Re: Re-use the SSL session for a single vuser for all iterations, but different for another vuser (1159 Views)
Reply
Advisor
Srikant Srinivasan
Posts: 21
Registered: ‎08-20-2010
Message 1 of 3 (1,183 Views)

Re-use the SSL session for a single vuser for all iterations, but different for another vuser

Hi All,

I have to create a Web Service script wherein i should hit a request,
which inturn will create a SSL session for a single user. Now, for all
the iterations of the same user, the same SSL session has to be
reused. But when the next user or vuser hits, the user has to establish a new
SSL session and again, the same SSL session has to be re-used for all
its iterations.This was raised by the application team, as the SSL
handshake was doing an overhead on the performance of the service. So
can any one please help me to find out a way to accomplish the same. I
tried creating the script with web http/html and web service protocol
with "Print SSL information" enabled in Run-Time settings and got the
SSL info in the logs. But since this is the connection part, i was not
able to capture it or use it for anything.I am stuck and not able to
find any way.
Any help would be really appreciated.

Thanks & Regards,
Srikant S

Regular Advisor
Arjun_Valipired
Posts: 71
Registered: ‎08-05-2011
Message 2 of 3 (1,179 Views)

Re: Re-use the SSL session for a single vuser for all iterations, but different for another vuser

Srikant

 

This is a very interesting topic you brought up, SSL handshake takes up most of the time when we look into the web-page-breakdown graph during analysis. I had similar performance problems but was never instructed by the application team to continue processing requests with one open Secure Sockets Layer connection. 

 

According to me it will not server the purpose of using a SSL or TSL cryptographic protocol. As you know handshake allows the server to authenticate itself to the client by using public-key techniques, and then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows.

 

In you case they want you to repeat the sessions after the handshake is made, which is very tricky,  I have not done this before, you can give it a try,

 

Option 1) Tell the application team/Dev team to give you a WSLD/ Soap,XML which takes in a huge input argument which is equal to 100 or more requests and satisfies the load expectation, that way with one SSL connection you will be pushing 100 requests and once done you will close the connection.

 

Option 2)  convert the script into web(HTTP/HTML) protocol, and design your script that it will loop around the body part of the script after the connection is made. This will be very tricky to loop only for the body part within the request.

 

Option 3) Get you working script right, I mean get your socket options correct eg: web_set_socket_options("SSL+VERSIOM","TLS");  Disable log, Tell the server admin to enable server side caching and re-run your test. 

 

 

Srikant, its a know fact for any secure application. The SSL handshake eats up most of the time, the latest version TLS 1.2  is better compared to SSL 1.0 ,2.0 

 

 

good luck

-Arjun

Regular Advisor
Arjun_Valipired
Posts: 71
Registered: ‎08-05-2011
Message 3 of 3 (1,159 Views)

Re: Re-use the SSL session for a single vuser for all iterations, but different for another vuser

Srikant

 

Try this,

 

Put the below in the Vuser_int part

 

Vuser_init()

{

web_set_user("XYZ","Password","Server.name.com"); //the username password and url

 

web_set_socket_options("SSL+VERSION","TLS");  //depending on your application

 

web_set_sockets_options("INITIAL_BASIC_AUTH","1"); // depending on the type of authorization.

 

}

 

Then in Action have the remaining part of the script.

 

Action()

{

web_service_call( ".......

                                  .........

                                  ..........");

 

}

 

Now try to replay this for a few iterations and you will find that the SSL handshake  time would have reduced.

 

-thanks

Arjun

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.