i was told that opensta has problems in handling ssl session keys. allegedly for each https request send on a new tcp connection a new ssl session key is renegotiated. thus more load would be generated than actually in reality would occur.
is this right? has anyone made an experience in this direction?
So do I. Each connect/disconnect pair will result in a new ssl negotiation (just like in the real world). Your server settings for KeepAlive will change what is recorded in many instances (as a result of more connect/disconnect pairs with KeepAlive off). If you don't re-record your scripts after changing the KeepAlive setting, you'll miss this.
You may have a problem with session reuse skewing your results in the other direction, though. If the server re-uses the session for consecutive requests from the same client, you aren't re-negotiating often enough. I recommend disabling session reuse on your server and paying careful attention the impact of the KeepAlive setting on your recorded scripts.
I can't find any definitive info right now but I do remember some specific complaints in this area. I believe it was noted that the session key was renegotiated way too much with OpenSTAs replay and this would create an unrealistic amount of load. If I remember rightly this was specifically when compared to another commercial tool - which may have been doing it to little (as Chris suggests).
If someone wants to do a thorough investigation of this and file a detailed bug report with good evidence then I'm all for spending some time fixing it. Until that time, there are too few hours in the day and plenty of problems that are already fully documented to deal with...