jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From UBIK LOAD PACK Support <supp...@ubikloadpack.com>
Subject Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Date Tue, 14 Jul 2015 15:23:58 GMT
Hi,
Did you follow install instructions:

- Download the _bin and _lib files
Unpack the archives into the same directory structure
The other archives are not needed to run JMeter.

http://jmeter.apache.org/nightly.html

On Tuesday, July 14, 2015, George <bamboocha324@yahoo.de> wrote:

> HI,
> i will try it.I got the lates nightly build but it seems is broken?
> Try to start jmeter it gives me some ClassNotFoundExceptions.I have lates
> java 1.8.45 installed (which has by the way some 0day :P :()
>
>
>
>
>      Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am 17:45 Mittwoch, 17.Juni 2015:
>
>
>
>
> Am 9. Juni 2015 11:41:42 MESZ, schrieb George <bamboocha324@yahoo.de
> <javascript:;>>:
> >HI,
> >ok i will get the nightly build and try it out.
>
> Have you tried the nightly and did it help you?
>
> Regards,
> Felix
>
> >BrGeorge
> >
> >
> >
> >Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am 19:31
> >Montag, 8.Juni 2015:
> >
> >
> > Am 08.06.2015 um 15:12 schrieb George:
> >> Hello Felix,
> >>
> >>
> >>      Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am
> >14:58 Sonntag, 7.Juni 2015:
> >>
> >>
> >>  Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
> >>> Hi George,
> >>>
> >>> Am 03.06.2015 um 12:11 schrieb George:
> >>>> Hello,
> >>>> yes my server can do tls 1.2 perfectly and also with the above
> >>>> (strong) cipher.I did some more tests where i modify step by step
> >my
> >>>> server configuration until it works and here are my results.
> >>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
> >>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> >>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
> >>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
> >>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
> >cipher
> >>>>
> >>>> My jmeter.properties is set to do tls1.2 only - but the SSL
> >>>> configuration is only for the http protocol and not for
> >smtp(s).Thus
> >>>> i think this does not care.I have java jre 1.8 latest plus the
> >oracle
> >>>> security "Unlimited Strength Java Cryptography Extension Policy
> >>>> Files" pakage.
> >>>> My jmeter test plan is very easy.
> >>>> One thread one smtp sampler and one "view results in tree".The SMTP
> >>>> Sampler target my mail server on port "465" and the checkbox "use
> >>>> ssl" is enabled and the hook "Trust all certificates" is enabled
> >>>> too.There is one Subject: hello and Email body: hello. Simple
> >>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
> >>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
> >>>> SSL Handshake. SSL Connection established using "TLSv1
> >>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
> >>>> mutual ssl)
> >>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
> >>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
> >>>> I do not found any jmeter configuration about "smtps".
> >>>>
> >>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
> >the
> >>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
> >>>> Looking on the thunderbird settings its strange but the cipher i
> >want
> >>>> to use is not available. Thus i can do tls1.2 but not with my
> >>>> "strong" cipher.
> >>>> Br.George
> >>> I have added a few println's in TrustAllSSLSocketFactory and found,
> >>> that I have to change the line where the sslcontext is created first
> >>> by calling SSLContext.getInstance("TLS").
> >>>
> >>> When you change that occurence of TLS to TLSv1.2 you should get a
> >>> TLSv1.2 connection with a string cipher suite.
> >>>
> >>> This default setting should probably be configurable as the used
> >>> cipher suites.
> >>> After a bit more research, the behaviour seems to be different
> >between
> >>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
> >connect
> >>> with getInstance("TLS"), while java 7 was not.
> >>> Can you double check, that you are using java 8?
> >> yes i'm using java 8. java -version gives me: java version
> >"1.8.0_20".
> >> It's not the newest java 8 but it is java 8 for sure.
> >> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
> >where to change it to "TLSv1.2" ?
> >You could have changed it inside the source code of the class. But
> >don't
> >bother with it anymore.
> >> I did some debugging test and have activated the jmeter properites to
> >"DEBUG" (log level) and i also put the debug on in the
> >system.properties for ssl (all).When i configure my server to accept
> >TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
> >following:
> >> trigger seeding of SecureRandomdone seeding
> >SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
> >[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
> >TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
> >ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
> >> Now i change my server to only allow TLSv1.2 and then i see this:
> >> *** ClientHello, TLSv1
> >> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
> >handshare_failure
> >> The same error if i turn on TLSv1.1.
> >>
> >> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
> >> There are some configuration properties for http(s) and this works
> >perfectly with TLSv1.2But not for SMTP.
> >
> >I have filed a bug request
> >(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
> >fix.
> >
> >Could you try it out?
> >
> >The next nightly should have the fix, or you can build jmeter yourself
> >from source.
> >
> >Regards
> >  Felix
> >> BrGeorge
> >>
> >>
> >>
> >>> Regards
> >>    > Felix
> >>> Regards
> >>>    Felix
> >>>
> >>>>
> >>>>
> >>>>        Felix Schumacher <felix.schumacher@internetallee.de
> <javascript:;>> schrieb
> >am
> >>>> 10:29 Montag, 1.Juni 2015:
> >>>>
> >>>>    Am 29.05.2015 um 13:16 schrieb George:
> >>>>> Hello,
> >>>>> i try to sent a "hello" email using SMTP Sampler and want to use
> >>>>> SSL/TLS on standard port 465 for this connection.More i want to
> >use
> >>>>> TLSv1.2 with the very strong cipher
> >>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
> >fail.
> >>>>> Technially if i change the configuration on my server to also
> >accept
> >>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
> >sent
> >>>>> perfectly.I see in the logs that the client (jmeter) and my server
> >>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
> >>>>> working but not with TLSv1.2.
> >>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
> >>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
> >>>>> not matter?
> >>>>>
> >JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
> >>>>>
> >>>> The smtp sampler has no option to specify the wanted ciphersuites,
> >so
> >>>> the option given above will not be used.
> >>>>> I also installed lates java jdk and i also installed the
> >additional
> >>>>> strong security pakage and replaced the .jar files in
> >>>>> /usr/java/jre.../lib/security
> >>>> Which jdk did you install exactly?
> >>>>
> >>>> Have you checked (with openssl or something similar), that your
> >>>> mailserver is capable of TLSv1.2?
> >>>>
> >>>> Regards
> >>>>      Felix
> >>>>> BrGeorge
> >>>>>
> >>>>>
> >>>>
> >---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >>>> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >>> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>
> >>
> >>
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org <javascript:;>
> >For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org <javascript:;>
> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
>
>
>
>



-- 

Regards
Ubik Load Pack <http://ubikloadpack.com> Team
Follow us on Twitter <http://twitter.com/ubikloadpack>


Cordialement
L'équipe Ubik Load Pack <http://ubikloadpack.com>
Suivez-nous sur Twitter <http://twitter.com/ubikloadpack>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message