Hi George,
Am 03.06.2015 um 12:11 schrieb George:
Hello,
yes my server can do tls 1.2 perfectly and also with the above (strong)
cipher.I did some more tests where i modify step by step my server
configuration until it works and here are my results.
Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Test 2:My server allows ONLY tls 1.2 and ANY cipher
Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
My jmeter.properties is set to do tls1.2 only - but the SSL configuration is only for the
http protocol and not for smtp(s).Thus i think this does not care.I have java jre 1.8
latest plus the oracle security "Unlimited Strength Java Cryptography Extension
Policy Files" pakage.
My jmeter test plan is very easy.
One thread one smtp sampler and one "view results in tree".The SMTP Sampler target my mail server on port
"465" and the checkbox "use ssl" is enabled and the hook "Trust all certificates" is
enabled too.There is one Subject: hello and Email body: hello. Simple
Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl handshakeTest 3: Fail - no ssl
handshakeTest 4: Success: Perfectly SSL Handshake. SSL Connection established using
"TLSv1 ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
mutual ssl)
OK thus it works.I can sent an email with jmeter SMTP sampler using (direct)
ssl on port 465 - but it only works if i activate tls1.0.
I do not found any jmeter configuration about "smtps".
I did some further tests wirh thunderbird 31.4 (on a linux).Here the
results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
Looking on the thunderbird settings its strange but the cipher i want to use is not
available. Thus i can do tls1.2 but not with my "strong" cipher.
Br.George
I have added a few println's in TrustAllSSLSocketFactory and found, that
I have to change the line where the sslcontext is created first by
calling SSLContext.getInstance("TLS").
When you change that occurence of TLS to TLSv1.2 you should get a
TLSv1.2 connection with a string cipher suite.
This default setting should probably be configurable as the used cipher
suites.
Regards
Felix
Felix Schumacher <[email protected]> schrieb am 10:29
Montag, 1.Juni 2015:
Am 29.05.2015 um 13:16 schrieb George:
Hello,
i try to sent a "hello" email using SMTP Sampler and want to use SSL/TLS on standard port
465 for this connection.More i want to use TLSv1.2 with the very strong cipher
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
Technially if i change the configuration on my server to also accept TLSv1.1
and v1.0 then the SSL connection works and the email is sent perfectly.I see in
the logs that the client (jmeter) and my server aggreed on a cipher comming
from TLS1.0.Thus in general SSL is working but not with TLSv1.2.
Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above cipher?I tried
to put this in my jmeter.sh file but seems it does not matter?
JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
The smtp sampler has no option to specify the wanted ciphersuites, so
the option given above will not be used.
I also installed lates java jdk and i also installed the additional strong
security pakage and replaced the .jar files in /usr/java/jre.../lib/security
Which jdk did you install exactly?
Have you checked (with openssl or something similar), that your
mailserver is capable of TLSv1.2?
Regards
Felix
BrGeorge
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
