Add examples/benchmark/dtls_bench, a DTLS throughput benchmark that completes a handshake and then measures bulk-send throughput. It supports DTLS 1.2 and 1.3, selectable cipher suites, an end-to-end mode, and a -z sink mode that discards records on the server after the handshake to isolate the sender's record-layer cost. The socket is set up with wolfSSL_set_dtls_fd_connected. Optimize the send path exercised by the benchmark: - wolfio (EmbedSendTo): cache the per-descriptor socket-type probe (getsockopt SO_TYPE) in WOLFSSL_DTLS_CTX instead of running it on every send, removing a syscall from the record send path. The cache is invalidated whenever rfd/wfd is reassigned. - internal (BuildMessage): for AEAD suites whose explicit nonce is the 8-byte record sequence number, write the sequence number directly as nonce_explicit instead of drawing it from the RNG. This covers AES-GCM (RFC 5288 sec 3), AES-CCM (RFC 6655 sec 3), SM4-GCM/CCM (RFC 8998 sec 3), and Camellia-/ARIA-GCM which inherit the RFC 5288 construction; ChaCha20 uses an implicit nonce and is excluded. A new read-only PeekSEQ() helper reads the sequence number without advancing the per-direction counter, leaving the single mandated increment to writeAeadAuthData(). Also ignore the built dtls_bench binary in .gitignore.
wolfSSL examples directory
client and server
These directories contain a client (client.c) and server (server.c) that utilize a variety of the wolfSSL library's capabilities. The manner in which both programs operate can depend on the configure or can be specified at run-time depending on the end goal. Both applications contain testing as well as benchmarking code.
Compile
./configure
make
Usage
./examples/server/server
./examples/client/client
Run ./examples/server/server -h and ./examples/client/client -h for usage details.
For simpler wolfSSL TLS server/client examples, visit https://github.com/wolfSSL/wolfssl-examples/tree/master/tls
echoclient and echoserver
These directories contain a client (echoclient.c) and server (echoserver.c) that establish a connection encrypted by wolfSSL. Like the names indicate, once the connection has been established any messages entered into echoclient are sent to and displayed on the echoserver and are then echoed back to echoclient. The nature of the encryption, as well as additional behavior of the two programs, depends on how wolfSSL was configured ( DTLS enabled/disabled, Filesystem enabled/disabled, etc ... ).
Compile
./configure
make
Usage
./examples/echoserver/echoserver
./examples/echoclient/echoclient
benchmark
The benchmark directory offers an application that can help you grasp just how well wolfSSL's TLS functionality is performing on your local machine.
Compile
./configure
make
Usage
./examples/benchmark/tls_bench
The tls_bench executable can also be compiled separately with gcc -lwolfssl -lpthread -o tls_bench tls_bench.c.
Run ./examples/benchmark/tls_bench -? for usage details.
sctp
This directory contains servers and clients that demonstrate wolfSSL's DTLS-SCTP support.
Compile
./configure --enable-sctp
make
Usage
./examples/sctp/sctp-server
./examples/sctp/sctp-client
and
./examples/sctp/sctp-server-dtls
./examples/sctp/sctp-client-dtls
configs
This directory contains example wolfSSL configuration file templates for use when autoconf is not available, such as building with a custom IDE.
See configs/README.md for more details.
asn1
This directory contains an example that prints the ASN.1 data of a BER/DER or PEM encoded file. Configure wolfSSL with --enable-asn-print.
pem
This directory contains an example of converting to/from PEM and DER. Configure wolfSSL with --enable-coding