Preparing the TLS Testing Environment - crt26/PQC-LEO GitHub Wiki
Before running any tests, ensure your environment is correctly configured for either single-machine or two-machine testing. This includes opening required TCP ports in your firewall and generating the necessary TLS certificates and private keys.
Control Ports and Firewall Setup for Testing
The benchmarking tool uses several TCP ports to coordinate communication between the server and client machines and to run TLS handshake tests. This applies to both single-machine and two-machine setups, so the necessary ports must be open and accessible. For TLS handshake testing to function correctly, the system must allow communication on these ports. These requirements apply to both local (localhost) and remote configurations.
Please make sure your firewall allows traffic on the following ports:
| Port Usage | Default TCP Port |
|---|---|
| Server Control TCP Port | 25000 |
| Client Control TCP Port | 25001 |
| OpenSSL S_Server TCP Port | 4433 |
If the default TCP ports are unsuitable for your environment, please see the Advanced TLS Testing Customisation page for further instructions on configuring custom TCP ports.
Generating Required Certificates and Private Keys
To perform the TLS handshake performance tests, the server certificate and private-key files must first be generated. The generated keys and certificates will be saved to the test_data/keys directory in the project root. This can be done by executing the following command from within the scripts/testing_scripts directory:
./tls_generate_keys.sh
If you're testing across two machines, copy the entire keys directory to the second machine before proceeding.