Is there a specific Gatling configuration to avoid "SSL Handshake timed out" exception?

Question

I'm using Gatling for overload tests and I'm having a lot of errors when I use the HTTPS urls of my platform.

I get :

• 27% of j.n.s.SSLException: handshake timed out
• 23% of j.n.c.ClosedChannelException
• 17% of j.n.s.SSLException: failure when writing TLS control frames.

When I call the same platform without HTTPS (in HTTP so), the same simulation is 100% OK.

We are trying to understand why there are these errors and have tried some configurations:

• Use .shareConnections option in httpProtocol definition
• Define sslEnabledProtocols and sslEnabledCipherSuites into gatling.conf. All others ahc configurations are commented :

sslEnabledProtocols = [TLSv1.2]
sslEnabledCipherSuites = [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]    

But no success... Same results...

Is there a chance that the problem is a Gatling configuration ? Or is it a platform configuration problem ?

For information, my simulation looks like that :

setUp(
    Scenario1.scn
      .inject(
        rampUsersPerSec(1) to 3 during 5 minutes,
        constantUsersPerSec(3) during 5 minutes
      )
      .protocols(httpProtocolSite1),

    Scenario2.scn
      .inject(
        rampUsersPerSec(1) to 3 during 5 minutes,
        constantUsersPerSec(3) during 5 minutes
      )
      .protocols(httpProtocolSite2),

    Scenario3.scn
      .inject(
        rampUsersPerSec(1) to 3 during 5 minutes,
        constantUsersPerSec(3) during 5 minutes
      )
      .protocols(httpProtocolSite3)
)

And my scenarii logic is to load a first html page, make a pause (2 minutes) and load a second html page.

Thank you for any information that could be useful on these issues !

Answer 1

You can specify this property value in cli like (gradle): -Dgatling.ssl.handshakeTimeout=20000 The same way you can ovewrite default values in gatling as per the docs:

https://gatling.io/docs/current/general/configuration/

The file with settings is under:

https://github.com/gatling/gatling/blob/main/gatling-core/src/main/resources/gatling-defaults.conf

Answer 2

You're getting your issue wrong: you're blaming the messenger (Gatling)!

Your system under load is simply unable to deal with the load you're throwing at it.

2 possibilities:

1. You've properly designed your load and it matches what you're trying to simulation. Then check your network (eg bandwidth) and the component in your architecture that's in charge of https/TLS (nginx, AWS ELB...). Check configuration and possibly consider scaling out (multiple endpoint with DNS round robin).
2. Your load design is broken. Eg, if you want to simulation server to server traffic, you should probably be using shareConnections (otherwise, don't use that, your test would be meaningless).