jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Release 2.12
Date Thu, 16 Oct 2014 20:16:34 GMT
On 16 October 2014 21:08, Philippe Mouawad <philippe.mouawad@gmail.com> wrote:
> On Thu, Oct 16, 2014 at 10:04 PM, sebb <sebbaz@gmail.com> wrote:
>
>> On 16 October 2014 20:49, Philippe Mouawad <philippe.mouawad@gmail.com>
>> wrote:
>> > On Thu, Oct 16, 2014 at 9:42 PM, sebb <sebbaz@gmail.com> wrote:
>> >
>> >> On 16 October 2014 20:32, Philippe Mouawad <philippe.mouawad@gmail.com>
>> >> wrote:
>> >> > On Thu, Oct 16, 2014 at 9:24 PM, sebb <sebbaz@gmail.com> wrote:
>> >> >
>> >> >> On 16 October 2014 19:48, Milamber <milamber@apache.org>
wrote:
>> >> >> > Hello,
>> >> >> >
>> >> >> > I propose to act as RM and to start a new release process
near the
>> >> >> weekend
>> >> >> > of 31 October 2014.
>> >> >> >
>> >> >> > I would like to fix before the bug 56357 (Certificates algorithm
>> >> >> > constraints) for a "full" Java 7/8 support
>> >> >>
>> >> >> I've commented on that bug.
>> >> >> Ideally we need to continue to support testing insecure sites.
>> >> >>
>> >> >> I agree with sebb comment.
>> >> >
>> >> >
>> >> >> > and change the default cipher for
>> >> >> > Proxy server (change from SSLv3 to TLS (because of the recent
>> security
>> >> >> issue
>> >> >> > with SSLv3 (POODLE - CVE-2014-3566)).
>> >> >>
>> >> >> OK. That should not affect users, and if it does, they can revert
to
>> >> >> the previous value.
>> >> >>
>> >> >> I think we shoud do it the opposite, be as lenient as possible
and
>> for
>> >> > people who want to ensure their server is secure document the way to
>> >> switch
>> >> > to the most secure config.
>> >> > The lambda user is not a security expert, as such he will see failures
>> >> and
>> >> > will not easily find the way to change this.
>> >> > While the user who wants to test security is aware of such things and
>> >> will
>> >> > know how to play with Security algorithms.
>> >>
>> >> AIUI the proposal here is to change the default cipher for the
>> >> outgoing connection from the Proxy.
>> >> I assume the intention is to better secure the connection during
>> recording?
>> >>
>> >> Provided that the connection will fall back to SSLv3, it should not
>> >> make any difference to the user.
>> >>
>> >
>> > This is the issue. AFAIU (but may be I don't ) we intend to remove the
>> > fallback to SSLv3,
>>
>> If that were the case, I would agree with you.
>>
>> But I think the proposal is merely to change the default (initial) cipher.
>>
>
> Ok, let's see what Milamber has in mind and I will comment when commited.
>
>>
>> > if server only understands this, recording will fails. I
>> > doubt a non security aware user will find out the problem.
>> > I may be a stupid user, but I must say that the first time I faced this
>> > issue it took me some time to find the existing property to play with SSL
>> > algorithms.
>>
>> That is a different matter, as it involves the JVM SSL implementation,
>> not JMeter.
>>
>
> It is not my understanding, AFAIK this is partly controlled by jmeter
> properties:
> # Default HTTPS protocol level:
> #https.default.protocol=TLS
> #https.default.protocol=SSLv3
> #https.socket.protocols=SSLv2Hello SSLv3 TLSv1

AIUI this proposal merely involves changing the following in Proxy.java:

    private static final String SSLCONTEXT_PROTOCOL =
        JMeterUtils.getPropDefault("proxy.ssl.protocol", "SSLv3"); //
$NON-NLS-1$ $NON-NLS-2$

>
> But your more detailed explanations are welcome, always nice to learn new
> things

I think we were talking about different things.

