crawl, fixes

2025-12-19 16:50:56 +01:00 · 2025-12-19 16:50:56 +01:00 · f5145f80ea
commit f5145f80ea
parent 68435037e7
7 changed files with 326 additions and 58 deletions
--- a/README.md
+++ b/README.md
@ -158,6 +158,33 @@ sudo make install
 * https://www.haproxy.com/blog/state-of-ssl-stacks
 	* 2025
 	* OpenSSL
+* https://ieeexplore.ieee.org/abstract/document/5983970
+	* TLS and energy consumption on a mobile device: A measurement study
+	* 2011
+	* TLS
+	* Nokia phone
+* https://dspace.mit.edu/handle/1721.1/111861
+	* Energy-efficient protocols and hardware architectures for transport layer security
+	* 2017
+* https://dl.acm.org/doi/abs/10.1145/871506.871518
+	* Analyzing the energy consumption of security protocols
+	* 2003
+	* SSL
+* https://ieeexplore.ieee.org/abstract/document/1563998
+	* A study of the energy consumption characteristics of cryptographic algorithms and security protocols
+	* 2003
+	* SSL
+* https://ieeexplore.ieee.org/abstract/document/8598334
+	* Energy and Processing Demand Analysis of TLS Protocol in Internet of Things Applications
+	* 2016
+	* TLS
+* https://dl.acm.org/doi/10.1145/3345768.3355924
+	* A Comprehensive Empirical Analysis of TLS Handshake and Record Layer on IoT Platforms
+	* 2019
+	* IoT, TLS
+* https://hal.science/hal-04197885/document
+	* Empreinte carbone de la transmission de données sur le backbone RENATER
+	* 2021

 ## Sources

@ -290,11 +317,12 @@ sudo chmod +s /sbin/sa
 Install OpenSSL with debug symbols:

 ```bash
-#./Configure --release -g
 # Options from Debian build
 # Debian package libssl3t64 -> Developer Information -> buildd reproducibility -> trixie rbuild
 # https://tests.reproducible-builds.org/debian/rb-pkg/trixie/amd64/openssl.html
 /usr/bin/perl ./Configure --release -g --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/x86_64-linux-gnu shared no-idea no-mdc2 no-rc5 no-ssl3 no-ssl3-method enable-rfc3779 enable-cms no-capieng no-rdrand enable-tfo enable-zstd enable-zlib enable-fips enable-ec_nistp_64_gcc_128
+# Or, if OpenSSL 1.1:
+/usr/bin/perl ./Configure --release -g --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/x86_64-linux-gnu shared no-idea no-mdc2 no-rc5 no-ssl3 no-ssl3-method enable-rfc3779 enable-cms no-capieng no-rdrand enable-zlib enable-ec_nistp_64_gcc_128 linux-x86_64
 ```

 Backup your system's `libcrypto.so` and `libssl.so` and replace them with the new ones.
@ -330,3 +358,17 @@ Avant d'enregistrer le trafic, il faut observer les domaines utilisés puis gén
 CertVerify est l'extension dans le ServerHello qui signe la discussion passée avec la clé secrète du certificat.

 Il a fallu désactiver la réutilisation de session, qui en TLS1.3 passe par le PSK, pour pouvoir mesurer le CertVerify.
+
+## Size overhead and usage survey
+
+```bash
+openssl s_server -port 8000 -cert /dev/shm/exp/certs/prime256v1/wikipedia.org.crt -key /dev/shm/exp/certs/prime256v1/wikipedia.org.key
+curl https://wikipedia.org --tlsv1.3 --curves x25519 --connect-to wikipedia.org:443:127.0.0.1:8000 -k
+```
+
+Get the most used domains here https://www.akamai.com/fr/security-research/akarank
+
+```bash
+python crawler.py crawl /dev/shm/top1K.csv
+python crawler.py stat /dev/shm/crawl.json
+```