jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George <bamboocha...@yahoo.de>
Subject Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Date Tue, 14 Jul 2015 14:58:47 GMT
HI,
i will try it.I got the lates nightly build but it seems is broken? 
Try to start jmeter it gives me some ClassNotFoundExceptions.I have lates java 1.8.45 installed
(which has by the way some 0day :P :()

 


     Felix Schumacher <felix.schumacher@internetallee.de> schrieb am 17:45 Mittwoch,
17.Juni 2015:
   

 

Am 9. Juni 2015 11:41:42 MESZ, schrieb George <bamboocha324@yahoo.de>:
>HI,
>ok i will get the nightly build and try it out.

Have you tried the nightly and did it help you? 

Regards,
Felix

>BrGeorge
> 
>
>
>Felix Schumacher <felix.schumacher@internetallee.de> schrieb am 19:31
>Montag, 8.Juni 2015:
>  
>
> Am 08.06.2015 um 15:12 schrieb George:
>> Hello Felix,
>>
>>
>>      Felix Schumacher <felix.schumacher@internetallee.de> schrieb am
>14:58 Sonntag, 7.Juni 2015:
>>    
>>
>>  Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>> Hi George,
>>>
>>> Am 03.06.2015 um 12:11 schrieb George:
>>>> Hello,
>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>> (strong) cipher.I did some more tests where i modify step by step
>my
>>>> server configuration until it works and here are my results.
>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>cipher
>>>>
>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>> configuration is only for the http protocol and not for
>smtp(s).Thus
>>>> i think this does not care.I have java jre 1.8 latest plus the
>oracle
>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>> Files" pakage.
>>>> My jmeter test plan is very easy.
>>>> One thread one smtp sampler and one "view results in tree".The SMTP
>>>> Sampler target my mail server on port "465" and the checkbox "use
>>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>>> mutual ssl)
>>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>>> I do not found any jmeter configuration about "smtps".
>>>>
>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
>the
>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>>> Looking on the thunderbird settings its strange but the cipher i
>want
>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>> "strong" cipher.
>>>> Br.George
>>> I have added a few println's in TrustAllSSLSocketFactory and found,
>>> that I have to change the line where the sslcontext is created first
>>> by calling SSLContext.getInstance("TLS").
>>>
>>> When you change that occurence of TLS to TLSv1.2 you should get a
>>> TLSv1.2 connection with a string cipher suite.
>>>
>>> This default setting should probably be configurable as the used
>>> cipher suites.
>>> After a bit more research, the behaviour seems to be different
>between
>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>connect
>>> with getInstance("TLS"), while java 7 was not.
>>> Can you double check, that you are using java 8?
>> yes i'm using java 8. java -version gives me: java version
>"1.8.0_20".
>> It's not the newest java 8 but it is java 8 for sure.
>> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
>where to change it to "TLSv1.2" ?
>You could have changed it inside the source code of the class. But
>don't 
>bother with it anymore.
>> I did some debugging test and have activated the jmeter properites to
>"DEBUG" (log level) and i also put the debug on in the
>system.properties for ssl (all).When i configure my server to accept
>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>following:
>> trigger seeding of SecureRandomdone seeding
>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>> Now i change my server to only allow TLSv1.2 and then i see this:
>> *** ClientHello, TLSv1
>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
>handshare_failure
>> The same error if i turn on TLSv1.1.
>>
>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>> There are some configuration properties for http(s) and this works
>perfectly with TLSv1.2But not for SMTP.
>
>I have filed a bug request 
>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
>fix.
>
>Could you try it out?
>
>The next nightly should have the fix, or you can build jmeter yourself 
>from source.
>
>Regards
>  Felix
>> BrGeorge
>>
>>
>>
>>> Regards
>>    > Felix
>>> Regards
>>>    Felix
>>>
>>>>
>>>>
>>>>        Felix Schumacher <felix.schumacher@internetallee.de> schrieb
>am
>>>> 10:29 Montag, 1.Juni 2015:
>>>>
>>>>    Am 29.05.2015 um 13:16 schrieb George:
>>>>> Hello,
>>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>>> SSL/TLS on standard port 465 for this connection.More i want to
>use
>>>>> TLSv1.2 with the very strong cipher
>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
>fail.
>>>>> Technially if i change the configuration on my server to also
>accept
>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
>sent
>>>>> perfectly.I see in the logs that the client (jmeter) and my server
>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>> working but not with TLSv1.2.
>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>>>> not matter?
>>>>>
>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>
>>>> The smtp sampler has no option to specify the wanted ciphersuites,
>so
>>>> the option given above will not be used.
>>>>> I also installed lates java jdk and i also installed the
>additional
>>>>> strong security pakage and replaced the .jar files in
>>>>> /usr/java/jre.../lib/security
>>>> Which jdk did you install exactly?
>>>>
>>>> Have you checked (with openssl or something similar), that your
>>>> mailserver is capable of TLSv1.2?
>>>>
>>>> Regards
>>>>      Felix
>>>>> BrGeorge
>>>>>
>>>>>
>>>>
>---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>>
>>>>
>>>
>>>
>---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>
>>    
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org



  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message