than accumulated statistics.

-www
    After the SSL/TLS handshake, sends a simple HTTP GET request to the server and prints the response. Implies -bytes.

The s_time utility is a command-line tool within the OpenSSL project designed to benchmark the performance of SSL/TLS handshakes and optional data transfer. It connects to a specified server, performs an SSL/TLS handshake, and can optionally send and receive data. The primary goal is to measure the rate at which a client can establish secure connections and transfer data over them. It reports various metrics such as the number of connections established, the total bytes transferred, and the real, user, and system times taken for the operations. This tool is invaluable for administrators and developers to assess the cryptographic overhead of their services, compare the performance of different cipher suites or protocol versions, and identify potential bottlenecks in their SSL/TLS configurations. It can be used for both new handshakes and session resumption scenarios.

Results obtained from s_time can be influenced by various factors beyond the cryptographic operations themselves, including network latency, server load, client machine specifications, and operating system overhead. It measures the client-side perspective of performance and might not fully represent server-side capacity under high concurrency. It is generally recommended to run such benchmarks on dedicated test environments with stable network conditions to get reliable and comparable results. This tool is primarily for benchmarking the SSL/TLS stack, not for general HTTP/application performance testing.

s_time is commonly used for:
1. Benchmarking the performance impact of different SSL/TLS protocol versions (e.g., TLS 1.2 vs. TLS 1.3).
2. Comparing the efficiency of various cipher suites.
3. Assessing the overhead of client certificate authentication.
4. Measuring the benefit of SSL/TLS session resumption on handshake performance.
5. Quickly testing the responsiveness of an SSL/TLS enabled service from a client perspective.

The output of s_time typically includes:
connections: The total number of successful SSL/TLS handshakes completed.
bytes data read: Total bytes of application data received (if -bytes or -www is used).
bytes data written: Total bytes of application data sent (if -bytes or -www is used).
real time: The wall-clock time elapsed during the test.
user time: CPU time spent in user mode.
sys time: CPU time spent in kernel mode.
connections per second: A key metric indicating the rate of handshakes.
bytes per second: A key metric indicating the data transfer rate.

High connections per second indicate efficient handshake establishment, while high bytes per second indicate good data throughput after the handshake. Comparing real, user, and sys times can help identify where the processing time is spent.

The s_time utility is an integral part of the OpenSSL command-line toolkit, which originated from the SSLeay project in 1995. While specific version numbers for the introduction or major overhauls of s_time itself are not always explicitly documented in general release notes, its functionality has evolved alongside the OpenSSL library, incorporating support for new TLS versions (like TLS 1.2 and TLS 1.3) and cryptographic algorithms. It has consistently served as a fundamental tool for benchmarking the cryptographic performance of SSL/TLS implementations within the OpenSSL ecosystem.

openssl(1), ssl(3), ciphers(1), openssl-speed(1)