Preparing the TLS Testing Environment - crt26/pqc-evaluation-tools GitHub Wiki
Preparing the Testing Environment
Before running any tests, it is crucial to ensure the necessary setup steps for your planned testing environment (single-machine/two-machine configuration) have been performed. This includes allowing required ports through your firewall and generating test server certificates and private-keys.
Control Ports and Firewall Setup for Testing
The benchmarking tool uses several TCP ports to coordinate communication between the server and client machines and to run TLS handshake tests. This applies to both single-machine and two-machine setups, so the necessary ports must be open and accessible. For TLS handshake testing to function correctly, the system must allow communication on these ports. These requirements apply to both local (localhost) and remote configurations.
Please make sure your firewall allows traffic on the following ports:
| Port Usage | Default TCP Port |
|---|---|
| Server Control TCP Port | 25000 |
| Client Control TCP Port | 25001 |
| OpenSSL S_Server TCP Port | 4433 |
If the default TCP ports are unsuitable for your environment, please see the Advanced Testing Customisation section for further instructions on configuring custom TCP ports.
Generating Required Certificates and Private Keys
To perform the TLS handshake performance tests, the server certificate and private-key files must first be generated. The generated keys and certificates will be saved to the test-data/keys directory in the project root. This can be done by executing the following command from within the scripts/testing-scripts directory:
./oqsprovider-generate-keys.sh
If you're testing across two machines, copy the entire keys directory to the second machine before proceeding.