measuring TLS handshake performance time in python

Question

I have a simple script that performs a TLS handshake in python in a similar way to the following way in their documentation:

import socket, ssl

context = ssl.SSLContext()
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_default_certs()

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = context.wrap_socket(s, server_hostname='www.verisign.com')
ssl_sock.connect(('www.verisign.com', 443))

I want to measure the time that a TLS handshake takes. So I assume starting a timer before the connect function, and subtract the elapsed time as follows will do the job:

start = time.process_time()
sslSocket.connect((domainName, 443))
perfTime = time.process_time() - start

I looked at the connect documentation, and this is what it says:

Connect to a remote socket at address. (The format of address depends on the address family — see above.) If the connection is interrupted by a signal, the method waits until the connection completes, or raise a socket.timeout on timeout, if the signal handler doesn’t raise an exception and the socket is blocking or has a timeout. For non-blocking sockets, the method raises an InterruptedError exception if the connection is interrupted by a signal (or the exception raised by the signal handler).

My question is: does the connect function in my code performs a TLS handshake? This is what I want to measure the performance for: The TLS handshake. connect is a TCP level, but I wrapped the socket in a TLS Context. Please, clarify to me how to measure TLS handshake performance in my simple code?

Answer 1

Try this:

ssl_sock = context.wrap_socket(s, do_handshake_on_connect=False)

Then, perform SSL handshake manually:

...
ssl_sock.connect(('www.verisign.com', 443))
start = time.process_time()
ssl_sock.do_handshake()
perfTime = time.process_time() - start
print("Handshaking time " + perfTime)