Am 20. Juli 2015 13:39:57 MESZ, schrieb George <[email protected]>: > > > >Felix Schumacher <[email protected]> schrieb am 13:25 >Freitag, 17.Juli 2015: > > > > >Am 15. Juli 2015 11:17:33 MESZ, schrieb George <[email protected]>: >>Hello, > >> Could you try to not top-post? And my mail client has problems >showing some of your new lines, which makes reading your malls harder >than it should be. > >OK sorry. I'm using the yahoo webmail client and just click "reply". > > >>i have now the r1609478 running and have set up in the >>jmeter.properties to use TLSv1.2.But this setting is only for >"http"... >>and not for smtp. Anyway i set to be TLSv1.2 > >> Right, http and smtp samplers have quite different settings. > >>It's still not running. I put the Debug on an i see on my terminal: >*** >>CelintHello, TLSv1In JMeter logger panel i see: >>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls >>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i >>try to connect on port: 465 it's not working. > >> Are these three only debug messages? Could you post the complete log >messages somewhere? It would be best to have logs from the nightly >build and the latest official build. > >> Maybe a tcpdump of both tries could help. > >Attached a screeshot of my tcpdump. As you can see the "Client Hello" >is done using TLSv1.0
I can see no screenshot it was probably stripped of by the list. And when you're at it, the complete debug logs would be nice, too :) > >>I also tried with a native mail client Thunderbird 31.4 which supports >>TLSv1.2.There it works perfectly like a charm from the beginning on. >>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2 >>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong >>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird >its >>working with at least TLSv1.2. >>Thus:My Server works perfectly and accept TLSv1.2 connections ONLY.If >a >>client try to connect with anything below TLSv1.2 then my server do >not >>accept it. > >> Is the mail server reachable via a public address, so that I could >try to access it? > >No the mail server is not public - sorry > >>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then >JMeter >>is working too. >> >> >> >>Maybe some more info.If i use JMeter and the HTTP Sampler then i can >do >>TLSv1.2 connections with the strong cipher.But for this i need to put >>this: >>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" >>in my jmeter.sh start script. >>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with >>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher = >>also not working > >> Well http and smtp tls are two different beats with respect to >jmeter. > >> Would you be able to build jmeter yourself and apply patches? > >technically yes i do have java dev. skills.I will try to get the latest >source and apply tlsv1.2 for smtp(s).Maybe we should make the same >steps for smtp(s) as for http(s) and extend the jmeter.properties >having also smtp(s) parameters?also adding support for >"-Dsmtps.cipherSuites..." would be good to apply a cipherstring you >want only to have? I will send another mail, as soon as I have a patch with more options. Regards, Felix > >BrGeorge > >>Regards, >>Felix >> >> >>BrGeorge >> >> >> >> >>Felix Schumacher <[email protected]> schrieb am 17:45 >>Mittwoch, 17.Juni 2015: >> >> >> >> >>Am 9. Juni 2015 11:41:42 MESZ, schrieb George <[email protected]>: >>>HI, >>>ok i will get the nightly build and try it out. >> >>Have you tried the nightly and did it help you? >> >>Regards, >>Felix >> >>>BrGeorge >>> >>> >>> >>>Felix Schumacher <[email protected]> schrieb am 19:31 >>>Montag, 8.Juni 2015: >>> >>> >>> Am 08.06.2015 um 15:12 schrieb George: >>>> Hello Felix, >>>> >>>> >>>> Felix Schumacher <[email protected]> schrieb >am >>>14:58 Sonntag, 7.Juni 2015: >>>> >>>> >>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher: >>>>> Hi George, >>>>> >>>>> Am 03.06.2015 um 12:11 schrieb George: >>>>>> Hello, >>>>>> yes my server can do tls 1.2 perfectly and also with the above >>>>>> (strong) cipher.I did some more tests where i modify step by step >>>my >>>>>> server configuration until it works and here are my results. >>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher >>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher >>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher >>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY >>>cipher >>>>>> >>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL >>>>>> configuration is only for the http protocol and not for >>>smtp(s).Thus >>>>>> i think this does not care.I have java jre 1.8 latest plus the >>>oracle >>>>>> security "Unlimited Strength Java Cryptography Extension Policy >>>>>> Files" pakage. >>>>>> My jmeter test plan is very easy. >>>>>> One thread one smtp sampler and one "view results in tree".The >>SMTP >>>>>> Sampler target my mail server on port "465" and the checkbox "use >>>>>> ssl" is enabled and the hook "Trust all certificates" is enabled >>>>>> too.There is one Subject: hello and Email body: hello. Simple >>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl >>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: >Perfectly >>>>>> SSL Handshake. SSL Connection established using "TLSv1 >>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means >no >>>>>> mutual ssl) >>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler >>using >>>>>> (direct) ssl on port 465 - but it only works if i activate >tls1.0. >>>>>> I do not found any jmeter configuration about "smtps". >>>>>> >>>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here >>>the >>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: >Success. >>>>>> Looking on the thunderbird settings its strange but the cipher i >>>want >>>>>> to use is not available. Thus i can do tls1.2 but not with my >>>>>> "strong" cipher. >>>>>> Br.George >>>>> I have added a few println's in TrustAllSSLSocketFactory and >found, >>>>> that I have to change the line where the sslcontext is created >>first >>>>> by calling SSLContext.getInstance("TLS"). >>>>> >>>>> When you change that occurence of TLS to TLSv1.2 you should get a >>>>> TLSv1.2 connection with a string cipher suite. >>>>> >>>>> This default setting should probably be configurable as the used >>>>> cipher suites. >>>>> After a bit more research, the behaviour seems to be different >>>between >>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 >>>connect >>>>> with getInstance("TLS"), while java 7 was not. >>>>> Can you double check, that you are using java 8? >>>> yes i'm using java 8. java -version gives me: java version >>>"1.8.0_20". >>>> It's not the newest java 8 but it is java 8 for sure. >>>> I'm not sure what you mean about "SSLContext.getInstance("TLS") and >>>where to change it to "TLSv1.2" ? >>>You could have changed it inside the source code of the class. But >>>don't >>>bother with it anymore. >>>> I did some debugging test and have activated the jmeter properites >>to >>>"DEBUG" (log level) and i also put the debug on in the >>>system.properties for ssl (all).When i configure my server to accept >>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the >>>following: >>>> trigger seeding of SecureRandomdone seeding >>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized: >>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** >>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH >>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange..... >>>> Now i change my server to only allow TLSv1.2 and then i see this: >>>> *** ClientHello, TLSv1 >>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description = >>>handshare_failure >>>> The same error if i turn on TLSv1.1. >>>> >>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter? >>>> There are some configuration properties for http(s) and this works >>>perfectly with TLSv1.2But not for SMTP. >>> >>>I have filed a bug request >>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted >a >>>fix. >>> >>>Could you try it out? >>> >>>The next nightly should have the fix, or you can build jmeter >yourself >> >>>from source. >>> >>>Regards >>> Felix >>>> BrGeorge >>>> >>>> >>>> >>>>> Regards >>>> > Felix >>>>> Regards >>>>> Felix >>>>> >>>>>> >>>>>> >>>>>> Felix Schumacher <[email protected]> >>schrieb >>>am >>>>>> 10:29 Montag, 1.Juni 2015: >>>>>> >>>>>> Am 29.05.2015 um 13:16 schrieb George: >>>>>>> Hello, >>>>>>> i try to sent a "hello" email using SMTP Sampler and want to use >>>>>>> SSL/TLS on standard port 465 for this connection.More i want to >>>use >>>>>>> TLSv1.2 with the very strong cipher >>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake >>>fail. >>>>>>> Technially if i change the configuration on my server to also >>>accept >>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is >>>sent >>>>>>> perfectly.I see in the logs that the client (jmeter) and my >>server >>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is >>>>>>> working but not with TLSv1.2. >>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above >>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it >does >>>>>>> not matter? >>>>>>> >>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" >>>>>>> >>>>>> The smtp sampler has no option to specify the wanted >ciphersuites, >>>so >>>>>> the option given above will not be used. >>>>>>> I also installed lates java jdk and i also installed the >>>additional >>>>>>> strong security pakage and replaced the .jar files in >>>>>>> /usr/java/jre.../lib/security >>>>>> Which jdk did you install exactly? >>>>>> >>>>>> Have you checked (with openssl or something similar), that your >>>>>> mailserver is capable of TLSv1.2? >>>>>> >>>>>> Regards >>>>>> Felix >>>>>>> BrGeorge >>>>>>> >>>>>>> >>>>>> >>>--------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: [email protected] >>>>>> For additional commands, e-mail: [email protected] >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>--------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>>> >>>> >>--------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>>> >>>> >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [email protected] >>>For additional commands, e-mail: [email protected] >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [email protected] >>For additional commands, e-mail: [email protected] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] > > > > > >------------------------------------------------------------------------ > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
