Import of old SSLeay release: SSLeay 0.9.0b

14 files changed, 358 insertions, 32 deletions

diff --git a/test/CAssdh.cnf b/test/CAssdh.cnf
new file mode 100644
index 0000000..4e0a908
--- /dev/null
+++ b/test/CAssdh.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DH certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = CU
+countryName_value             = CU
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = La Junta de la Revolucion
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Junta
+
diff --git a/test/CAssdsa.cnf b/test/CAssdsa.cnf
new file mode 100644
index 0000000..a6b4d18
--- /dev/null
+++ b/test/CAssdsa.cnf
@@ -0,0 +1,23 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
diff --git a/test/CAssrsa.cnf b/test/CAssrsa.cnf
new file mode 100644
index 0000000..eb24a6d
--- /dev/null
+++ b/test/CAssrsa.cnf
@@ -0,0 +1,24 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - CA
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName              = Organization Name (eg, company)
+organizationName_value                = Hermanos Locos
+
+commonName                    = Common Name (eg, YOUR name)
+commonName_value              = Hermanos Locos CA
+
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index ee48d54..b3de767 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -13,7 +13,7 @@ MAKE=		make -f $(MAKEFILE)
 MAKEDEPEND=	makedepend -f$(MAKEFILE)
 
 PEX_LIBS=
-EX_LIBS= -lnsl -lsocket
+EX_LIBS= #-lnsl -lsocket
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
@@ -30,11 +30,15 @@ IDEATEST=	ideatest
 SHATEST=	shatest
 SHA1TEST=	sha1test
 MDC2TEST=	mdc2test
+RMDTEST=	rmdtest
 MD2TEST=	md2test
 MD5TEST=	md5test
-RC4TEST=	rc4test
+HMACTEST=	hmactest
 RC2TEST=	rc2test
+RC4TEST=	rc4test
+RC5TEST=	rc5test
 BFTEST=		bftest
+CASTTEST=	casttest
 DESTEST=	destest
 RANDTEST=	randtest
 DHTEST=		dhtest
@@ -42,20 +46,24 @@ DSATEST=	dsatest
 METHTEST=	methtest
 SSLTEST=	ssltest
 
-EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST)  $(RC4TEST) \
-	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RANDTEST) $(DHTEST) \
-	$(RC2TEST) $(BFTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
+EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
+	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+	$(RANDTEST) $(DHTEST) \
+	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
 
 # $(METHTEST)
 
-OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o  $(RC4TEST).o \
-	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o \
-	$(RANDTEST).o $(DHTEST).o \
-	$(RC2TEST).o $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
-SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(RC4TEST).c \
-	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c \
-	$(RANDTEST).c $(DHTEST).c \
-	$(RC2TEST).c $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
+OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
+SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
 
 EXHEADER= 
 HEADER=	$(EXHEADER)
@@ -84,8 +92,8 @@ tags:
 	ctags $(SRC)
 
 tests:	exe apps \
-	test_des test_idea test_sha test_md5 test_md2 test_mdc2 \
-	test_rc2 test_rc4 test_bf \
+	test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+	test_rc2 test_rc4 test_rc5 test_bf test_cast \
 	test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \
 	test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \
 	test_ss test_ssl test_ca
@@ -94,7 +102,7 @@ apps:
 	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
 
 test_des:
-	./$(DESTEST)
+	#./$(DESTEST)
 
 test_idea:
 	./$(IDEATEST)
@@ -109,18 +117,30 @@ test_mdc2:
 test_md5:
 	./$(MD5TEST)
 
+test_hmac:
+	./$(HMACTEST)
+
 test_md2:
 	./$(MD2TEST)
 
-test_rc2:
-	./$(RC2TEST)
+test_rmd:
+	./$(RMDTEST)
 
 test_bf:
 	./$(BFTEST)
 
+test_cast:
+	./$(CASTTEST)
+
+test_rc2:
+	./$(RC2TEST)
+
 test_rc4:
 	./$(RC4TEST)
 
