https://issues.apache.org/bugzilla/show_bug.cgi?id=56357
--- Comment #11 from Sebb <[email protected]> --- (In reply to Milamber from comment #9) > I'm not sure of the reason of your comment, it's a Java issue. The Java > (security) team have change the minimal signature algorithm and key size > with latest Java7/8 version. Agreed, it is a Java change. > JMeter stops "works" because the signalg and > keysize are incorrect (on JMeter proxy tool with websites which don't expose > SSLv3/MD2/1024bits SSL cipher/algo/key size). The original description is not about the Proxy, it is about the HTTPS Sampler. Also, it looks as though the problem is that the certificate that is returned by the server is no longer acceptable. Does the server return a different certificate if JMeter connects with a different cipher? > The objective is to have a JMeter tool which works with Java lastest of > version 7 and 8 (and 6). On my mind, it's normal (and secure) to update my > Java version to avoid security issue, and have a JMeter (default install) > works. There are two issues here. Updating the default SSL cipher if necessary. Updating JMeter - if possible - so it still works against sites that return outdated certificates. If it's not possible to change the JVM behaviour at run-time, then ensure that we document how to fix the problem. Possibly detect the specific failure message and log a message pointing to the docn. -- You are receiving this mail because: You are the assignee for the bug.
