apache 如何使用 ApacheBench 修复“ssl 握手失败”?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/189993/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I fix "ssl handshake failed" with ApacheBench?
提问by
When I use ApacheBench to test https, the error is returned, "ssl handshake failed".
当我使用 ApacheBench 测试 https 时,返回错误,“ssl 握手失败”。
How can I use ApacheBench to test https?
如何使用 ApacheBench 测试 https?
回答by naugtur
ApacheBench doesn't seem to be capable of ignoring certificate problems (at least some of them) so I wrote this script:
ApacheBench 似乎无法忽略证书问题(至少其中一些),所以我写了这个脚本:
#!/bin/bash
K=200;
HTTPSA='https://192.168.1.103:443/'
date +%M-%S-%N>wgetres.txt
for (( c=1; c<=$K; c++ ))
do
wget --no-check-certificate --secure-protocol=SSLv3 --spider $HTTPSA
done
date +%M-%S-%N>>wgetres.txt
It's not as precise as AB, but gives the idea. Does well in comparison tests.
它不像AB那样精确,但给出了想法。在对比测试中表现良好。
回答by comb
httperfis also single threaded, but as of today (Aug 31, 2012), it correctly handles SSL and even has a some useful additional features surrounding SSL:
httperf也是单线程的,但截至今天(2012 年 8 月 31 日),它可以正确处理 SSL,甚至还有一些围绕 SSL 的有用附加功能:
--ssl Specifies that all communication between httperf and the server should utilize the Secure Sockets Layer (SSL) protocol. This option is available only if httperf was compiled with SSL supa port enabled. --ssl-ciphers=L This option is only meaningful if SSL is in use (see --ssl option). This option specifies the list L of cipher suites that httperf may use in negotiating a secure connection with the server. If the list contains more than one cipher suite, the ciphers must be separated by a colon. If the server does not accept any of the listed cipher suites, the connection estaba lishment will fail and httperf will exit immediately. If this option is not specified when the --ssl option is present then httperf will use all of the SSLv3 cipher suites provided by the underlying SSL library. --ssl-no-reuse This option is only meaningful if SSL and sessions are in use (see --ssl, --wsess, --wsesslog). When an SSL connection is established the client receives a session identifier (session id) from the server. On subsequent SSL connections, the client normally reuses this session id in order to avoid the expense of repeating the (slow) SSL handshake to establish a new SSL sesa sion and obtain another session id (even if the client attempts to re-use a session id, the server may force the client to renea gotiate a session). By default httperf reuses the session id across all connections in a session. If the --ssl-no-reuse option is in effect, then httperf will not reuse the session id, and the entire SSL handshake will be performed for each new cona nection in a session.
--ssl Specifies that all communication between httperf and the server should utilize the Secure Sockets Layer (SSL) protocol. This option is available only if httperf was compiled with SSL supa port enabled. --ssl-ciphers=L This option is only meaningful if SSL is in use (see --ssl option). This option specifies the list L of cipher suites that httperf may use in negotiating a secure connection with the server. If the list contains more than one cipher suite, the ciphers must be separated by a colon. If the server does not accept any of the listed cipher suites, the connection estaba lishment will fail and httperf will exit immediately. If this option is not specified when the --ssl option is present then httperf will use all of the SSLv3 cipher suites provided by the underlying SSL library. --ssl-no-reuse This option is only meaningful if SSL and sessions are in use (see --ssl, --wsess, --wsesslog). When an SSL connection is established the client receives a session identifier (session id) from the server. On subsequent SSL connections, the client normally reuses this session id in order to avoid the expense of repeating the (slow) SSL handshake to establish a new SSL sesa sion and obtain another session id (even if the client attempts to re-use a session id, the server may force the client to renea gotiate a session). By default httperf reuses the session id across all connections in a session. If the --ssl-no-reuse option is in effect, then httperf will not reuse the session id, and the entire SSL handshake will be performed for each new cona nection in a session.
