8.2.x

mTLS, Comparison Report enhanced

XLT 8.2.1

Load Testing

Xceptance provides Amazon machine images with XLT preinstalled. These images have been updated to include a version of openssh-server that is not vulnerable to CVE-2024-6387.

XLT allows certain measurements to be sent to a Graphite-compatible time series database during a load test for real-time analysis. We have fixed an issue that prevented this data from being sent at all.

XLT 8.2.0

Framework

Making mTLS Easier to Use

In a zero-trust environment, not only must the client verify the server’s identity, but the server must also verify the client’s identity. This is known as Mutual Transport Layer Security (mTLS).

XLT has always supported mTLS, but the necessary setup could only be done programmatically in your test scenarios. Now XLT provides configuration options to set this up more conveniently and especially independent of your scenarios.

To run tests with XLT in such environments, the underlying HtmlUnit WebClient must be configured with

  • a key store containing the client’s private key, and
  • a trust store containing the certificate of the CA that signed the server key.

The trust store setup is only needed if the server key was not signed by one of the well-known CAs that the JVM trusts out of the box.

The key store containing the client key can be configured as follows:

com.xceptance.xlt.tls.keyStore.file = config/keystore.p12
com.xceptance.xlt.tls.keyStore.password = <store-pw>

Note that the path to the key store must be relative to the root directory of your test suite. Also, if you want to password-protect the store, make sure that the key in the store is protected with the same password.

The trust store with the CA certificate is set up this way:

com.xceptance.xlt.tls.trustStore.file = config/truststore.p12
com.xceptance.xlt.tls.trustStore.password = <store-pw>

Typically, trust stores don’t need to be password-protected.

To create or modify the necessary keys, key store, and trust store, use Java’s keytool or KeyStore Explorer. Both provide ways to import existing keys and certificates in various formats, such as PEM. Make sure that the store format you choose matches the extension of the store file name (JKS -> .jks, PKCS#12 -> .p12, etc.).

The last step is to configure the server with the client certificate or the appropriate CA certificate. Refer to your server software documentation for more information on how to do this.

Responsive Result Browser

The result browser for a scenario execution has been modernized. It is now much more accessible when being viewed on mobile devices because of these changes:

  • Collapsible navigation (portrait mode only, look out for the hamburger menu to toggle it)
  • Zoomable screenshots
  • Request filter control as full screen overlay
  • Larger font size and bigger buttons

Load Testing

Load Test Report Generator

When generating the load test report, the report generator also creates a testreport.xml file with most of the values from the report. Other values have now been added to this file, such as error percentages. These can be useful when evaluating the load test in an automated way.

The report generator now limits the number of errors for which stack traces are displayed in the load test report. This is to prevent the report generator from running out of memory if there are numerous errors with different stack traces or exception messages. By default, only 500 stack traces are kept in memory, but this limit can be reconfigured with this report generator property:

com.xceptance.xlt.reportgenerator.errors.stackTracesLimit = 1500

Comparison Report

The comparison report has been enhanced with additional pages that compare Web Vitals and custom values.

Note that for custom values, XLT cannot know whether a change is actually positive or negative, so it colorizes the change with shades of the neutral color blue instead of red/green.

Last modified July 12, 2024