jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Milamber <milam...@apache.org>
Subject Re: SMTP Sampler and TLSv1.2/CipherSuites
Date Sun, 07 Jun 2015 07:40:04 GMT


On 06/06/2015 17:28, Felix Schumacher wrote:
> Am 06.06.2015 um 18:14 schrieb Milamber:
>>
>>
>> On 06/06/2015 16:59, Felix Schumacher wrote:
>>> Hi all,
>>>
>>> to enable the SMPT Sampler to use a higher TLS version than TLSv1 it 
>>> seems to be necessary to change the SSLContext.getInstance call in 
>>> TrustAllSSLSocketFactory from "TLS" to "TLSv1.2".
>>>
>>> We can't make that value the default one, since I believe it will 
>>> prevent connections to servers with older TLS versions.
>>>
>>> So it seems, we should make it configurable. Should this parameter 
>>> be made visible in the gui, or should we make it a system property?
>>
>> Must: As a jmeter property (in jmeter.properties file)
> That one is easy, so I will start with this option.

OK

>>
>> Better: In addition of the jmeter property, a combo list in the SMTP 
>> sampler.
> The values for this depend on the capability of the jvm (jre?) but are 
> probably static for a while. We could just assume that the only valid 
> values are those listed in 
> http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext

> and change that when needed, or get them by instantiating an 
> SSLContext at runtime.
>
> The first option seems to be easy, the second one seems to be the more 
> robust version.
>
> The second option might be a bit confusing, if I build the test plan 
> with different jvms and the options change.

Perhaps, just one 'static' list: default, SSL (not secure), SSLv2 (not 
secure), SSLv3 (not secure), TLS, TLSv1, TLSv1.1 and TLSv1.2, and 
catching the exceptions if the jvm doesn't support the algorithm.

Like the HTTP methods, if, in the future, a new algorithm is needed, we 
can add it to the list (or use the property with the new algorithm)


>
>>
>>
>>>
>>> The same thing is probably useful for the supported CipherSuites.
>>
>> Yes probably. But the list will be long I think.
> The list will be long and probably confusing for most people.

Perhaps, offer this option only by adding a new property.

>
> I wonder if most people would just want to specify exactly one 
> CipherSuite, to test their setup and let the jvm decide in all other 
> cases.
>
> Which leads me to another question.
>
> Should the CipherSuite and Protocol be stored in the SampleResult, so 
> that one could assert on them?

No that's not a good idea, imho.

Milamber

>
> Regards
>  Felix
>>
>>
>>>
>>> What do you think?
>>>  Felix
>>>
>>
>
>


Mime
View raw message