Am 22. Juli 2015 12:33:44 MESZ, schrieb Felix Schumacher <[email protected]>: > > >Am 20. Juli 2015 20:56:55 MESZ, schrieb Felix Schumacher ><[email protected]>: >> >> >>Am 20. Juli 2015 13:39:57 MESZ, schrieb George ><[email protected]>: >>> >>> >>> >>>Felix Schumacher <[email protected]> schrieb am 13:25 >>>Freitag, 17.Juli 2015: >>> >>> >>> >>> >>>Am 15. Juli 2015 11:17:33 MESZ, schrieb George >><[email protected]>: >>>>Hello, >>> >>>> Could you try to not top-post? And my mail client has problems >>>showing some of your new lines, which makes reading your malls harder >>>than it should be. >>> >>>OK sorry. I'm using the yahoo webmail client and just click "reply". >>> >>> >>>>i have now the r1609478 running and have set up in the >>>>jmeter.properties to use TLSv1.2.But this setting is only for >>>"http"... >>>>and not for smtp. Anyway i set to be TLSv1.2 >>> >>>> Right, http and smtp samplers have quite different settings. >>> >>>>It's still not running. I put the Debug on an i see on my terminal: >>>*** >>>>CelintHello, TLSv1In JMeter logger panel i see: >>>>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls >>>>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i >>>>try to connect on port: 465 it's not working. >>> >>>> Are these three only debug messages? Could you post the complete >log >>>messages somewhere? It would be best to have logs from the nightly >>>build and the latest official build. >>> >>>> Maybe a tcpdump of both tries could help. >>> >>>Attached a screeshot of my tcpdump. As you can see the "Client Hello" >>>is done using TLSv1.0 >> >>I can see no screenshot it was probably stripped of by the list. >> >>And when you're at it, the complete debug logs would be nice, too :) >> >>> >>>>I also tried with a native mail client Thunderbird 31.4 which >>supports >>>>TLSv1.2.There it works perfectly like a charm from the beginning on. >>>>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2 >>>>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong >>>>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird >>>its >>>>working with at least TLSv1.2. >>>>Thus:My Server works perfectly and accept TLSv1.2 connections >ONLY.If >>>a >>>>client try to connect with anything below TLSv1.2 then my server do >>>not >>>>accept it. >>> >>>> Is the mail server reachable via a public address, so that I could >>>try to access it? >>> >>>No the mail server is not public - sorry >>> >>>>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then >>>JMeter >>>>is working too. >>>> >>>> >>>> >>>>Maybe some more info.If i use JMeter and the HTTP Sampler then i can >>>do >>>>TLSv1.2 connections with the strong cipher.But for this i need to >put >>>>this: >>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" >>>>in my jmeter.sh start script. >>>>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with >>>>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher >= >>>>also not working >>> >>>> Well http and smtp tls are two different beats with respect to >>>jmeter. >>> >>>> Would you be able to build jmeter yourself and apply patches? >>> >>>technically yes i do have java dev. skills.I will try to get the >>latest >>>source and apply tlsv1.2 for smtp(s).Maybe we should make the same >>>steps for smtp(s) as for http(s) and extend the jmeter.properties >>>having also smtp(s) parameters?also adding support for >>>"-Dsmtps.cipherSuites..." would be good to apply a cipherstring you >>>want only to have? >> >>I will send another mail, as soon as I have a patch with more options. > > >OK, I think I have found the issue. The constants for ssl protocols >differ for smtp (startTLS) and smtps. > >You have to find the string "mail.smtp.ssl.protocols" in >src/protocol/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java >amd replace it with "mail."+protocol+".ssl.protocols". > >I had tested Port 25 with startTLS and you are using smtps, so it >worked for me and didn't work for you. > >Please try it out.