>>
>> >
>> >> And if in rare cases fallback does not work, the user can change the
>> >> property.
>> >> Obviously this needs to be documented in the release notes and
>> >> component reference.
>> >>
>> >> The change won't affect the running of the generated Test Plan.
>> >>
>> >
>> >
>> >> So I'm not sure what your objection is.
>> >>
>> >> >
>> >> >
>> >> >> > If anyone have a blocker bug before release, please send a
warning.
>> >> >> >
>> >> >> > Milamber
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On 15/10/2014 07:24, Philippe Mouawad wrote:
>> >> >> >>
>> >> >> >> Hi,
>> >> >> >> What about starting a 2.12 release process.
>> >> >> >>
>> >> >> >> Regards
>> >> >> >>
>> >> >> >> On Wednesday, July 23, 2014, Milamber <milamber@apache.org>
>> wrote:
>> >> >> >>
>> >> >> >>> Hello,
>> >> >> >>>
>> >> >> >>> Currently I works on a new behavior to allow to save
the
>> settings of
>> >> >> >>> Response Time Graph in jmx file. I think I can put
on svn this
>> work
>> >> >> this
>> >> >> >>> week.
>> >> >> >>>
>> >> >> >>> I can prepare slowly the new and noteworthy section
to release
>> the
>> >> >> 2.12,
>> >> >> >>> and the screenshots in the target of September (start
of).
>> >> >> >>>
>> >> >> >>>
>> >> >> >>> Milamber
>> >> >> >>>
>> >> >> >>>
>> >> >> >>> Le 22/07/2014 20:53, Philippe Mouawad a ecrit :
>> >> >> >>>>
>> >> >> >>>> I meant:
>> >> >> >>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=55913
>> >> >> >>>>
>> >> >> >>>> Not
>> >> >> >>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=55863
>> >> >> >>>>
>> >> >> >>>>
>> >> >> >>>> On Tue, Jul 22, 2014 at 10:50 PM, Philippe Mouawad
<
>> >> >> >>>> philippe.mouawad@gmail.com <javascript:;>>
wrote:
>> >> >> >>>>
>> >> >> >>>>> Hello,
>> >> >> >>>>> A certain number of issues+improvements were
commited these
>> last
>> >> days
>> >> >> >>>>> which make trunk ready for a release in my
opinion.
>> >> >> >>>>>
>> >> >> >>>>> I think we could release a version as supporting
JAVA8
>> correctly
>> >> >> would
>> >> >> >>>
>> >> >> >>> be
>> >> >> >>>>>
>> >> >> >>>>> nice.
>> >> >> >>>>> Furthermore we have something like 46 issues
fixed for now:
>> >> >> >>>>> - 18 Improvements
>> >> >> >>>>> - 28 bug fixes
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>> For release I see this remaining work to do
plus all the
>> release
>> >> >> >>>
>> >> >> >>> process:
>> >> >> >>>>>
>> >> >> >>>>> - Updates New and Noteworthy
>> >> >> >>>>> - Update screenshot of JMS Publisher/Point
to point
>> >> >> >>>>> - Update screenshot of Synchronizing timer
>> >> >> >>>>>
>> >> >> >>>>> I am still working on this:
>> >> >> >>>>> - https://issues.apache.org/bugzilla/show_bug.cgi?id=55863
>> >> >> >>>>>
>> >> >> >>>>> Which is taking me more time than I had expected,
so I don't
>> >> think I
>> >> >> >>>
>> >> >> >>> will
>> >> >> >>>>>
>> >> >> >>>>> be able to commit it before september, and
anyway it would be
>> >> Beta or
>> >> >> >>>
>> >> >> >>> Alpha.
>> >> >> >>>>>
>> >> >> >>>>> Regards
>> >> >> >>>>> Philippe M.
>> >> >> >>>>> @philmdot
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>> On Tue, May 27, 2014 at 3:32 AM, sebb <sebbaz@gmail.com
>> >> >> <javascript:;>>
>> >> >> >>>
>> >> >> >>> wrote:
>> >> >> >>>>>>
>> >> >> >>>>>> On 26 May 2014 21:55, Philippe Mouawad
<
>> >> philippe.mouawad@gmail.com
>> >> >> >>>
>> >> >> >>> <javascript:;>>
>> >> >> >>>>>>
>> >> >> >>>>>> wrote:
>> >> >> >>>>>>>
>> >> >> >>>>>>> Hello,
>> >> >> >>>>>>> Regards
>> >> >> >>>>>>>
>> >> >> >>>>>>> Philippe
>> >> >> >>>>>>>
>> >> >> >>>>>>>
>> >> >> >>>>>>> On Tue, May 20, 2014 at 5:46 PM, sebb
<sebbaz@gmail.com
>> >> >> >>>
>> >> >> >>> <javascript:;>> wrote:
>> >> >> >>>>>>>>
>> >> >> >>>>>>>> On 16 May 2014 06:48, Philippe
Mouawad <
>> >> >> philippe.mouawad@gmail.com
>> >> >> >>>
>> >> >> >>> <javascript:;>>
>> >> >> >>>>>>
>> >> >> >>>>>> wrote:
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> Hello,
