current position:Home>HTTPS pressure test you don't know

HTTPS pressure test you don't know

2022-05-15 03:22:15Alibaba cloud native

author : tidy up one's dress upon leaving

introduction

With the popularity of Internet security norms , Use HTTPS Technology for communication encryption , Realize website and APP Trusted access for , It has become a recognized safety standard . This article will introduce the HTTPS The focus of protocol stress testing , And the use of PTS do HTTPS Technical advantages and best practices of pressure measurement .

Common websites or APP Pressure measurement is required in 3 Kinds of scenes :

  • Before the newly developed system or function goes online, you need to know its performance and water level .
  • Technical tuning of the system 、 The performance of the system is compared through pressure measurement before and after capacity expansion .
  • Evaluate the performance of the system before participating in platform activities .

What is? HTTPS

HTTPS Our English full name is :Hyper Text Transfer Protocol over Secure Socket Layer, It's security oriented HTTP passageway . As can be seen from the full name , It's not really a new application layer protocol , It's just HTTP The protocol uses... As the communication interface SSL Replaced the TCP.HTTP Agreement , application layer HTTP Directly with the transport layer TCP signal communication , stay HTTPS Agreement , application layer HTTP And SSL signal communication ,SSL And then with the transport layer TCP signal communication , See the picture for details :

1.png

HTTPS adopt SSL Layer encryption , It can prevent the website from being tampered with and hijacked . Let's take a brief look at HTTPS How to encrypt and decrypt :

First, the client and server will negotiate the encryption algorithm and protocol version . After the negotiation , The server sends the public key to the client , After the client gets the public key , Generate a random cipher string (Pre-master secret), And returned to the server through public key encryption . After the server decrypts the ciphertext with the private key , Get this random cipher string (Pre-master secret), Then through the negotiation of random number and encryption algorithm , Generate symmetric encryption key . thus , Both sides got the same key , Later, use this key to realize symmetric encryption and decryption .

2.png

We know that symmetric encryption performs better , But as long as you hold the key , Can decrypt the hijacked ciphertext , Can't solve the problem of being hijacked . Asymmetric encryption is relatively more secure , But at the same time, the performance overhead of encryption and decryption is large . It can be seen that HTTPS Asymmetric encryption is used in the handshake phase , Symmetric encryption is used in subsequent communication , It not only ensures the safety , And maximize the performance .

HTTPS The focus of pressure measurement

SSL Handshake strategy

HTTPS In the handshake phase, there is a process of encryption and decryption , So compared HTTP Consume more computing resources . The pressure measurement engine performs requests to simulate a large number of users , Often the underlying layer will be in the global or thread dimension , Reuse TCP The connection and SSL Handshake messages . This improves the performance of the press , But for scenarios where you want to simulate different client behavior each time you loop , The presser only simulates enough flow pressure , Not enough simulation SSL Shake hands to calculate pressure , It may cause the problem that the pressure simulation is not accurate enough , As shown in the figure below :

3.png

therefore , stay HTTPS Under pressure test , According to the specific business logic of the pressure test scenario , Specifies whether to reset each cycle SSL Handshake status , Accurately simulate SSL Shake hands to calculate pressure .

SSL Protocol version

HTTPS Pressure measurement , On the client side ( Pressure machine ) And the server SSL The first step of shaking hands , The client will inform the server of the maximum support it supports SSL Protocol version , Then the server will start from the intersection of its own version and the version supported by the client , Take the highest version as the actual SSL edition .

During the pressure test , We need to evaluate the mainstream version of the real client , And configure it on the pressure engine . Avoidable cause SSL Different versions , cause SSL Handshake calculation pressure simulation is not accurate .

Why PTS—PTS do HTTPS Advantages of pressure measurement

JMeter、Gatling、K6 And other open source pressure measurement tools HTTPS There are different levels of support .JMeter [1] Support to configure whether the cycle is reset SSL Handshake status , And support the configuration of the client SSL Protocol version , But it is not supported by default HTTP2 agreement .Gatling [2] By default, each virtual user shares SSL Context , Control loop reset is not supported SSL Handshake status .K6 [3] At present, only settings are supported SSL Protocol version .

PTS As a cloud pressure measurement tool , Support the following HTTPS Related features :

  • Support HTTP2 HTTP2 Comparison HTTP1.1 Performance improvement , At present, mainstream browsers have supported HTTP2 agreement . To simulate a real client , It is recommended to use HTTP2 agreement .
  • Support settings SSL Handshake strategy Support to configure whether the cycle is reset SSL Handshake status , According to the business scenario , Choose whether to reset .
  • Support specifying SSL Protocol version

Use PTS Pressure measurement , It can more truly simulate the client initiated HTTPS pressure , Make the pressure measurement results more reliable .

