elfranne
commented
3 years ago This does not work with TLS 1.3. Previous to TLS 1.3 uses SSL_CTX_set_cipher_list but 1.3 uses SSL_CTX_set_ciphersuites.
So my idea is now to detect the TLS protocol using SSL_CIPHER_get_protocol_id but I am not sure if that is the right way to do it...
Also how can you get the protocol when some ciphers are compatible with multiple TLS versions ? Like ECDHE-RSA-AES128-SHA is compatible the 3 first iteration of TLS ...
All credits are to @jayce from its PR in 2016 : https://github.com/wg/wrk/pull/220 .
So you can specify the cipher you want to test with -z. The cipher format is openssl (and not IANA).
wrk -t4 -c100 -d3s -R2000 -z AES256-GCM-SHA384 https://example.com