+test_rc5:
+	./$(RC5TEST)
+
 test_rand:
 	./$(RANDTEST)
 
@@ -226,22 +246,33 @@ $(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
 $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
 	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
 	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
+$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
 $(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
 	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
diff --git a/test/Sssdsa.cnf b/test/Sssdsa.cnf
new file mode 100644
index 0000000..8e170a2
--- /dev/null
+++ b/test/Sssdsa.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
+
diff --git a/test/Sssrsa.cnf b/test/Sssrsa.cnf
new file mode 100644
index 0000000..8c79a03
--- /dev/null
+++ b/test/Sssrsa.cnf
@@ -0,0 +1,26 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# create RSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_key           = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = ES
+countryName_value             = ES
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Tortilleras S.A.
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Torti
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Gordita
diff --git a/test/certCA.srl b/test/certCA.srl
index f5c8955..2bbd69c 100644
--- a/test/certCA.srl
+++ b/test/certCA.srl
@@ -1 +1 @@
-32
+70
diff --git a/test/methtest.c b/test/methtest.c
index 55d1ac7..630d29d 100644
--- a/test/methtest.c
+++ b/test/methtest.c
@@ -1,5 +1,5 @@
 /* test/methtest.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
diff --git a/test/r160test.c b/test/r160test.c
new file mode 100644
index 0000000..a172e39
--- /dev/null
+++ b/test/r160test.c
@@ -0,0 +1,57 @@
+/* test/r160test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
diff --git a/test/riptest b/test/riptest
new file mode 100644
index 0000000..8685d0c
--- /dev/null
+++ b/test/riptest
diff --git a/test/testenc b/test/testenc
index 7bcf3d1..42db56c 100644
--- a/test/testenc
+++ b/test/testenc
@@ -34,7 +34,8 @@ for i in rc4 \
 	des-cbc des-ede-cbc des-ede3-cbc \
 	idea-ecb idea-cfb idea-ofb idea-cbc \
 	rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
-	bf-ecb bf-cfb bf-ofb bf-cbc
+	bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
+	cast5-ecb cast5-cfb cast5-ofb cast5-cbc
 do
 	echo $i
 	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
diff --git a/test/testkey.pem b/test/testkey.pem
index c8eba82..562e77c 100644
--- a/test/testkey.pem
+++ b/test/testkey.pem
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAK8j1FaU9b+TMyeiXGzIGJZ/Coj39v2v4a4NviCjWELm14fdcdg4
-3Q99LTLyvLDnq7sLQX4gOMaLM4rmGMgeuGsCAwEAAQJAAaFRvqSQTQIvvbSzK4gJ
-Qo1YKcI1GFNkxFv4YxFiJu0/LXaw9U/iDSlUdH15F6ezndqojovnn731Pmf7e08F
-MQIhAOCi7P0RtrV3O/KB0MYldxFOKNwp5lzH+um7jBq6oRw1AiEAx5fGT9fIFl6Z
-hXgWYy+eO8QPjEXDcLTgc5/VbE3o1h8CIBIre4nYxfOVqmaqM23jl+bxcIKmbPiy
-QExpnCKJWADFAiAL73CFb8LgS5HkoFS+Y6eTrVq8qaNRRw+w+lrZ2iLVQwIgRk40
-WRSH7Yv90rv1PpcQ4wxSnu3lfyFO1XZ/J1UxdfA=
+MIIBOgIBAAJBAMIvB0MXsW7gNKJp7/7fTjmd/vdXk51GcgIxergzS13i6nCAL+97
+vD7erU7M5s6kWCm4/U8Q6wcY7jwauiUO7iUCAwEAAQJBAIsOypCNYw8XmBnG64sF
+tysjrfbKzHcQf4x6intmoE42dSc1SkyJXvQiNcXaiS5bGBGrfRkabE8j4X9mmMd6
+S/ECIQD0YIYwjPYLDDJGa2kog42JSiEu15dAOcAJTsnhiHvKbwIhAMtrXLguHYKb
+ScrW/q8Uq+eRcMHwgbuBvnqmzAMln6qrAiAEctFehuJftxwfLgtfAm4MJr5N5PzK
+3YJCaR3BrkNanwIgNcJh9qr5UZMIpXq8RDkKVWCylA6jupJHbNK4B/zhfZECIB+9
