svn commit: r1818839 - in /jmeter/trunk: src/core/org/apache/jmeter/util/HttpSSLProtocolSocketFactory.java xdocs/changes.xml xdocs/usermanual/properties_reference.xml

Wed, 20 Dec 2017 09:51:13 -0800 

Author: pmouawad
Date: Wed Dec 20 17:50:52 2017
New Revision: 1818839

URL: http://svn.apache.org/viewvc?rev=1818839&view=rev
Log:
Bug 61901 - Support for https.cipherSuites property
Contributed by  Jeremy Arnold 
Bugzilla Id: 61901

Modified:
    
jmeter/trunk/src/core/org/apache/jmeter/util/HttpSSLProtocolSocketFactory.java
    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/usermanual/properties_reference.xml

Modified: 
jmeter/trunk/src/core/org/apache/jmeter/util/HttpSSLProtocolSocketFactory.java
URL: 
http://svn.apache.org/viewvc/jmeter/trunk/src/core/org/apache/jmeter/util/HttpSSLProtocolSocketFactory.java?rev=1818839&r1=1818838&r2=1818839&view=diff
==============================================================================
--- 
jmeter/trunk/src/core/org/apache/jmeter/util/HttpSSLProtocolSocketFactory.java 
(original)
+++ 
jmeter/trunk/src/core/org/apache/jmeter/util/HttpSSLProtocolSocketFactory.java 
Wed Dec 20 17:50:52 2017
@@ -45,12 +45,17 @@ public class HttpSSLProtocolSocketFactor
 
     private static final String[] protocols = PROTOCOL_LIST.split(" "); // 
$NON-NLS-1$
 
+    private static final String CIPHER_LIST =
+            JMeterUtils.getPropDefault("https.cipherSuites", ""); // 
$NON-NLS-1$ $NON-NLS-2$
+    
+    private static final String[] ciphers = CIPHER_LIST.split(", *"); // 
$NON-NLS-1$
+    
     static {
         if (!PROTOCOL_LIST.isEmpty()) {
-            log.info("Using protocol list: {}", PROTOCOL_LIST);
+            log.info("Using protocol list:{} and cipher list: {}", 
PROTOCOL_LIST, CIPHER_LIST);
         }
     }
-
+    
     private final JsseSSLManager sslManager;
 
     private final int CPS; // Characters per second to emulate
@@ -81,6 +86,17 @@ public class HttpSSLProtocolSocketFactor
                 }
             }
         }
+
+        if (!CIPHER_LIST.isEmpty()) {
+            try {
+                sock.setEnabledCipherSuites(ciphers);
+            } catch (IllegalArgumentException e) {
+                if (log.isWarnEnabled()) {
+                    log.warn("Could not set cipher list: {}.", CIPHER_LIST);
+                    log.warn("Valid ciphers are: {}", 
join(sock.getSupportedCipherSuites()));
+                }
+            }
+        }
     }
 
     private String join(String[] strings) {

Modified: jmeter/trunk/xdocs/changes.xml
URL: 
http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1818839&r1=1818838&r2=1818839&view=diff
==============================================================================
--- jmeter/trunk/xdocs/changes.xml [utf-8] (original)
+++ jmeter/trunk/xdocs/changes.xml [utf-8] Wed Dec 20 17:50:52 2017
@@ -100,6 +100,7 @@ Summary
     <li><bug>53957</bug>HTTP Request: In Parameters tab, allow pasting of 
content coming from Firefox and Chrome (unparsed)</li>
     <li><bug>61587</bug>Drop properties 
<code>sampleresult.getbytes.headers_size</code> and 
<code>sampleresult.getbytes.body_real_size</code></li>
     <li><bug>61843</bug>HTTP(S) Test Script Recorder: Add SAN to JMeter 
generated CA Certificate. Contributed by Matthew Buckett</li>
+    <li><bug>61901</bug>Support for <code>https.cipherSuites</code> System 
property. Contributed by Jeremy Arnold (jeremy at arnoldzoo.org)</li>
 </ul>
 
 <h3>Other samplers</h3>
@@ -290,6 +291,7 @@ Summary
     <li>Matthew Buckett (https://github.com/buckett)</li>
     <li>Helly Guo (https://github.com/hellyguo)</li>
     <li>Peter Doornbosch (https://bitbucket.org/pjtr/)</li>
+    <li>Jeremy Arnold (jeremy at arnoldzoo.org)</li>
 </ul>
 <p>We also thank bug reporters who helped us improve JMeter. <br/>
 For this release we want to give special thanks to the following reporters for 
the clear reports and tests made after our fixes:</p>

Modified: jmeter/trunk/xdocs/usermanual/properties_reference.xml
URL: 
http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/properties_reference.xml?rev=1818839&r1=1818838&r2=1818839&view=diff
==============================================================================
--- jmeter/trunk/xdocs/usermanual/properties_reference.xml (original)
+++ jmeter/trunk/xdocs/usermanual/properties_reference.xml Wed Dec 20 17:50:52 
2017
@@ -83,9 +83,10 @@ These properties are only taken into acc
 </section>
 <section name="&sect-num;.3 SSL configuration" anchor="ssl_config">
 <note>SSL (Java) System properties are now in 
<code>system.properties</code><br/> 
-JMeter no longer converts <code>javax.<em>xxx</em></code> property entries in 
this file into System properties.<br/>
-These must now be defined in the <code>system.properties</code> file or on the 
command-line.<br/>
-The <code>system.properties</code> file gives more flexibility.</note>
+JMeter no longer converts <code>javax.<em>xxx</em></code> property entries in
+<code>jmeter.properties</code> into System properties. These must now be
+defined in the <code>system.properties</code> file or on the command-line. The
+<code>system.properties</code> file gives more flexibility.</note>
 <properties>
 <property name="https.sessioncontext.shared">
     By default, SSL session contexts are now created per-thread, rather than 
being shared.<br/>
@@ -105,6 +106,19 @@ The <code>system.properties</code> file
     or <code>java.net.SocketException: Connection reset</code>.<br/>
     See <bugzilla>54759</bugzilla>, example: 
<source>https.socket.protocols=SSLv2Hello SSLv3 TLSv1</source>
 </property>
+<property name="https.cipherSuites">
+    Comma-separated list of SSL cipher suites that may be used in HTTPS
+    connections.  It may be desirable to use a subset of cipher suites in order
+    to match expected client behavior or to reduce encryption overhead in
+    JMeter when running with large numbers of users. Errors may occur if the
+    JVM does not support the specified cipher suites, or if the cipher suites
+    supported by the HTTPS server do not overlap this list.  See the
+    <a 
href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization";>JSSE
+           Reference Guide.</a><br/>
+    For example: 
<source>https.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256</source>
+    If not specified, JMeter will use the default list of cipher suites
+    supported by the JVM.
+</property>
 <property name="https.use.cached.ssl.context">
     Control if we allow reuse of cached SSL context between iterations.<br/>
     Set the value to <code>false</code> to reset the SSL context each 
iteration.<br/>
@@ -606,8 +620,8 @@ JMETER-SERVER</source>
 <property name="jmeter.save.saveservice.default_delimiter">
     For use with Comma-separated value (CSV) files or other formats where the 
fields' values
     are separated by specified delimiters.<br/>
-    <note>For TAB, since JMeter version 2.3 one can use <code>\t</code></note>
     Defaults to: <code>,</code>
+    <note>For TAB, one can use <code>\t</code></note>
 </property>
 <property name="jmeter.save.saveservice.print_field_names">
     Only applies to CSV format files:<br/>

Reply via email to