diff --git a/bench/README.md b/bench/README.md
new file mode 100644
index 00000000000000..464090415c4710
--- /dev/null
+++ b/bench/README.md
@@ -0,0 +1 @@
+# TODO
diff --git a/bench/benchmarks.py b/bench/benchmarks.py
new file mode 100644
index 00000000000000..392d61846a0e79
--- /dev/null
+++ b/bench/benchmarks.py
@@ -0,0 +1,81 @@
+import csv
+import hashlib
+import multiprocessing
+import socket
+import ssl
+import time
+
+
+HOSTNAME = "127.0.0.1"
+SERVER_PORT = 4433
+
+HASHES = [
+    "md5",
+    "sha1",
+    "sha256",
+    "sha384",
+    "sha512",
+    "sha3_256",
+    "sha3_384",
+    "sha3_512",
+]
+
+
+def main():
+    server = multiprocessing.Process(target=start_server, daemon=True)
+    server.start()
+    time.sleep(0.5)  # the server takes a little time to get going.
+    print(f"OPENSSL VERSION: {ssl.OPENSSL_VERSION}")
+    print(f"{'ALGO':^10} {'SIZE (B)':^10} {'TIME (s)':^20}")
+    print(f"{'====':^10} {'========':^10} {'========':^20}")
+    for size in 0, 1024, 1024**2:
+        times = [run_client(size) for _ in range(1000)]
+        print(f"{'TLS':<10} {size:<10} {sum(times)/len(times):<20}")
+    for h in HASHES:
+        for size in 8, 1024, 1024**2:
+            times = [do_hash(h, size) for _ in range(1000)]
+            print(f"{h:<10} {size:<10} {sum(times)/len(times):<20}")
+    print()
+
+
+def do_hash(h: str, size: int) -> int:
+    start = time.time()
+    digest = hashlib.new(h)
+    digest.update(b"X" * size)
+    digest.digest()
+    end = time.time()
+    return end - start
+
+
+def run_client(size: int) -> int:
+    ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+    ctx.load_verify_locations("./bench/certs/CA.crt")
+    ctx.check_hostname = False
+    start = time.time()
+    with ctx.wrap_socket(socket.socket(socket.AF_INET)) as conn:
+        conn.connect((HOSTNAME, SERVER_PORT))
+        if size > 0:
+            conn.sendall(b"X" * size)
+    end = time.time()
+    return end - start
+
+
+def start_server():
+    ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    ctx.load_cert_chain("./bench/certs/server.crt", "./bench/certs/server.key")
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as sock:
+        sock.bind((HOSTNAME, SERVER_PORT))
+        sock.listen()
+        with ctx.wrap_socket(sock, server_side=True) as ssock:
+            while True:
+                try:
+                    conn, addr = ssock.accept()
+                except ssl.SSLEOFError:
+                    continue
+                data = conn.recv(1024)
+                while data:
+                    data = conn.recv(1024)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/bench/certs/CA.crt b/bench/certs/CA.crt
new file mode 100644
index 00000000000000..195e5c10065f0f
--- /dev/null
+++ b/bench/certs/CA.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBljCCATugAwIBAgIUUlYFwDn054PXqbIMrrSUQ6HU8MowCgYIKoZIzj0EAwIw
