On 25 August 2012 15:22, Milamber <[email protected]> wrote: > Hello, > > For the next release, I propose: > > a) Since JMeter 2.4 and the capabilities to record HTTPS request by JMeter > proxy, I propose to remove the options "Attempt HTTPS Spoofing" and "Only > spoof URLS matching" on the HTTP Proxy Server element.
OK. > b1) renew the JMeter self-certificat (current expire date is 2014-08-04, to > a long period (20 years) Not so sure about that; it was deliberately chosen to expire so it could not be forgotten. > b2) Extract from the file proxyserver.jks the public (fake) key Apache > JMeter to a PEM format, in a file "proxyserver.pem". OK > b3) Add some sentences in the proxy documentation to invite the user to add > this public key as a trusted CA in their browser or OS's certificat manager > to permit the recording of a https session with JMeter proxy (and remove it > at the end of record). I think that is a bad idea. The fake key should never be added as trusted. Far too easy for it to be accidentally left enabled. > (or Accept temporary the certificate from the browser) OK. > c) Make HTTPClient 3.1 to the default HTTP Request (and Proxy generated > request) Why not default to HC4 ? HC3.1 is end-of-line and won't be developed further. If we don't feel we are ready to make HC4 the default, I think it should be left unchanged. > If you are OK, I can make the changes for this points. It would be easier to track these as separate Bugzilla issues. > Thanks in advance for your feedback or your agree. > > Milamber
