linux-scalability-benchmarks / gatling / README.tls

The default branch has multiple heads

Full commit
gatling now has primitive SSL/TLS support using OpenSSL.
I took the code from the excellent qmail STARTTLS patch.
No support for much of anything yet, you just get an HTTPS server
using the certificate in "server.pem" in the gatling root directory.

If you want OpenSSL to verify client certs, put the CA cert in
"clientca.pem".  If you need a revocation list, use OpenSSL 0.9.7 or
later, and put it in "clientcrl.pem".

No way to communicate anything about the client cert to CGIs yet.

As of Sep 23 2008 gatling has support for ssh passthrough.  The idea is
the following.  Let's assume you run a server somewhere, and you want to
SSH to it, but you only get internet access through some restrictive
proxy firewall that lets you connect to port 443 because that's what
HTTPS uses.  So you bind a ssh to port 443 on your server.  Now you
want to run an SSL webserver, too.  It turns out, you can do both!
For TLS, the client connects and writes something.  For SSH, the client
connects and expects the server to write something.  So, gatling can
accept the connection, attempt an SSL handshake, but if the client does
not write anything for a few seconds, you pass the descriptor on to sshd
running in inetd mode.  That way, you can transparently use both SSL and
SSH on the same port.  You still risk losing SSL connections that come
from very slow connections, so this is not enabled by default.  To
enable it, run tlsgatling with

  -X 2,/opt/diet/sbin/sshd -u0

where -X is the option to enable this, 2 is the timeout in seconds, and
the rest is the sshd command line you want gatling to run.  Note that
gatling auto-appends the -i option to this command line, so you do not
need to specify it here.