How to identify the SSL protocols and certificates used by a website when testing with LoadRunner.

How to identify the SSL protocols and certificates used by a website when testing with LoadRunner.

Understanding the SSL Protocols and certificates used by a website. Solution - To identify the type of SSL and certs used on a web server, type the following commands from a Loadrunner client workstation :

• Go to the Loadrunner/bin directory.

• Type "openssl", this will then display an >openssl prompt.

• Type "s_client - connect www.test.com:443" where test.com is your web site.

This will then return details of the web servers SSL configuration. Other usefull commands to use in LoadRunner Web protocol scripts are as follows: web_set_sockets_option("SHUTDOWN_MODE", "FAST"); ----->Allows the disconnection of the SSL session to be completed quickly. web_set_sockets_option("SSL_VERSION", "TLS"); web_set_sockets_option("SSL_CIPHER_LIST", "RC4-MD5"); These options allow the version and cipher for SSL to be specified. Possible versions and ciphers are detailed in the Loadrunner Function Reference. web_set_sockets_option("TRACE_SSL_IO","1"); ---> This option will detail all SSL IO in the normal vuser log. web_set_sockets_option("PRINT_SSL_INFO","1"); ---->This option will detail the version and certificate used in the SSL configuration. web_set_sockets_option("PROXY_INITIAL_BASIC_AUTH","0"); ---->This option disables the initial Basic authentication.