I am trying to benchmark SSL handshakes per second with JMeter and I am trying to see the performance difference between HTTPS requests with and without SSL session reuse. However I seem to be running into the wall with JMeter as I cannot determine how to have every HTTPS request use a brand new SSL session id. As I've come to understand from Googling on this topic, Java by default has an unlimited SSL session cache in which entries expire after 24 hours.
I've tried using the JMeter properties "https.use.cached.ssl.context" and "https.sessioncontext.shared", but even together they don't cause new SSL session ids to be used for each request. From playing around, at best if I have 10 threads making 5 HTTPS requests, the first 10 requests will have new SSL session ids, but the remaining 40 will reuse SSL sessions. I've verified this behaviour with both ssldump (seeing the resumed SSL session ids) and in my STunnel logs (when STunnel logs a previous session is reused). Even setting the Java property "javax.net.ssl.sessionCacheSize" to 1 does not seem to work, I'm guessing it must get applied per thread. So I was wondering if it possible through JMeter (or Java) to have every HTTPS request use a new SSL session id? Kaelen Proctor Confidentiality: The information contained in this e-mail and any attachments are confidential. If you are not the intended recipient, you may not copy or distribute this information. If you have received this communication in error, please notify the sender immediately and delete it from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