I have checked the changes in, so you could fetch the newest sources via svn and compile them to try. Regards, Felix > >Regards, >Felix >> >>Regards, >>Felix >> >>> >>>BrGeorge >>> >>>>Regards, >>>>Felix >>>> >>>> >>>>BrGeorge >>>> >>>> >>>> >>>> >>>>Felix Schumacher <[email protected]> schrieb am >17:45 >>>>Mittwoch, 17.Juni 2015: >>>> >>>> >>>> >>>> >>>>Am 9. Juni 2015 11:41:42 MESZ, schrieb George >><[email protected]>: >>>>>HI, >>>>>ok i will get the nightly build and try it out. >>>> >>>>Have you tried the nightly and did it help you? >>>> >>>>Regards, >>>>Felix >>>> >>>>>BrGeorge >>>>> >>>>> >>>>> >>>>>Felix Schumacher <[email protected]> schrieb am >>19:31 >>>>>Montag, 8.Juni 2015: >>>>> >>>>> >>>>> Am 08.06.2015 um 15:12 schrieb George: >>>>>> Hello Felix, >>>>>> >>>>>> >>>>>> Felix Schumacher <[email protected]> schrieb >>>am >>>>>14:58 Sonntag, 7.Juni 2015: >>>>>> >>>>>> >>>>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher: >>>>>>> Hi George, >>>>>>> >>>>>>> Am 03.06.2015 um 12:11 schrieb George: >>>>>>>> Hello, >>>>>>>> yes my server can do tls 1.2 perfectly and also with the above >>>>>>>> (strong) cipher.I did some more tests where i modify step by >>step >>>>>my >>>>>>>> server configuration until it works and here are my results. >>>>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher >>>>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >>>>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher >>>>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher >>>>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY >>>>>cipher >>>>>>>> >>>>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL >>>>>>>> configuration is only for the http protocol and not for >>>>>smtp(s).Thus >>>>>>>> i think this does not care.I have java jre 1.8 latest plus the >>>>>oracle >>>>>>>> security "Unlimited Strength Java Cryptography Extension Policy >>>>>>>> Files" pakage. >>>>>>>> My jmeter test plan is very easy. >>>>>>>> One thread one smtp sampler and one "view results in tree".The >>>>SMTP >>>>>>>> Sampler target my mail server on port "465" and the checkbox >>"use >>>>>>>> ssl" is enabled and the hook "Trust all certificates" is >enabled >>>>>>>> too.There is one Subject: hello and Email body: hello. Simple >>>>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl >>>>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: >>>Perfectly >>>>>>>> SSL Handshake. SSL Connection established using "TLSv1 >>>>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means >>>no >>>>>>>> mutual ssl) >>>>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler >>>>using >>>>>>>> (direct) ssl on port 465 - but it only works if i activate >>>tls1.0. >>>>>>>> I do not found any jmeter configuration about "smtps". >>>>>>>> >>>>>>>> I did some further tests wirh thunderbird 31.4 (on a >linux).Here >>>>>the >>>>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: >>>Success. >>>>>>>> Looking on the thunderbird settings its strange but the cipher >i >>>>>want >>>>>>>> to use is not available. Thus i can do tls1.2 but not with my >>>>>>>> "strong" cipher. >>>>>>>> Br.George >>>>>>> I have added a few println's in TrustAllSSLSocketFactory and >>>found, >>>>>>> that I have to change the line where the sslcontext is created >>>>first >>>>>>> by calling SSLContext.getInstance("TLS"). >>>>>>> >>>>>>> When you change that occurence of TLS to TLSv1.2 you should get >a >>>>>>> TLSv1.2 connection with a string cipher suite. >>>>>>> >>>>>>> This default setting should probably be configurable as the used >>>>>>> cipher suites. >>>>>>> After a bit more research, the behaviour seems to be different >>>>>between >>>>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 >>>>>connect >>>>>>> with getInstance("TLS"), while java 7 was not. >>>>>>> Can you double check, that you are using java 8? >>>>>> yes i'm using java 8. java -version gives me: java version >>>>>"1.8.0_20". >>>>>> It's not the newest java 8 but it is java 8 for sure. >>>>>> I'm not sure what you mean about "SSLContext.getInstance("TLS") >>and >>>>>where to change it to "TLSv1.2" ? >>>>>You could have changed it inside the source code of the class. But >>>>>don't >>>>>bother with it anymore. >>>>>> I did some debugging test and have activated the jmeter >properites >>>>to >>>>>"DEBUG" (log level) and i also put the debug on in the >>>>>system.properties for ssl (all).When i configure my server to >accept >>>>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the >>>>>following: >>>>>> trigger seeding of SecureRandomdone seeding >>>>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% >>Initialized: >>>>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** >>>>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH >>>>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange..... >>>>>> Now i change my server to only allow TLSv1.2 and then i see this: >>>>>> *** ClientHello, TLSv1 >>>>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description >= >>>>>handshare_failure >>>>>> The same error if i turn on TLSv1.1. >>>>>> >>>>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter? >>>>>> There are some configuration properties for http(s) and this >works >>>>>perfectly with TLSv1.2But not for SMTP. >>>>> >>>>>I have filed a bug request >>>>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and >submitted >>>a >>>>>fix. >>>>> >>>>>Could you try it out? >>>>> >>>>>The next nightly should have the fix, or you can build jmeter >>>yourself >>>> >>>>>from source. >>>>> >>>>>Regards >>>>> Felix >>>>>> BrGeorge >>>>>> >>>>>> >>>>>> >>>>>>> Regards >>>>>> > Felix >>>>>>> Regards >>>>>>> Felix >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Felix Schumacher <[email protected]> >>>>schrieb >>>>>am >>>>>>>> 10:29 Montag, 1.Juni 2015: >>>>>>>> >>>>>>>> Am 29.05.2015 um 13:16 schrieb George: >>>>>>>>> Hello, >>>>>>>>> i try to sent a "hello" email using SMTP Sampler and want to >>use >>>>>>>>> SSL/TLS on standard port 465 for this connection.More i want >to >>>>>use >>>>>>>>> TLSv1.2 with the very strong cipher >>>>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the >>handshake >>>>>fail. >>>>>>>>> Technially if i change the configuration on my server to also >>>>>accept >>>>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email >is >>>>>sent >>>>>>>>> perfectly.I see in the logs that the client (jmeter) and my >>>>server >>>>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is >>>>>>>>> working but not with TLSv1.2. >>>>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the >>above >>>>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it >>>does >>>>>>>>> not matter? >>>>>>>>> >>>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" >>>>>>>>> >>>>>>>> The smtp sampler has no option to specify the wanted >>>ciphersuites, >>>>>so >>>>>>>> the option given above will not be used. >>>>>>>>> I also installed lates java jdk and i also installed the >>>>>additional >>>>>>>>> strong security pakage and replaced the .jar files in >>>>>>>>> /usr/java/jre.../lib/security >>>>>>>> Which jdk did you install exactly? >>>>>>>> >>>>>>>> Have you checked (with openssl or something similar), that your >>>>>>>> mailserver is capable of TLSv1.2? >>>>>>>> >>>>>>>> Regards >>>>>>>> Felix >>>>>>>>> BrGeorge >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>--------------------------------------------------------------------- >>>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>>> For additional commands, e-mail: [email protected] >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>--------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> For additional commands, e-mail: [email protected] >>>>>>> >>>>>> >>>>>> >>>>--------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: [email protected] >>>>>> For additional commands, e-mail: [email protected] >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>>--------------------------------------------------------------------- >>>>>To unsubscribe, e-mail: [email protected] >>>>>For additional commands, e-mail: [email protected] >>>> >>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: [email protected] >>>>For additional commands, e-mail: [email protected] >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [email protected] >>>For additional commands, e-mail: [email protected] >>> >>> >>> >>> >>> >>>------------------------------------------------------------------------ >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [email protected] >>>For additional commands, e-mail: [email protected] >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [email protected] >>For additional commands, e-mail: [email protected] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
