Iperf3/Iperf2 please support SSH/TLS encryption.

[okudayukiko]

NOTE: The iperf3 issue tracker is for registering bugs, enhancement requests, or submissions of code. It is not a means for asking questions about building or using iperf3. Those are best directed towards the iperf3 mailing list at iperf-dev@googlegroups.com or question sites such as Stack Overflow (http://www.stackoverflow.com/). A list of frequently-asked questions regarding iperf3 can be found at http://software.es.net/iperf/faq.html.

Context

• Version of iperf3:

• Hardware:

• Operating system (and distribution, if any): Windows 10 & Debian 10 Please note: iperf3 is supported on Linux, FreeBSD, and macOS. Support may be provided on a best-effort basis to other UNIX-like platforms. We cannot provide support for building and/or running iperf3 on Windows, iOS, or Android.

• Other relevant information (for example, non-default compilers, libraries, cross-compiling, etc.):

Please fill out one of the "Bug Report" or "Enhancement Request" sections, as appropriate.

Bug Report

• Expected Behavior Iperf3/Iperf2 please supports SSH/TLS encryption, like Rsync. This can test encryption performance. Rsync supports SSH with OpenSSH, and TLS with stunnel. See man rsync. Use scp -v -o UserKnownHostsFile=/dev/null /dev/zero root@localhost:/dev/null will return error.

• Actual Behavior

• Steps to Reproduce

• Possible Solution

Please submit patches or code changes as a pull request.

Enhancement Request

• Current behavior

• Desired behavior

• Implementation notes Windows 10 includes OpenSSH. https://winscp.net/eng/docs/guide_windows_openssh_server If submitting a proposed implementation of an enhancement request, please use the pull request mechanism.

[bmah888]

Including TLS support in iperf3 would be a pretty substantial undertaking, given that client programs use OpenSSL with a very different set of library calls, compared to standard sockets.

[okudayukiko]

Including TLS support in iperf3 would be a pretty substantial undertaking, given that client programs use OpenSSL with a very different set of library calls, compared to standard sockets.

TLS can select TLS 1.0-TLS 1.2 cipher and TLS 1.3 cipher. TLS can select CA, Cert, Key, TLS 1.2 ECDH Curve, TLS 1.3 ECDH Group, Verify Client Certificate, OpenSSL engine (especially rdrand). SSH can select Host Key, Key exchange, Cipher, MAC.

[okudayukiko]

Use SSH to encrypt iperf3 example: Server: iperf3 -s -p 5001 Client: ssh -R localhost:5001:server:5001 root@server iperf3 -c localhost -p 5001 (will return error) iperf3 -c 127.0.0.1 -p 5001 (OK) iperf3 -c 127.0.0.1 -p 5001 -R (OK)

[Mic92]

I added tls support to my fork of iperf: https://github.com/Mic92/iperf-3.7/commit/3ff810a4ab2939454e5c812b4a7218a1cdda2136 It is not doing any authentication is purely meant for benchmarking TLS performance. I don't have any intention on adding this upstream but you can see that not much code would be required to do so as openssl socket api aligns nicely with how iperf use it.

[TrekkieCoder]

I have a forked version of iperf with ssl/tls if anyone needs it.