Am 9. Juni 2015 11:41:42 MESZ, schrieb George <[email protected]>: >HI, >ok i will get the nightly build and try it out.
Have you tried the nightly and did it help you? Regards, Felix >BrGeorge > > > >Felix Schumacher <[email protected]> schrieb am 19:31 >Montag, 8.Juni 2015: > > > Am 08.06.2015 um 15:12 schrieb George: >> Hello Felix, >> >> >> Felix Schumacher <[email protected]> schrieb am >14:58 Sonntag, 7.Juni 2015: >> >> >> Am 06.06.2015 um 17:54 schrieb Felix Schumacher: >>> Hi George, >>> >>> Am 03.06.2015 um 12:11 schrieb George: >>>> Hello, >>>> yes my server can do tls 1.2 perfectly and also with the above >>>> (strong) cipher.I did some more tests where i modify step by step >my >>>> server configuration until it works and here are my results. >>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher >>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher >>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher >>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY >cipher >>>> >>>> My jmeter.properties is set to do tls1.2 only - but the SSL >>>> configuration is only for the http protocol and not for >smtp(s).Thus >>>> i think this does not care.I have java jre 1.8 latest plus the >oracle >>>> security "Unlimited Strength Java Cryptography Extension Policy >>>> Files" pakage. >>>> My jmeter test plan is very easy. >>>> One thread one smtp sampler and one "view results in tree".The SMTP >>>> Sampler target my mail server on port "465" and the checkbox "use >>>> ssl" is enabled and the hook "Trust all certificates" is enabled >>>> too.There is one Subject: hello and Email body: hello. Simple >>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl >>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly >>>> SSL Handshake. SSL Connection established using "TLSv1 >>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no >>>> mutual ssl) >>>> OK thus it works.I can sent an email with jmeter SMTP sampler using >>>> (direct) ssl on port 465 - but it only works if i activate tls1.0. >>>> I do not found any jmeter configuration about "smtps". >>>> >>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here >the >>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success. >>>> Looking on the thunderbird settings its strange but the cipher i >want >>>> to use is not available. Thus i can do tls1.2 but not with my >>>> "strong" cipher. >>>> Br.George >>> I have added a few println's in TrustAllSSLSocketFactory and found, >>> that I have to change the line where the sslcontext is created first >>> by calling SSLContext.getInstance("TLS"). >>> >>> When you change that occurence of TLS to TLSv1.2 you should get a >>> TLSv1.2 connection with a string cipher suite. >>> >>> This default setting should probably be configurable as the used >>> cipher suites. >>> After a bit more research, the behaviour seems to be different >between >>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 >connect >>> with getInstance("TLS"), while java 7 was not. >>> Can you double check, that you are using java 8? >> yes i'm using java 8. java -version gives me: java version >"1.8.0_20". >> It's not the newest java 8 but it is java 8 for sure. >> I'm not sure what you mean about "SSLContext.getInstance("TLS") and >where to change it to "TLSv1.2" ? >You could have changed it inside the source code of the class. But >don't >bother with it anymore. >> I did some debugging test and have activated the jmeter properites to >"DEBUG" (log level) and i also put the debug on in the >system.properties for ssl (all).When i configure my server to accept >TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the >following: >> trigger seeding of SecureRandomdone seeding >SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized: >[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** >TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH >ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange..... >> Now i change my server to only allow TLSv1.2 and then i see this: >> *** ClientHello, TLSv1 >> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description = >handshare_failure >> The same error if i turn on TLSv1.1. >> >> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter? >> There are some configuration properties for http(s) and this works >perfectly with TLSv1.2But not for SMTP. > >I have filed a bug request >(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a >fix. > >Could you try it out? > >The next nightly should have the fix, or you can build jmeter yourself >from source. > >Regards > Felix >> BrGeorge >> >> >> >>> Regards >> > Felix >>> Regards >>> Felix >>> >>>> >>>> >>>> Felix Schumacher <[email protected]> schrieb >am >>>> 10:29 Montag, 1.Juni 2015: >>>> >>>> Am 29.05.2015 um 13:16 schrieb George: >>>>> Hello, >>>>> i try to sent a "hello" email using SMTP Sampler and want to use >>>>> SSL/TLS on standard port 465 for this connection.More i want to >use >>>>> TLSv1.2 with the very strong cipher >>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake >fail. >>>>> Technially if i change the configuration on my server to also >accept >>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is >sent >>>>> perfectly.I see in the logs that the client (jmeter) and my server >>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is >>>>> working but not with TLSv1.2. >>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above >>>>> cipher?I tried to put this in my jmeter.sh file but seems it does >>>>> not matter? >>>>> >JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" >>>>> >>>> The smtp sampler has no option to specify the wanted ciphersuites, >so >>>> the option given above will not be used. >>>>> I also installed lates java jdk and i also installed the >additional >>>>> strong security pakage and replaced the .jar files in >>>>> /usr/java/jre.../lib/security >>>> Which jdk did you install exactly? >>>> >>>> Have you checked (with openssl or something similar), that your >>>> mailserver is capable of TLSv1.2? >>>> >>>> Regards >>>> Felix >>>>> BrGeorge >>>>> >>>>> >>>> >--------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>>> >>> >>> >--------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