+IDEeMBwGA1UEAwwVT1FTIHRlc3QgZWNkc2FwMjU2IENBMB4XDTIzMTIxMjE3MDkw
+MVoXDTI0MTIxMTE3MDkwMVowIDEeMBwGA1UEAwwVT1FTIHRlc3QgZWNkc2FwMjU2
+IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJFgg8kGusiGvm+C5QeYhV0UZ
+qlMdkzHge7zAV3YRTA/g5exs5EujCVOY2tGIy0iKuEGP1M+toMbYmi7Vxb8HqKNT
+MFEwHQYDVR0OBBYEFDIAMFug9yRwdAANnGCwu6mzGSagMB8GA1UdIwQYMBaAFDIA
+MFug9yRwdAANnGCwu6mzGSagMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwID
+SQAwRgIhAMIgAP5l7af9+gi1Yt1SR/fT/9PzAs/O0Tsapif3/RNgAiEAwe6MuVYu
+GdrEYpxX97yBSe2wioXrocda7CgDpUUIkaA=
+-----END CERTIFICATE-----
diff --git a/bench/certs/CA.key b/bench/certs/CA.key
new file mode 100644
index 00000000000000..fdae23fb31bc5d
--- /dev/null
+++ b/bench/certs/CA.key
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFiXZaFCibucFMdxr
+WLkS9cLZor7Xxs3x4mi3RvyvbcShRANCAAQkWCDyQa6yIa+b4LlB5iFXRRmqUx2T
+MeB7vMBXdhFMD+Dl7GzkS6MJU5ja0YjLSIq4QY/Uz62gxtiaLtXFvweo
+-----END PRIVATE KEY-----
diff --git a/bench/certs/server.crt b/bench/certs/server.crt
new file mode 100644
index 00000000000000..0c1df155fbdebf
--- /dev/null
+++ b/bench/certs/server.crt
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBOTCB4AIUZcuEo7Ou/R/+TLY3VtGOplZZqlgwCgYIKoZIzj0EAwIwIDEeMBwG
+A1UEAwwVT1FTIHRlc3QgZWNkc2FwMjU2IENBMB4XDTIzMTIxMjE3MDkwMVoXDTI0
+MTIxMTE3MDkwMVowHzEdMBsGA1UEAwwUb3FzdGVzdCBDQSBlY2RzYXAyNTYwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAASszcOdq5lgz1JdaYnCcdRVS0ELj2+37PpS
+ypNGmxuF5WDjMj/519xylbhOWQkx4/T3ZTNEDoVda5YFsJ4AJx/xMAoGCCqGSM49
+BAMCA0gAMEUCICMcvqeV5ygmyIv7Zbaq+kKPUE5cA48jlHNQwQTh17VxAiEA+pZ5
+FnKRW0xI90QHYL6Sy+B2gUpDA6bbRXs7EypeVA0=
+-----END CERTIFICATE-----
diff --git a/bench/certs/server.csr b/bench/certs/server.csr
new file mode 100644
index 00000000000000..ae192014abab54
--- /dev/null
+++ b/bench/certs/server.csr
@@ -0,0 +1,7 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIHZMIGBAgEAMB8xHTAbBgNVBAMMFG9xc3Rlc3QgQ0EgZWNkc2FwMjU2MFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAErM3DnauZYM9SXWmJwnHUVUtBC49vt+z6UsqT
+RpsbheVg4zI/+dfccpW4TlkJMeP092UzRA6FXWuWBbCeACcf8aAAMAoGCCqGSM49
+BAMCA0cAMEQCICCwHKUCevppkp8mIJ/i0+H1zR2SmmL6XDJ2DuDpIG6ZAiA3ihSC
+bTIXJe527hRxruB5937YwYlq1SVDqSjOyDh3Zw==
+-----END CERTIFICATE REQUEST-----
diff --git a/bench/certs/server.key b/bench/certs/server.key
new file mode 100644
index 00000000000000..f76114d6986c45
--- /dev/null
+++ b/bench/certs/server.key
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgRqyThi/VpmwRI5Wm
+845G8JK2hQo5aR+F323suEOIkhKhRANCAASszcOdq5lgz1JdaYnCcdRVS0ELj2+3
+7PpSypNGmxuF5WDjMj/519xylbhOWQkx4/T3ZTNEDoVda5YFsJ4AJx/x
+-----END PRIVATE KEY-----
diff --git a/bench/run_benchmarks.sh b/bench/run_benchmarks.sh
new file mode 100755
index 00000000000000..de063dbe8116a1
--- /dev/null
+++ b/bench/run_benchmarks.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+BUILD_DIR='build/bench/'
+
+./python bench/benchmarks.py