+Is3OLPuWFJmk9eQcUaNQZJ5WwEBsaGQ12JeW7Kpe
 -----END RSA PRIVATE KEY-----
diff --git a/test/testreq.pem b/test/testreq.pem
index ebae21d..b20137b 100644
--- a/test/testreq.pem
+++ b/test/testreq.pem
@@ -2,8 +2,8 @@
 MIIBQjCB7QIBADCBhzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
 ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDET
 MBEGA1UEAxMKRXJpYyBZb3VuZzEfMB0GCSqGSIb3DQEJARYQZWF5QG1pbmNvbS5v
-ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvI9RWlPW/kzMnolxsyBiWfwqI
-9/b9r+GuDb4go1hC5teH3XHYON0PfS0y8ryw56u7C0F+IDjGizOK5hjIHrhrAgMB
-AAGgADANBgkqhkiG9w0BAQQFAANBAAJIIXcUJRF4IW0bTYoBAAWnvWNA6gl2lvNF
-OTkJTP7rQG0kdx/YNbBKAosMUUtEk38o2fzsv64jzXL8weUwoPM=
+ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCLwdDF7Fu4DSiae/+3045nf73
+V5OdRnICMXq4M0td4upwgC/ve7w+3q1OzObOpFgpuP1PEOsHGO48GrolDu4lAgMB
+AAGgADANBgkqhkiG9w0BAQQFAANBAItCGg8qCPSoASvm3QUx/6PpreQclDO0bM2l
+eacLlzSHBUvaSqapR/pHfHG2r9l6PuEr/rrYHo+ZrAraSyPhEBc=
 -----END CERTIFICATE REQUEST-----
diff --git a/test/times b/test/times
new file mode 100644
index 0000000..49aeebf
--- /dev/null
+++ b/test/times
@@ -0,0 +1,113 @@
+
+More number for the questions about SSL overheads....
+
+The following numbers were generated on a pentium pro 200, running linux.
+They give an indication of the SSL protocol and encryption overheads.
+
+The program that generated them is an unreleased version of ssl/ssltest.c
+which is the SSLeay ssl protocol testing program.  It is a single process that
+talks both sides of the SSL protocol via a non-blocking memory buffer
+interface.
+
+How do I read this?  The protocol and cipher are reasonable obvious.
+The next number is the number of connections being made.  The next is the
+number of bytes exchanged bewteen the client and server side of the protocol.
+This is the number of bytes that the client sends to the server, and then
+the server sends back.  Because this is all happening in one process,
+the data is being encrypted, decrypted, encrypted and then decrypted again.
+It is a round trip of that many bytes.  Because the one process performs
+both the client and server sides of the protocol and it sends this many bytes
+each direction, multiply this number by 4 to generate the number
+of bytes encrypted/decrypted/MACed.  The first time value is how many seconds
+elapsed doing a full SSL handshake, the second is the cost of one
+full handshake and the rest being session-id reuse.
+
+SSLv2 RC4-MD5      1000 x      1   12.83s   0.70s
+SSLv3 NULL-MD5     1000 x      1   14.35s   1.47s
+SSLv3 RC4-MD5      1000 x      1   14.46s   1.56s
+SSLv3 RC4-MD5      1000 x      1   51.93s   1.62s 1024bit RSA
+SSLv3 RC4-SHA      1000 x      1   14.61s   1.83s
+SSLv3 DES-CBC-SHA  1000 x      1   14.70s   1.89s
+SSLv3 DES-CBC3-SHA 1000 x      1   15.16s   2.16s
+
+SSLv2 RC4-MD5      1000 x   1024   13.72s   1.27s
+SSLv3 NULL-MD5     1000 x   1024   14.79s   1.92s
+SSLv3 RC4-MD5      1000 x   1024   52.58s   2.29s 1024bit RSA
+SSLv3 RC4-SHA      1000 x   1024   15.39s   2.67s
+SSLv3 DES-CBC-SHA  1000 x   1024   16.45s   3.55s
+SSLv3 DES-CBC3-SHA 1000 x   1024   18.21s   5.38s
+
+SSLv2 RC4-MD5      1000 x  10240   18.97s   6.52s
+SSLv3 NULL-MD5     1000 x  10240   17.79s   5.11s
+SSLv3 RC4-MD5      1000 x  10240   20.25s   7.90s
+SSLv3 RC4-MD5      1000 x  10240   58.26s   8.08s 1024bit RSA
+SSLv3 RC4-SHA      1000 x  10240   22.96s  11.44s
