Print certificate#
openssl x509 -in cert.pem -noout -text
#list all available ciphers
openssl ciphers -v
# list only TLSv1 ciphers
openssl ciphers -v -tls1
# list only high encryption ciphers (keys larger than 128 bits)
openssl ciphers -v 'HIGH'
# list only high encryption ciphers using the AES algorithm
openssl ciphers -v 'AES+HIGH'
# global test
openssl speed
# test rsa speeds
openssl speed rsa
# do the same test on a two-way SMP system
openssl speed rsa -multi 2
Benchmark remote connections#
# retrieve remote test.html page using only new sessions
openssl s_time -connect remote.host:443 -www /test.html -new
# similar, using only SSL v3 and high encryption (see
# ciphers(1) man page for cipher strings)
openssl s_time \
-connect remote.host:443 -www /test.html -new \
-ssl3 -cipher HIGH
# compare relative performance of various ciphers in
# 10-second tests
IFS=":"
for c in $(openssl ciphers -ssl3 RSA); do
echo $c
openssl s_time -connect remote.host:443 \
-www / -new -time 10 -cipher $c 2>&1 | \
grep bytes
echo
done
Generate a self-signed certificate#
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
Get server certificate#
openssl s_client -showcerts -servername www.example.com -connect google.com:443 </dev/null