Differences between revisions 7 and 12 (spanning 5 versions)
Revision 7 as of 2019-11-11 02:51:17
Size: 1097
Editor: PieterSmit
Comment:
Revision 12 as of 2020-01-21 03:12:13
Size: 1588
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
 * Links [[security/ssl]] , [[easy-rsa]] , [[LetsEncrypt]]  * Links [[security/ssl]] , [[LinuxCurl]], [[easy-rsa]] , [[LetsEncrypt]]
Line 4: Line 4:
 * Online check cert + chain: https://tools.keycdn.com/ssl
Line 12: Line 13:
=== OpenSSL retrieve url ===
 * retrieve url, e.g. /healthz, note -ign_eof to wait for more input from echo {{{
time echo -e "GET /healthz HTTP/1.1\r\nConnection: close\r\nHost: pieter\r\n\r\n" | openssl s_client -ign_eof -connect 172.24.0.3:443
}}}
Line 14: Line 19:
openssl s_time -connect bactracker-dev.9spokes.io:443 -www "/welcome/"
openssl s_time -connect bactracker-dev.9spokes.io:443 -www /
 * speed testing {{{
openssl s_time -connect 172.17.0.2:443 -www "/welcome/"
openssl s_time -connect 172.17.0.2:443 -www /
Line 17: Line 23:
curl -s -w 'Testing Website Response Time for :%{url_effective}\n\nLookup Time:\t\t%{time_namelookup}\nConnect Time:\t\t%{time_connect}\nPre-transfer Time:\t%{time_pretransfer}\nStart-transfer Time:\t%{time_starttransfer}\n\nTotal Time:\t\t%{time_total}\n' -o /dev/null https://bactracker-dev.9spokes.io
curl -s -w 'Testing Website Response Time for :%{url_effective}\n\nLookup Time:\t\t%{time_namelookup}\nConnect Time:\t\t%{time_connect}\nPre-transfer Time:\t%{time_pretransfer}\nStart-transfer Time:\t%{time_starttransfer}\n\nTotal Time:\t\t%{time_total}\n' -o /dev/null https://172.17.0.2
}}}
 * slow {{{
Line 22: Line 28:
}}}
 * fast {{{
30821 connections in 8.14s; 3786.36 connections/user sec, bytes read 6749799
30821 connections in 31 real seconds, 219 bytes read per connection
}}}

OpenSSL Linux command line ssl tool

Verify a web server certificate

  • openssl s_client -showcerts -connect my.test.com:443
    • Output should end on "Verify return code: 0 (ok)"
    • As of 2017 the TLS Protocol should be TLSv1.2 at least.
  • For sni you can add -servername xyz.test.com

OpenSSL retrieve url

  • retrieve url, e.g. /healthz, note -ign_eof to wait for more input from echo

    time echo -e "GET /healthz HTTP/1.1\r\nConnection: close\r\nHost: pieter\r\n\r\n" | openssl s_client -ign_eof  -connect 172.24.0.3:443

SSL speed testing

  • speed testing

    openssl s_time -connect 172.17.0.2:443 -www "/welcome/"
    openssl s_time -connect 172.17.0.2:443 -www /
    
    curl -s -w 'Testing Website Response Time for :%{url_effective}\n\nLookup Time:\t\t%{time_namelookup}\nConnect Time:\t\t%{time_connect}\nPre-transfer Time:\t%{time_pretransfer}\nStart-transfer Time:\t%{time_starttransfer}\n\nTotal Time:\t\t%{time_total}\n' -o /dev/null https://172.17.0.2
  • slow

    231 connections in 0.29s; 796.55 connections/user sec, bytes read 57981
    231 connections in 31 real seconds, 251 bytes read per connection
  • fast

    30821 connections in 8.14s; 3786.36 connections/user sec, bytes read 6749799
    30821 connections in 31 real seconds, 219 bytes read per connection

httping

Linux/OpenSSL (last edited 2022-11-05 02:33:49 by PieterSmit)