[Bug 57935] New: SSL SNI extension not supported by HttpClient 4.2.6

Tue, 19 May 2015 00:26:30 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=57935

            Bug ID: 57935
           Summary: SSL SNI extension not supported by HttpClient 4.2.6
           Product: JMeter
           Version: 2.13
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: HTTP
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 32743
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=32743&action=edit
JMX to reproduce the issue

I was undergoing tests on our AWS platform and JMeter was failing to query
HTTPS CloudFront urls. The following exception happens when executing an HTTP
Sampler with HC4 implementation:

> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>       at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>       at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>       at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2011)
>       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1113)
>       at > 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
...

After investigating more about this issue, i found out the bug is related to
the Server Name Extension.

HTTPClient 4.2.x sends the following handshake:

> Thread Group 1-1, WRITE: TLSv1.2 Handshake, length = 207
> Thread Group 1-1, READ: TLSv1.2 Alert, length = 2
> Thread Group 1-1, RECV TLSv1.2 ALERT:  fatal, handshake_failure
> Thread Group 1-1, called closeSocket()
> Thread Group 1-1, handling exception: javax.net.ssl.SSLHandshakeException: > 
> Received fatal alert: handshake_failure

HTTPClient 3.1 which works fine, it sends the following handshake:

> Extension server_name, server_name: [type=host_name (0), > 
> value=d1lto7any9tcj3.cloudfront.net]
> ***
> Thread Group 1-1, WRITE: TLSv1.2 Handshake, length = 245
> Thread Group 1-1, READ: TLSv1.2 Handshake, length = 61
> *** ServerHello, TLSv1.2

The current version of JMeter's HttpClient (4.2.6) has a major SSL issue, it
does not support SSL Server Name Extension (SNI):
https://issues.apache.org/jira/browse/HTTPCLIENT-1119

As HTTPClient 3.1 will be discontinued and usage is discouraged, we should
upgrade HTTPClient to the latest version to benefit bug fixes and improvements.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to