go go cert length!!!

Author: DeagleGross

scenarios/tls.benchmarks.yml

@@ -131,6 +131,8 @@ scenarios:
   tls-handshakes-kestrel:
     application:
       job: kestrelServer
+      variables:
+        certPublicKeyLength: 2048
     load:
       job: httpclient
       variables:
@@ -144,8 +146,8 @@ scenarios:
     application:
       job: kestrelServer
       variables:
+        certPublicKeyLength: 2048
         mTLS: true
-        certValidationConsoleEnabled: false # only for debug purposes
     load:
       job: httpclient
       variables:
@@ -161,9 +163,9 @@ scenarios:
     application:
       job: kestrelServer
       variables:
+        certPublicKeyLength: 2048
         mTLS: false
         tlsRenegotiation: true
-        certValidationConsoleEnabled: false # only for debug purposes
     load:
       job: httpclient
       variables:

src/BenchmarksApps/TLS/HttpSys/Program.cs

@@ -12,6 +12,8 @@
 var tlsRenegotiationEnabled = bool.TryParse(builder.Configuration["tlsRenegotiation"], out var tlsRenegotiationEnabledConfig) && tlsRenegotiationEnabledConfig;
 var certPublicKeySpecified = int.TryParse(builder.Configuration["certPublicKeyLength"], out var certPublicKeyConfig);
 var certPublicKeyLength = certPublicKeySpecified ? certPublicKeyConfig : 2048;
+
+// endpoints
 var listeningEndpoints = builder.Configuration["urls"] ?? "https://localhost:5000/";
 var httpsIpPort = listeningEndpoints.Split(";").First(x => x.Contains("https")).Replace("https://", "");
 

src/BenchmarksApps/TLS/HttpSys/testCert.pfx

@@ -20,4 +20,17 @@
     </None>
   </ItemGroup>
 
+  <ItemGroup>
+    <Folder Include="certificates\" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Include="..\Certificates\2048\testCert-2048.pfx" Link="certificates\testCert-2048.pfx">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Include="..\Certificates\4096\testCert-4096.pfx" Link="certificates\testCert-4096.pfx">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
+
 </Project>

src/BenchmarksApps/TLS/Kestrel/Kestrel.csproj

@@ -19,6 +19,10 @@
 // behavioral
 var mTlsEnabled = bool.TryParse(builder.Configuration["mTLS"], out var mTlsEnabledConfig) && mTlsEnabledConfig;
 var tlsRenegotiationEnabled = bool.TryParse(builder.Configuration["tlsRenegotiation"], out var tlsRenegotiationEnabledConfig) && tlsRenegotiationEnabledConfig;
+var certPublicKeySpecified = int.TryParse(builder.Configuration["certPublicKeyLength"], out var certPublicKeyConfig);
+var certPublicKeyLength = certPublicKeySpecified ? certPublicKeyConfig : 2048;
+
+// endpoints
 var listeningEndpoints = builder.Configuration["urls"] ?? "https://localhost:5000/";
 var supportedTlsVersions = ParseSslProtocols(builder.Configuration["tlsProtocols"]);
 
@@ -49,8 +53,10 @@ void ConfigureListen(KestrelServerOptions serverOptions, IConfigurationRoot conf
 
         serverOptions.Listen(endpoint, listenOptions =>
         {
+            var certificatePath = Path.Combine("certificates", $"testCert-{certPublicKeyLength}.pfx");
+
             // [SuppressMessage("Microsoft.Security", "CSCAN0220.DefaultPasswordContexts", Justification="Benchmark code, not a secret")]
-            listenOptions.UseHttps("testCert.pfx", "testPassword", options =>
+            listenOptions.UseHttps(certificatePath, "testPassword", options =>
             {
                 if (supportedTlsVersions is not null)
                 {