How to— How to use PTS do HTTPS Pressure measurement

Set up SSL Handshake strategy

4.png

about HTTPS Pressure measurement , At each cycle of the series link , You need to choose whether to reset SSL Connection status . If you choose reset , When each cycle of the series link is executed , Will reinitialize SSL state , In this way, the pressure measurement scene representing different users in each cycle can be simulated more accurately , At the same time, it will bring some performance overhead to the pressure machine .

Use scenarios

  • Scene one :HTTPS Pressure measurement , Hope to simulate 100 Users log in , While maintaining this 100 Users repeatedly access the system . At this time, the series link executes each cycle , It simulates the behavior of the same virtual user . This switch should be set to “ no ”, Then set the concurrency number to 100.

  • Scene two :HTTPS Pressure measurement , Hope to simulate 5 Within minutes , Every moment has 100 Different users have access to the system . At this time, the series link executes each cycle , It simulates the behavior of different virtual users . In order to ensure the authenticity of pressure simulation , This switch should be set to “ yes ”, Then set the concurrency number to 100. At the same time, because after turning on this switch , The presser has additional performance overhead , It is suggested to expand the pressure machine IP Count .

Set up SSL Protocol version

Here are some common browser pairs SSL The support of version is for your reference :

5.png

It can be seen that , Mainstream browsers are 2018~2020 Both around the year supported TLSv1.3. therefore , If the client of your pressure test scenario simulation is relatively new , I suggest you choose TLSv1.3 As SSL edition ; contrary , If your pressure test scenario needs to simulate the old browser client , I suggest you choose TLSv1.2 As SSL edition .

How to record HTTPS Traffic

Each pressure measurement tool provides an agent-based flow recording tool , It is convenient to record the traffic of the client , And quickly build the pressure test script . about HTTPS Recording of protocol , In addition to configuring agents , You also need a certificate of trust , Complicated operation .

PTS Provides a certificate free recording scheme : Browser plug-in , Support fast recording HTTPS Traffic , Decrypt and convert to PTS Pressure test scenario , It also supports exporting to JMeter Script , Welcome to download [4] Use , Refer to the documentation for detailed operation [5] .

6.png

At the same time, record for mobile traffic ,PTS It provides real cloud machines and local devices 2 Kind of plan . The cloud real machine has been preset PTS Agent configuration , Support mobile phone operation in browser , Recording traffic , No need to configure agents and certificates , Refer to the documentation for detailed operation [6] .

7.png

summary

Sum up , This paper mainly expounds :

  • What is? HTTPS
  • HTTPS Precautions in pressure measurement
  • How to use PTS do HTTPS Pressure measurement

More exchanges , Welcome to the nail group to communicate ,PTS User communication group number :11774967

meanwhile ,PTS New selling methods are coming , The price of the basic version has dropped 50%! Million concurrent prices just 6200! More new users 0.99 Experience version 、VPC Exclusive version of pressure measurement , Welcome to buy !

8.png

Reference documents

[1] JMeter( Official documents ):

https://jmeter.apache.org/usermanual/component_reference.html?spm=a2c6h.12873639.article-detail.4.6d4a7ca0EKzFeR#HTTP_Request

[2] Gatling( Official documents ):

https://gatling.io/docs/gatling/reference/current/http/ssl/

[3] K6:

https://k6.io/docs/using-k6/options/#tls-version

[4] download (PTS HTTPS Recorder plug-in ):

https://chrome.google.com/webstore/detail/alibaba-cloud-pts%E5%BD%95%E5%88%B6%E5%99%A8/noonnhdncblnaknhoebaglpcihelliff

[5] file (PTS The recorder uses documents —Chrome Browser scene ):

https://help.aliyun.com/document_detail/187749.html

[6]  file (PTS The recorder uses documents —Android Mobile end scenario ):

https://help.aliyun.com/document_detail/72519.html

[7] PTS HTTPS Set up documents :

https://help.aliyun.com/document_detail/143194.html

Click on here , Go to performance test PTS Learn more on the official website page !

copyright notice
author[Alibaba cloud native],Please bring the original link to reprint, thank you.
https://en.qdmana.com/2022/132/202205112033221254.html

Random recommended