Part of #151.
Problem. Everything is cleartext — H1 + h2c + h2c-upgrade. No TLS anywhere: no certs, no ALPN, no real-world h2-over-TLS. 'HTTP/2' here always means h2c, never the TLS-negotiated h2 production uses.
Goal. Benchmark the real-world TLS path. celeris's native engines are cleartext-only (TLS terminates upstream), so this measures celeris-behind-terminator vs frameworks with in-process TLS — design + document the asymmetry.
Scope.
- loadgen already supports TLS + ALPN — wire it into the runner.
- Topology decision: (a) in-process TLS for capable frameworks + a terminator (nginx) in front of celeris, or (b) all behind the same terminator for apples-to-apples. Document which + why.
- tls variants of the json + concurrency scenarios.
- Deterministic cert provisioning on the cluster.
Acceptance. TLS scenarios produce h2-over-TLS numbers; the asymmetry is documented in the methodology.
Refs: loadgen TLS/ALPN; ansible/ (cert provisioning); SDD TLS posture.
Part of #151.
Problem. Everything is cleartext — H1 + h2c + h2c-upgrade. No TLS anywhere: no certs, no ALPN, no real-world h2-over-TLS. 'HTTP/2' here always means h2c, never the TLS-negotiated h2 production uses.
Goal. Benchmark the real-world TLS path. celeris's native engines are cleartext-only (TLS terminates upstream), so this measures celeris-behind-terminator vs frameworks with in-process TLS — design + document the asymmetry.
Scope.
Acceptance. TLS scenarios produce h2-over-TLS numbers; the asymmetry is documented in the methodology.
Refs: loadgen TLS/ALPN;
ansible/(cert provisioning); SDD TLS posture.