Testing SSL/TLS handshake latency using ssl-handshake

Puru Tuladhar
2 min readDec 26, 2021

--

ssl-handshake — A command-line tool for testing SSL/TLS handshake latency, written in Go.

  • TCP handshake latency
  • SSL/TLS handshake latency
  • Display statistics
  • Configurable endpoint port, handshake interval, timeout and count
Fig: ssl-handshake in action

What is an SSL/TLS Handshake?

An SSL/TLS handshake is the process that kicks off a communication session between client and server that uses TLS encryption. During a TLS handshake, the two communicating sides exchange messages to acknowledge each other, verify each other, establish the encryption algorithms they will use, and agree on session keys. TLS handshakes are a foundational part of how HTTPS works and it is defined in RFC 8446 (for TLS 1.3) or in RFC 5246 (for TLS 1.2).

TLS handshakes occur after a TCP connection has been opened via a TCP handshake.

Fig: How SSL/TLS Handshake Works
Fig: SSL/TLS handshake packets captured with Wireshark.

Docker Image

Docker image is publicly available at DockerHub: https://hub.docker.com/r/ptuladhar/ssl-handshake

Run ssl-handshake as Docker container:

docker run — rm ptuladhar/ssl-handshake -c 5 tuladhar.github.io:443

You can also alias ssl-handshake, for ease of use:

alias ssl-handshake="docker run — rm ptuladhar/ssl-handshake"
ssl-handshake tuladhar.github.com:443

Install Binary

Binary is available for Linux, Windows, and Mac OS (amd64 and arm64). Download the binary for your respective platform from the releases page.

Linux:

$ curl -sSLO https://github.com/tuladhar/ssl-handshake/releases/download/v1.5.2/ssl-handshake-v1.5.2-linux-amd64.tar.gz$ tar zxf ssl-handshake-v1.5.2-linux-amd64.tar.gz$ sudo install -m 0755 ssl-handshake /usr/local/bin/ssl-handshake

macOS (Intel):

$ curl -sSLO https://github.com/tuladhar/ssl-handshake/releases/download/v1.5.2/ssl-handshake-v1.5.2-darwin-amd64.tar.gz$ tar zxf ssl-handshake-v1.5.2-darwin-arm64.tar.gz$ sudo install -m 0755 ssl-handshake /usr/local/bin/ssl-handshake

macOS (Apple Silicon):

$ curl -sSLO https://github.com/tuladhar/ssl-handshake/releases/download/v1.5.2/ssl-handshake-v1.5.2-darwin-arm64.tar.gz$ tar zxf ssl-handshake-v1.5.2-darwin-arm64.tar.gz$ sudo install -m 0755 ssl-handshake /usr/local/bin/ssl-handshake

Windows:

$ curl -sSLO https://github.com/tuladhar/ssl-handshake/releases/download/v1.5.2/ssl-handshake-v1.5.2-windows-amd64.zip$ unzip ssl-handshake-v1.5.2-windows-amd64.zip

Development

If you wish to contribute or compile from source code, you’ll first need Go installed on your machine. Go version 1.17+ is required. Currently, there are no dependencies on third-party modules.

$ git clone https://github.com/tuladhar/ssl-handshake
$ cd ssl-handshake
$ go build

--

--

Puru Tuladhar

3x AWS Certified | 2x Kubernetes Certified | DevOps | Kubernetes | Security | Cloud Solution Architect | Author