>> >> >> >>>>>>>>> Shouldn't we release a version
at least to support
>> officially
>> >> >> 2.12
>> >> >> >>>>>>>>> ?
>> >> >> >>>>>>>>
>> >> >> >>>>>>>> Yes, we should probably do another
release soon.
>> >> >> >>>>>>>>
>> >> >> >>>>>>>>> We had 1 report at user mailing
list and 1 on french one
>> about
>> >> >> >>>
>> >> >> >>> people
>> >> >> >>>>>>>>
>> >> >> >>>>>>>> using
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> Java8 and having issues.
>> >> >> >>>>>>>>
>> >> >> >>>>>>>> Are there any recent bug reports
that need to be fixed
>> first,
>> >> or
>> >> >> can
>> >> >> >>>>>>>> they wait for a later release?
>> >> >> >>>>>>>>
>> >> >> >>>>>>> I see this one:
>> >> >> >>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=56292
>> >> >> >>>>>>
>> >> >> >>>>>> Fixed.
>> >> >> >>>>>>
>> >> >> >>>>>>> And maybe this one:
>> >> >> >>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=56159
>> >> >> >>>>>>
>> >> >> >>>>>> Spurious notification that the test plan
has changed
>> >> >> >>>>>>
>> >> >> >>>>>> Would be good to fix, but may be quite
tricky.
>> >> >> >>>>>>
>> >> >> >>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=56368
>> >> >> >>>>>>
>> >> >> >>>>>> No source package deployed on Maven central
>> >> >> >>>>>>
>> >> >> >>>>>> This is an enhancement request.
>> >> >> >>>>>>
>> >> >> >>>>>> It would be very tedious to create Javadoc
for each separate
>> >> Maven
>> >> >> >>>
>> >> >> >>> module.
>> >> >> >>>>>>
>> >> >> >>>>>> Also quite tedious to create source for
each.
>> >> >> >>>>>>
>> >> >> >>>>>> I don't see a pressing need to spend time
on this, but if
>> someone
>> >> >> >>>>>> provides a working patch we could include
it.
>> >> >> >>>>>>
>> >> >> >>>>>> There is one other issue that needs fixing
- rsyntaxtextarea
>> >> 2.5.1
>> >> >> is
>> >> >> >>>>>> not available from Maven Central.
>> >> >> >>>>>> This breaks the JMeter Maven poms.
>> >> >> >>>>>> Can we revert to 2.5.0 or are there critical
fixes in 2.5.1?
>> >> >> >>>>>>
>> >> >> >>>>>>>>> Regards
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> ---------- Forwarded message
----------
>> >> >> >>>>>>>>> From: *Milamber* <milamber@apache.org
<javascript:;>>
>> >> >> >>>>>>>>> Date: Tuesday, May 13, 2014
>> >> >> >>>>>>>>> Subject: Release 2.12
>> >> >> >>>>>>>>> To: JMeter Users List <user@jmeter.apache.org
>> <javascript:;>>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> Hello,
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> Currently, no date is planned.
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> Milamber
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> Le 11/05/2014 18:13, Sergio
Boso a ecrit :
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>>> Hi every body,
>> >> >> >>>>>>>>>>
>> >> >> >>>>>>>>>>
>> >> >> >>>>>>>>>> which is the scheduled
date for next Jmeter release?
>> >> >> >>>>>>>>>>
>> >> >> >>>>>>>>>> thank you
>> >> >> >>>>>>>>>>
>> >> >> >>>>>>>>>
>> >> >> >>>
>> >> ---------------------------------------------------------------------
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> >> >> >>>
>> >> >> >>> <javascript:;>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> For additional commands, e-mail:
>> user-help@jmeter.apache.org
>> >> >> >>>
>> >> >> >>> <javascript:;>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>>
>> >> >> >>>>>>>>> --
>> >> >> >>>>>>>>> Cordialement.
>> >> >> >>>>>>>>> Philippe Mouawad.
>> >> >> >>>>>>>
>> >> >> >>>>>>>
>> >> >> >>>>>>> --
>> >> >> >>>>>>> Cordialement.
>> >> >> >>>>>>> Philippe Mouawad.
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>> --
>> >> >> >>>>> Cordialement.
>> >> >> >>>>> Philippe Mouawad.
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>
>> >> >> >
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Cordialement.
>> >> > Philippe Mouawad.
>> >>
>> >
>> >
>> >
>> > --
>> > Cordialement.
>> > Philippe Mouawad.
>>
>
>
>
> --
> Cordialement.
> Philippe Mouawad.

Mime
View raw message