Am 20. Juli 2015 20:56:55 MESZ, schrieb Felix Schumacher <[email protected]>: > > >Am 20. Juli 2015 13:39:57 MESZ, schrieb George <[email protected]>: >> >> >> >>Felix Schumacher <[email protected]> schrieb am 13:25 >>Freitag, 17.Juli 2015: >> >> >> >> >>Am 15. Juli 2015 11:17:33 MESZ, schrieb George ><[email protected]>: >>>Hello, >> >>> Could you try to not top-post? And my mail client has problems >>showing some of your new lines, which makes reading your malls harder >>than it should be. >> >>OK sorry. I'm using the yahoo webmail client and just click "reply". >> >> >>>i have now the r1609478 running and have set up in the >>>jmeter.properties to use TLSv1.2.But this setting is only for >>"http"... >>>and not for smtp. Anyway i set to be TLSv1.2 >> >>> Right, http and smtp samplers have quite different settings. >> >>>It's still not running. I put the Debug on an i see on my terminal: >>*** >>>CelintHello, TLSv1In JMeter logger panel i see: >>>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls >>>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i >>>try to connect on port: 465 it's not working. >> >>> Are these three only debug messages? Could you post the complete log >>messages somewhere? It would be best to have logs from the nightly >>build and the latest official build. >> >>> Maybe a tcpdump of both tries could help. >> >>Attached a screeshot of my tcpdump. As you can see the "Client Hello" >>is done using TLSv1.0 > >I can see no screenshot it was probably stripped of by the list. > >And when you're at it, the complete debug logs would be nice, too :) > >> >>>I also tried with a native mail client Thunderbird 31.4 which >supports >>>TLSv1.2.There it works perfectly like a charm from the beginning on. >>>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2 >>>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong >>>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird >>its >>>working with at least TLSv1.2. >>>Thus:My Server works perfectly and accept TLSv1.2 connections ONLY.If >>a >>>client try to connect with anything below TLSv1.2 then my server do >>not >>>accept it. >> >>> Is the mail server reachable via a public address, so that I could >>try to access it? >> >>No the mail server is not public - sorry >> >>>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then >>JMeter >>>is working too. >>> >>> >>> >>>Maybe some more info.If i use JMeter and the HTTP Sampler then i can >>do >>>TLSv1.2 connections with the strong cipher.But for this i need to put >>>this: >>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" >>>in my jmeter.sh start script. >>>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with >>>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher = >>>also not working >> >>> Well http and smtp tls are two different beats with respect to >>jmeter. >> >>> Would you be able to build jmeter yourself and apply patches? >> >>technically yes i do have java dev. skills.I will try to get the >latest >>source and apply tlsv1.2 for smtp(s).Maybe we should make the same >>steps for smtp(s) as for http(s) and extend the jmeter.properties >>having also smtp(s) parameters?also adding support for >>"-Dsmtps.cipherSuites..." would be good to apply a cipherstring you >>want only to have? > >I will send another mail, as soon as I have a patch with more options.
OK, I think I have found the issue. The constants for ssl protocols differ for smtp (startTLS) and smtps. You have to find the string "mail.smtp.ssl.protocols" in src/protocol/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java amd replace it with "mail."+protocol+".ssl.protocols". I had tested Port 25 with startTLS and you are using smtps, so it worked for me and didn't work for you. Please try it out. Regards, Felix > >Regards, >Felix > >> >>BrGeorge >> >>>Regards, >>>Felix >>> >>> >>>BrGeorge >>> >>> >>> >>> >>>Felix Schumacher <[email protected]> schrieb am 17:45 >>>Mittwoch, 17.Juni 2015: >>> >>> >>> >>> >>>Am 9. Juni 2015 11:41:42 MESZ, schrieb George ><[email protected]>: >>>>HI, >>>>ok i will get the nightly build and try it out. >>> >>>Have you tried the nightly and did it help you? >>> >>>Regards, >>>Felix >>> >>>>BrGeorge >>>> >>>> >>>> >>>>Felix Schumacher <[email protected]> schrieb am >19:31 >>>>Montag, 8.Juni 2015: >>>> >>>> >>>> Am 08.06.2015 um 15:12 schrieb George: >>>>> Hello Felix, >>>>> >>>>> >>>>> Felix Schumacher <[email protected]> schrieb >>am >>>>14:58 Sonntag, 7.Juni 2015: >>>>> >>>>> >>>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher: >>>>>> Hi George, >>>>>> >>>>>> Am 03.06.2015 um 12:11 schrieb George: >>>>>>> Hello, >>>>>>> yes my server can do tls 1.2 perfectly and also with the above >>>>>>> (strong) cipher.I did some more tests where i modify step by >step >>>>my >>>>>>> server configuration until it works and here are my results. >>>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher >>>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >>>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher >>>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher >>>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY >>>>cipher >>>>>>> >>>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL >>>>>>> configuration is only for the http protocol and not for >>>>smtp(s).Thus >>>>>>> i think this does not care.I have java jre 1.8 latest plus the >>>>oracle >>>>>>> security "Unlimited Strength Java Cryptography Extension Policy >>>>>>> Files" pakage. >>>>>>> My jmeter test plan is very easy. >>>>>>> One thread one smtp sampler and one "view results in tree".The >>>SMTP >>>>>>> Sampler target my mail server on port "465" and the checkbox >"use >>>>>>> ssl" is enabled and the hook "Trust all certificates" is enabled >>>>>>> too.There is one Subject: hello and Email body: hello. Simple >>>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl >>>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: >>Perfectly >>>>>>> SSL Handshake. SSL Connection established using "TLSv1 >>>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means >>no >>>>>>> mutual ssl) >>>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler >>>using >>>>>>> (direct) ssl on port 465 - but it only works if i activate >>tls1.0. >>>>>>> I do not found any jmeter configuration about "smtps". >>>>>>> >>>>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here >>>>the >>>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: >>Success. >>>>>>> Looking on the thunderbird settings its strange but the cipher i >>>>want >>>>>>> to use is not available. Thus i can do tls1.2 but not with my >>>>>>> "strong" cipher. >>>>>>> Br.George >>>>>> I have added a few println's in TrustAllSSLSocketFactory and >>found, >>>>>> that I have to change the line where the sslcontext is created >>>first >>>>>> by calling SSLContext.getInstance("TLS"). >>>>>> >>>>>> When you change that occurence of TLS to TLSv1.2 you should get a >>>>>> TLSv1.2 connection with a string cipher suite. >>>>>> >>>>>> This default setting should probably be configurable as the used >>>>>> cipher suites. >>>>>> After a bit more research, the behaviour seems to be different >>>>between >>>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 >>>>connect >>>>>> with getInstance("TLS"), while java 7 was not. >>>>>> Can you double check, that you are using java 8? >>>>> yes i'm using java 8. java -version gives me: java version >>>>"1.8.0_20". >>>>> It's not the newest java 8 but it is java 8 for sure. >>>>> I'm not sure what you mean about "SSLContext.getInstance("TLS") >and >>>>where to change it to "TLSv1.2" ? >>>>You could have changed it inside the source code of the class. But >>>>don't >>>>bother with it anymore. >>>>> I did some debugging test and have activated the jmeter properites >>>to >>>>"DEBUG" (log level) and i also put the debug on in the >>>>system.properties for ssl (all).When i configure my server to accept >>>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the >>>>following: >>>>> trigger seeding of SecureRandomdone seeding >>>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% >Initialized: >>>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** >>>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH >>>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange..... >>>>> Now i change my server to only allow TLSv1.2 and then i see this: >>>>> *** ClientHello, TLSv1 >>>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description = >>>>handshare_failure >>>>> The same error if i turn on TLSv1.1. >>>>> >>>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter? >>>>> There are some configuration properties for http(s) and this works >>>>perfectly with TLSv1.2But not for SMTP. >>>> >>>>I have filed a bug request >>>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted >>a >>>>fix. >>>> >>>>Could you try it out? >>>> >>>>The next nightly should have the fix, or you can build jmeter >>yourself >>> >>>>from source. >>>> >>>>Regards >>>> Felix >>>>> BrGeorge >>>>> >>>>> >>>>> >>>>>> Regards >>>>> > Felix >>>>>> Regards >>>>>> Felix >>>>>> >>>>>>> >>>>>>> >>>>>>> Felix Schumacher <[email protected]> >>>schrieb >>>>am >>>>>>> 10:29 Montag, 1.Juni 2015: >>>>>>> >>>>>>> Am 29.05.2015 um 13:16 schrieb George: >>>>>>>> Hello, >>>>>>>> i try to sent a "hello" email using SMTP Sampler and want to >use >>>>>>>> SSL/TLS on standard port 465 for this connection.More i want to >>>>use >>>>>>>> TLSv1.2 with the very strong cipher >>>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the >handshake >>>>fail. >>>>>>>> Technially if i change the configuration on my server to also >>>>accept >>>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is >>>>sent >>>>>>>> perfectly.I see in the logs that the client (jmeter) and my >>>server >>>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is >>>>>>>> working but not with TLSv1.2. >>>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the >above >>>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it >>does >>>>>>>> not matter? >>>>>>>> >>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" >>>>>>>> >>>>>>> The smtp sampler has no option to specify the wanted >>ciphersuites, >>>>so >>>>>>> the option given above will not be used. >>>>>>>> I also installed lates java jdk and i also installed the >>>>additional >>>>>>>> strong security pakage and replaced the .jar files in >>>>>>>> /usr/java/jre.../lib/security >>>>>>> Which jdk did you install exactly? >>>>>>> >>>>>>> Have you checked (with openssl or something similar), that your >>>>>>> mailserver is capable of TLSv1.2? >>>>>>> >>>>>>> Regards >>>>>>> Felix >>>>>>>> BrGeorge >>>>>>>> >>>>>>>> >>>>>>> >>>>--------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> For additional commands, e-mail: [email protected] >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>--------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: [email protected] >>>>>> For additional commands, e-mail: [email protected] >>>>>> >>>>> >>>>> >>>--------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: [email protected] >>>>For additional commands, e-mail: [email protected] >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [email protected] >>>For additional commands, e-mail: [email protected] >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [email protected] >>For additional commands, e-mail: [email protected] >> >> >> >> >> >>------------------------------------------------------------------------ >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [email protected] >>For additional commands, e-mail: [email protected] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