+SSLv3 DES-CBC-SHA  1000 x  10240   30.65s  18.41s
+SSLv3 DES-CBC3-SHA 1000 x  10240   47.04s  34.53s
+
+SSLv2 RC4-MD5      1000 x 102400   70.22s  57.74s
+SSLv3 NULL-MD5     1000 x 102400   43.73s  31.03s
+SSLv3 RC4-MD5      1000 x 102400   71.32s  58.83s
+SSLv3 RC4-MD5      1000 x 102400  109.66s  59.20s 1024bit RSA
+SSLv3 RC4-SHA      1000 x 102400   95.88s  82.21s
+SSLv3 DES-CBC-SHA  1000 x 102400  173.22s 160.55s
+SSLv3 DES-CBC3-SHA 1000 x 102400  336.61s 323.82s
+
+What does this all mean?  Well for a server, with no session-id reuse, with
+a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
+a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
+about 49 connections a second.  Reality will be quite different :-).
+
+Remeber the first number is 1000 full ssl handshakes, the second is
+1 full and 999 with session-id reuse.  The RSA overheads for each exchange
+would be one public and one private operation, but the protocol/MAC/cipher
+cost would be quite similar in both the client and server.
+
+eric (adding numbers to speculation)
+
+--- Appendix ---
+- The time measured is user time but these number a very rough.
+- Remember this is the cost of both client and server sides of the protocol.
+- The TCP/kernal overhead of connection establishment is normally the
+  killer in SSL.  Often delays in the TCP protocol will make session-id
+  reuse look slower that new sessions, but this would not be the case on
+  a loaded server.
+- The TCP round trip latencies, while slowing indervidual connections,
+  would have minimal impact on throughput.
+- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
+- the required number of bytes are processed.
+- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
+- A 512bit server key was being used except where noted.
+- No server key verification was being performed on the client side of the
+  protocol.  This would slow things down very little.
+- The library being used is SSLeay 0.8.x.
+- The normal mesauring system was commands of the form
+  time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
+  This modified version of ssltest should be in the next public release of
+  SSLeay.
+
+The general cipher performace number for this platform are
+
+SSLeay 0.8.2a 04-Sep-1997
+built on Fri Sep  5 17:37:05 EST 1997
+options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
+C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized 
+The 'numbers' are in 1000s of bytes per second processed.
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+md2               131.02k      368.41k      500.57k      549.21k      566.09k
+mdc2              535.60k      589.10k      595.88k      595.97k      594.54k
+md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k
+sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k
+sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k
+rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k
+des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k
+des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k
+idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k
+rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k
+blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k
+                  sign    verify
+rsa  512 bits   0.0100s   0.0011s
+rsa 1024 bits   0.0451s   0.0012s
+rsa 2048 bits   0.2605s   0.0086s
+rsa 4096 bits   1.6883s   0.0302s
+