OpenSSL’ s_time command simple and short tutorial – CPU user time versus real time

A succinct tutorial on s_time and the interpretation of its results

One can install OpenSSL and do a quick check with respect to the performance of a remote server. For instance: the s_time invocation will attempt to make as many connections for a specified period of time. The default period is 30 seconds but one can override that with the appropriate option (“-time”) in this case. With s_time, we can get the numbers of connections per second that are full handshakes as well as resumed handshakes. For details on what “handshake” implies, one could refer to other texts on the web such as the wikipedia page on “Secure Sockets Layer” that has a succinct explanation of the different flavors of handshakes including “resumed” handshakes. Please see the references section below for the link.

The key facet that would like to emphasize is that this command does not invoke the server through concurrent connections but it is sequential and attempts to extract the total time that X connections took in the time (default is 3o secs) specified. For instance, we infer from the run below that for “new” connections, the total number of connections made were 107 and the total time expended in those connections was 1.20 seconds (CPU user time). The test was run for around 30 seconds.

openssl s_time  -cipher 'RSA' -connect host:443 -CAfile chain.pem -www /

Collecting connection statistics for 30 seconds
Collecting connection statistics for 30 seconds

107 connections in 1.20s; 89.17 connections/user sec, bytes read 44298
107 connections in 31 real seconds, 414 bytes read per connection

Now timing with session id reuse.

126 connections in 0.07s; 1800.00 connections/user sec, bytes read 52164
126 connections in 31 real seconds, 414 bytes read per connection


From the snippet above, one can also realize that the in the “reuse” (session resumption) case, we see that the number of connections has increased to 126 and it can be extrapolated to 1800 connections per second. Please note that the rest of the 31 seconds, the program was busy in network IO etc.

Also note that if SSL session cache is not setup on the server then s_time will display the same result as for “new” connections. This command does not support RFC 5077: TLS Session Resumption without Server-Side State.


  • [Provides information on SSL / TLS handshakes]
  • [RFC on TLS Session Resumption without Server-Side State]

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">