2

When I perform a load testing to my website over HTTPS, I received multiples errors related with SSL Handshake when I simulate a high amount of concurrent users (>500 / sec).

Here are the errors that I received:

Error #1

javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake

Error #2

javax.net.ssl.SSLException: Socket closed

Error #3

javax.net.ssl.SSLException: Read timed out

The thing is, everything is managed by the GCP, especially with the Load Balancer where my front-end is HTTPS associated with a valid certificate.

Also, the capacity of my back-end seems high enough to support everything. It is like the bottleneck is my Load Balancer.

The tests are made directly from my computer using JMeter.

So, what cause this problem and how can I fix it?

probitaille
  • 161
  • 1
  • 7
  • 1
    How many errors are *"some errors"*, what is a *"high number"* of concurrent users, what request rate/parameters were you using to test, and what was the number of failures relative to successes? Intuition suggests that you can't meaningfully load test a GCP balancer from a single IP address (your computer), because all your traffic would arrive at a single GFE which could interpret the traffic as abnormal/malicious and throttle some of it. – Michael - sqlbot Sep 06 '19 at 00:35
  • Thank you for your constructive comment! I listed the errors that I received. The high number of concurrent users are >500 users/second. The % of error can vary a lot, between 25+% (500 concurrents) to 75+% (2000 concurrents). I agree that launching the test from a single IP can be abnormal. I'm still looking in the GCP if there's a way to see that abnormal/malicious traffic. Maybe I can whitelist my IP. – probitaille Sep 06 '19 at 13:51

1 Answers1

1

as far as I can understand not all the request show the errors. So maybe there some instances that are not configured as the rest. You could validate if all your VMS supports the same TLS version as your JVM. Got this idea by going to here .

Gustavo Blanco
  • 56
  • 2
  • All instances are created from the same template and they don't have any configuration related to SSL or TLS. Theses configurations are managed by the Google Load Balancer Front-end service. – probitaille Sep 10 '19 at 13:20
  • 1
    Looks your issue needs a deeper inspection. I highly recommend to contact GCP support team. – Gustavo Blanco Sep 13 '19 at 18:11