Hello Felix,
Felix Schumacher <[email protected]> schrieb am 14:58
Sonntag, 7.Juni 2015:
Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
> Hi George,
>
> Am 03.06.2015 um 12:11 schrieb George:
>> Hello,
>> yes my server can do tls 1.2 perfectly and also with the above
>> (strong) cipher.I did some more tests where i modify step by step my
>> server configuration until it works and here are my results.
>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
>>
>> My jmeter.properties is set to do tls1.2 only - but the SSL
>> configuration is only for the http protocol and not for smtp(s).Thus
>> i think this does not care.I have java jre 1.8 latest plus the oracle
>> security "Unlimited Strength Java Cryptography Extension Policy
>> Files" pakage.
>> My jmeter test plan is very easy.
>> One thread one smtp sampler and one "view results in tree".The SMTP
>> Sampler target my mail server on port "465" and the checkbox "use
>> ssl" is enabled and the hook "Trust all certificates" is enabled
>> too.There is one Subject: hello and Email body: hello. Simple
>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>> SSL Handshake. SSL Connection established using "TLSv1
>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>> mutual ssl)
>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>> I do not found any jmeter configuration about "smtps".
>>
>> I did some further tests wirh thunderbird 31.4 (on a linux).Here the
>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>> Looking on the thunderbird settings its strange but the cipher i want
>> to use is not available. Thus i can do tls1.2 but not with my
>> "strong" cipher.
>> Br.George
> I have added a few println's in TrustAllSSLSocketFactory and found,
> that I have to change the line where the sslcontext is created first
> by calling SSLContext.getInstance("TLS").
>
> When you change that occurence of TLS to TLSv1.2 you should get a
> TLSv1.2 connection with a string cipher suite.
>
> This default setting should probably be configurable as the used
> cipher suites.
> After a bit more research, the behaviour seems to be different between
> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 connect
> with getInstance("TLS"), while java 7 was not.
> Can you double check, that you are using java 8?
yes i'm using java 8. java -version gives me: java version "1.8.0_20".
It's not the newest java 8 but it is java 8 for sure.
I'm not sure what you mean about "SSLContext.getInstance("TLS") and where to
change it to "TLSv1.2" ?
I did some debugging test and have activated the jmeter properites to "DEBUG"
(log level) and i also put the debug on in the system.properties for ssl
(all).When i configure my server to accept TLSv1.0, TLSv1.1 and TLSv1.2 then
jmeter ssl works and i see the following:
trigger seeding of SecureRandomdone seeding SecureRandom***ClientHello,
TLSv1***ServerHello, TLSv1%% Initialized: [Session-1,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA***
Certificate chain*** ECDH ServerKeyExchange***
ServerHelloDone***ECDHClientKeyExchange.....
Now i change my server to only allow TLSv1.2 and then i see this:
*** ClientHello, TLSv1
and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
handshare_failure
The same error if i turn on TLSv1.1.
Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
There are some configuration properties for http(s) and this works perfectly
with TLSv1.2But not for SMTP.
BrGeorge
> Regards
> Felix
>
> Regards
> Felix
>
>>
>>
>>
>> Felix Schumacher <[email protected]> schrieb am
>> 10:29 Montag, 1.Juni 2015:
>>
>> Am 29.05.2015 um 13:16 schrieb George:
>>> Hello,
>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>> SSL/TLS on standard port 465 for this connection.More i want to use
>>> TLSv1.2 with the very strong cipher
>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
>>> Technially if i change the configuration on my server to also accept
>>> TLSv1.1 and v1.0 then the SSL connection works and the email is sent
>>> perfectly.I see in the logs that the client (jmeter) and my server
>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>> working but not with TLSv1.2.
>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>> not matter?
>>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>
>> The smtp sampler has no option to specify the wanted ciphersuites, so
>> the option given above will not be used.
>>> I also installed lates java jdk and i also installed the additional
>>> strong security pakage and replaced the .jar files in
>>> /usr/java/jre.../lib/security
>> Which jdk did you install exactly?
>>
>> Have you checked (with openssl or something similar), that your
>> mailserver is capable of TLSv1.2?
>>
>> Regards
>> Felix
>>> BrGeorge
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
