jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George <>
Subject Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Date Tue, 09 Jun 2015 09:41:42 GMT
ok i will get the nightly build and try it out.

     Felix Schumacher <> schrieb am 19:31 Montag, 8.Juni

 Am 08.06.2015 um 15:12 schrieb George:
> Hello Felix,
>      Felix Schumacher <> schrieb am 14:58 Sonntag,
7.Juni 2015:
>  Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>> Hi George,
>> Am 03.06.2015 um 12:11 schrieb George:
>>> Hello,
>>> yes my server can do tls 1.2 perfectly and also with the above
>>> (strong) cipher.I did some more tests where i modify step by step my
>>> server configuration until it works and here are my results.
>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
>>> My is set to do tls1.2 only - but the SSL
>>> configuration is only for the http protocol and not for smtp(s).Thus
>>> i think this does not care.I have java jre 1.8 latest plus the oracle
>>> security "Unlimited Strength Java Cryptography Extension Policy
>>> Files" pakage.
>>> My jmeter test plan is very easy.
>>> One thread one smtp sampler and one "view results in tree".The SMTP
>>> Sampler target my mail server on port "465" and the checkbox "use
>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>> too.There is one Subject: hello and Email body: hello. Simple
>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>> SSL Handshake. SSL Connection established using "TLSv1
>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>> mutual ssl)
>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>> I do not found any jmeter configuration about "smtps".
>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here the
>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>> Looking on the thunderbird settings its strange but the cipher i want
>>> to use is not available. Thus i can do tls1.2 but not with my
>>> "strong" cipher.
>>> Br.George
>> I have added a few println's in TrustAllSSLSocketFactory and found,
>> that I have to change the line where the sslcontext is created first
>> by calling SSLContext.getInstance("TLS").
>> When you change that occurence of TLS to TLSv1.2 you should get a
>> TLSv1.2 connection with a string cipher suite.
>> This default setting should probably be configurable as the used
>> cipher suites.
>> After a bit more research, the behaviour seems to be different between
>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 connect
>> with getInstance("TLS"), while java 7 was not.
>> Can you double check, that you are using java 8?
> yes i'm using java 8. java -version gives me: java version "1.8.0_20".
> It's not the newest java 8 but it is java 8 for sure.
> I'm not sure what you mean about "SSLContext.getInstance("TLS") and where to change it
to "TLSv1.2" ?
You could have changed it inside the source code of the class. But don't 
bother with it anymore.
> I did some debugging test and have activated the jmeter properites to "DEBUG" (log level)
and i also put the debug on in the for ssl (all).When i configure my server
to accept TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the following:
> trigger seeding of SecureRandomdone seeding SecureRandom***ClientHello, TLSv1***ServerHello,
TLSv1%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA***
Certificate chain*** ECDH ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
> Now i change my server to only allow TLSv1.2 and then i see this:
> *** ClientHello, TLSv1
> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description = handshare_failure
> The same error if i turn on TLSv1.1.
> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
> There are some configuration properties for http(s) and this works perfectly with TLSv1.2But
not for SMTP.

I have filed a bug request 
( and submitted a fix.

Could you try it out?

The next nightly should have the fix, or you can build jmeter yourself 
from source.

> BrGeorge
>> Regards
>    > Felix
>> Regards
>>    Felix
>>>        Felix Schumacher <> schrieb
>>> 10:29 Montag, 1.Juni 2015:
>>>    Am 29.05.2015 um 13:16 schrieb George:
>>>> Hello,
>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>> SSL/TLS on standard port 465 for this connection.More i want to use
>>>> TLSv1.2 with the very strong cipher
>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
>>>> Technially if i change the configuration on my server to also accept
>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is sent
>>>> perfectly.I see in the logs that the client (jmeter) and my server
>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>> working but not with TLSv1.2.
>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>> cipher?I tried to put this in my file but seems it does
>>>> not matter?
>>>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>> The smtp sampler has no option to specify the wanted ciphersuites, so
>>> the option given above will not be used.
>>>> I also installed lates java jdk and i also installed the additional
>>>> strong security pakage and replaced the .jar files in
>>>> /usr/java/jre.../lib/security
>>> Which jdk did you install exactly?
>>> Have you checked (with openssl or something similar), that your
>>> mailserver is capable of TLSv1.2?
>>> Regards
>>>      Felix
>>>> BrGeorge
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
>>> For additional commands, e-mail:
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message