Am 30.07.2015 um 16:19 schrieb George:
Felix Schumacher <[email protected]> schrieb am 13:11
Mittwoch, 22.Juli 2015:
Am 22. Juli 2015 12:33:44 MESZ, schrieb Felix Schumacher
<[email protected]>:
Am 20. Juli 2015 20:56:55 MESZ, schrieb Felix Schumacher
<[email protected]>:
Am 20. Juli 2015 13:39:57 MESZ, schrieb George
<[email protected]>:
Felix Schumacher <[email protected]> schrieb am 13:25
Freitag, 17.Juli 2015:
Am 15. Juli 2015 11:17:33 MESZ, schrieb George
<[email protected]>:
Hello,
Could you try to not top-post? And my mail client has problems
showing some of your new lines, which makes reading your malls harder
than it should be.
OK sorry. I'm using the yahoo webmail client and just click "reply".
i have now the r1609478 running and have set up in the
jmeter.properties to use TLSv1.2.But this setting is only for
"http"...
and not for smtp. Anyway i set to be TLSv1.2
Right, http and smtp samplers have quite different settings.
It's still not running. I put the Debug on an i see on my terminal:
***
CelintHello, TLSv1In JMeter logger panel i see:
jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls
protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i
try to connect on port: 465 it's not working.
Are these three only debug messages? Could you post the complete
log
messages somewhere? It would be best to have logs from the nightly
build and the latest official build.
Maybe a tcpdump of both tries could help.
Attached a screeshot of my tcpdump. As you can see the "Client Hello"
is done using TLSv1.0
I can see no screenshot it was probably stripped of by the list.
And when you're at it, the complete debug logs would be nice, too :)
I also tried with a native mail client Thunderbird 31.4 which
supports
TLSv1.2.There it works perfectly like a charm from the beginning on.
In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong
ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird
its
working with at least TLSv1.2.
Thus:My Server works perfectly and accept TLSv1.2 connections
ONLY.If
a
client try to connect with anything below TLSv1.2 then my server do
not
accept it.
Is the mail server reachable via a public address, so that I could
try to access it?
No the mail server is not public - sorry
For testing purposes i can activate TLSv1.1 and TLSv1.0 and then
JMeter
is working too.
Maybe some more info.If i use JMeter and the HTTP Sampler then i can
do
TLSv1.2 connections with the strong cipher.But for this i need to
put
this:
JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
in my jmeter.sh start script.
So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with
TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher
=
also not working
Well http and smtp tls are two different beats with respect to
jmeter.
Would you be able to build jmeter yourself and apply patches?
technically yes i do have java dev. skills.I will try to get the
latest
source and apply tlsv1.2 for smtp(s).Maybe we should make the same
steps for smtp(s) as for http(s) and extend the jmeter.properties
having also smtp(s) parameters?also adding support for
"-Dsmtps.cipherSuites..." would be good to apply a cipherstring you
want only to have?
I will send another mail, as soon as I have a patch with more options.
OK, I think I have found the issue. The constants for ssl protocols
differ for smtp (startTLS) and smtps.
You have to find the string "mail.smtp.ssl.protocols" in
src/protocol/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
amd replace it with "mail."+protocol+".ssl.protocols".
I had tested Port 25 with startTLS and you are using smtps, so it
worked for me and didn't work for you.
Please try it out.
I have checked the changes in, so you could fetch the newest sources via svn
and compile them to try.
Regards,
Felix
Hello,
sorry for answering late.I have tried wit jmeter: 1692251 which is not the
newest but this one contain the changes you have commited.
Yes now it is working perfectly on "real" ssl SMTP(s) Port 465.I'm able to do TLSv1.2
with cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384I also see the "ClientHello, TLSv1.2".
Perfect. Thank you for your help.
Next step :)
So as the client and my server do TLSv1.2 they commit to use a cipher from
TLSv1.2.
But i would like to force JMeter to use one very specific cipher namely:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384I can configure my server to only accept
TLSv1.2 on this spezific cipher.
For HTTPs this is already working with jmeter quite perfectly.
For this i have to start my jmeter and add this to my
jmeter.shJMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Doing
so all HTTPs connections will be done using this specific cipher.
So is there a way to have something similar for SMTP(s)?
e.g. JMETER_OPTS="-Dsmtps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
You might want to try the attached patch.
It introduces a new jmeter property named mail.ssl.ciphersuites, which
you should add to your bin/user.properties.
Regards,
Felix
Br,George
Regards,
Felix
Regards,
Felix
BrGeorge
Regards,
Felix
BrGeorge
Felix Schumacher <[email protected]> schrieb am
17:45
Mittwoch, 17.Juni 2015:
Am 9. Juni 2015 11:41:42 MESZ, schrieb George
<[email protected]>:
HI,
ok i will get the nightly build and try it out.
Have you tried the nightly and did it help you?
Regards,
Felix
BrGeorge
Felix Schumacher <[email protected]> schrieb am
19:31
Montag, 8.Juni 2015:
Am 08.06.2015 um 15:12 schrieb George:
Hello Felix,
Felix Schumacher <[email protected]> schrieb
am
14:58 Sonntag, 7.Juni 2015:
Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
Hi George,
Am 03.06.2015 um 12:11 schrieb George:
Hello,
yes my server can do tls 1.2 perfectly and also with the above
(strong) cipher.I did some more tests where i modify step by
step
my
server configuration until it works and here are my results.
Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Test 2:My server allows ONLY tls 1.2 and ANY cipher
Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
cipher
My jmeter.properties is set to do tls1.2 only - but the SSL
configuration is only for the http protocol and not for
smtp(s).Thus
i think this does not care.I have java jre 1.8 latest plus the
oracle
security "Unlimited Strength Java Cryptography Extension Policy
Files" pakage.
My jmeter test plan is very easy.
One thread one smtp sampler and one "view results in tree".The
SMTP
Sampler target my mail server on port "465" and the checkbox
"use
ssl" is enabled and the hook "Trust all certificates" is
enabled
too.There is one Subject: hello and Email body: hello. Simple
Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
handshakeTest 3: Fail - no ssl handshakeTest 4: Success:
Perfectly
SSL Handshake. SSL Connection established using "TLSv1
ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means
no
mutual ssl)
OK thus it works.I can sent an email with jmeter SMTP sampler
using
(direct) ssl on port 465 - but it only works if i activate
tls1.0.
I do not found any jmeter configuration about "smtps".
I did some further tests wirh thunderbird 31.4 (on a
linux).Here
the
results.Test 1: Fails - no ssl connectionTest 2, 3 and 4:
Success.
Looking on the thunderbird settings its strange but the cipher
i
want
to use is not available. Thus i can do tls1.2 but not with my
"strong" cipher.
Br.George
I have added a few println's in TrustAllSSLSocketFactory and
found,
that I have to change the line where the sslcontext is created
first
by calling SSLContext.getInstance("TLS").
When you change that occurence of TLS to TLSv1.2 you should get
a
TLSv1.2 connection with a string cipher suite.
This default setting should probably be configurable as the used
cipher suites.
After a bit more research, the behaviour seems to be different
between
java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
connect
with getInstance("TLS"), while java 7 was not.
Can you double check, that you are using java 8?
yes i'm using java 8. java -version gives me: java version
"1.8.0_20".
It's not the newest java 8 but it is java 8 for sure.
I'm not sure what you mean about "SSLContext.getInstance("TLS")
and
where to change it to "TLSv1.2" ?
You could have changed it inside the source code of the class. But
don't
bother with it anymore.
I did some debugging test and have activated the jmeter
properites
to
"DEBUG" (log level) and i also put the debug on in the
system.properties for ssl (all).When i configure my server to
accept
TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
following:
trigger seeding of SecureRandomdone seeding
SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%%
Initialized:
[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
Now i change my server to only allow TLSv1.2 and then i see this:
*** ClientHello, TLSv1
and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description
=
handshare_failure
The same error if i turn on TLSv1.1.
Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
There are some configuration properties for http(s) and this
works
perfectly with TLSv1.2But not for SMTP.
I have filed a bug request
(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and
submitted
a
fix.
Could you try it out?
The next nightly should have the fix, or you can build jmeter
yourself
>from source.
Regards
Felix
BrGeorge
Regards
> Felix
Regards
Felix
Felix Schumacher <[email protected]>
schrieb
am
10:29 Montag, 1.Juni 2015:
Am 29.05.2015 um 13:16 schrieb George:
Hello,
i try to sent a "hello" email using SMTP Sampler and want to
use
SSL/TLS on standard port 465 for this connection.More i want
to
use
TLSv1.2 with the very strong cipher
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the
handshake
fail.
Technially if i change the configuration on my server to also
accept
TLSv1.1 and v1.0 then the SSL connection works and the email
is
sent
perfectly.I see in the logs that the client (jmeter) and my
server
aggreed on a cipher comming from TLS1.0.Thus in general SSL is
working but not with TLSv1.2.
Anyone any idea how i can use SMTP(s) with TLSv1.2 and the
above
cipher?I tried to put this in my jmeter.sh file but seems it
does
not matter?
JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
The smtp sampler has no option to specify the wanted
ciphersuites,
so
the option given above will not be used.
I also installed lates java jdk and i also installed the
additional
strong security pakage and replaced the .jar files in
/usr/java/jre.../lib/security
Which jdk did you install exactly?
Have you checked (with openssl or something similar), that your
mailserver is capable of TLSv1.2?
Regards
Felix
BrGeorge
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
>From 579bab83fcedf5dea10768d464484c83d027fb95 Mon Sep 17 00:00:00 2001
From: Felix Schumacher <[email protected]>
Date: Fri, 31 Jul 2015 22:08:23 +0200
Subject: [PATCH] Add configuration for mail ssl ciphersuites
---
.../jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java b/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
index 8994707..a91f13d 100644
--- a/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
+++ b/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
@@ -47,6 +47,7 @@ import org.apache.jmeter.config.Argument;
import org.apache.jmeter.services.FileServer;
import org.apache.jmeter.testelement.property.CollectionProperty;
import org.apache.jmeter.testelement.property.TestElementProperty;
+import org.apache.jmeter.util.JMeterUtils;
import org.apache.jorphan.logging.LoggingManager;
import org.apache.log.Logger;
@@ -148,6 +149,10 @@ public class SendMailCommand {
} catch (Exception e) {
logger.error("Problem setting ssl/tls protocols for mail", e);
}
+ String cipherSuites = JMeterUtils.getProperty("mail.ssl.ciphersuites");
+ if (cipherSuites != null) {
+ props.setProperty("mail." + protocol + ".ssl.ciphersuites", cipherSuites);
+ }
}
if (enableDebug) {
--
1.9.1
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
