You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by Steffen Oehme <st...@web.de> on 2007/03/16 21:45:23 UTC
HTTPS: SSL instead of TLS
Hi,
one of the applications I wanted to check with JMeter requires me to
use SSL instead of TLS. No way to work around that from the
application side, I'm afraid.
Anyways, I checked on the user guide, the jmeter.properties and on the
web but didn't see how I can tell JMeter to not use TLS but instead
SSL. In Java that's usually an easy task, so I thought there must be
some sort of a switch for JMeter as well.
Has anyone worked around this issue already?
Steffen
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by sebb <se...@gmail.com>.
On 20/03/07, Steffen Oehme <st...@gmx.de> wrote:
> Sebb,
> I've had the chance to do a quick test today and the new property
> seems to work as expected!
>
> When I set https.socket.protocols=SSLv3, all if working fine. If I set
> SSLv2 or SSL or any combination, it fails. I assume this is an issue
> with my application - I'll do some more tests end of the week and let
> you know.
Or maybe the other protocols are not supported - check the jmeter log
file to see.
> Thanks for your efforts!
Glad it works
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by Steffen Oehme <st...@gmx.de>.
Sebb,
I've had the chance to do a quick test today and the new property
seems to work as expected!
When I set https.socket.protocols=SSLv3, all if working fine. If I set
SSLv2 or SSL or any combination, it fails. I assume this is an issue
with my application - I'll do some more tests end of the week and let
you know.
Thanks for your efforts!
Steffen
sebb schrieb:
> OK, try again - new property as it does something different.
> I kept the old property for now in case you need to play with both.
>
> https.socket.protocols=prot1 prot2 ... protn
>
> i.e. space separated list of protocols.
> If you don't know what is supported, just use an invalid protocol and
> it will log the supported ones.
>
> This is in nightly build r519694 just uploaded.
>
> S///
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by sebb <se...@gmail.com>.
OK, try again - new property as it does something different.
I kept the old property for now in case you need to play with both.
https.socket.protocols=prot1 prot2 ... protn
i.e. space separated list of protocols.
If you don't know what is supported, just use an invalid protocol and
it will log the supported ones.
This is in nightly build r519694 just uploaded.
S///
On 18/03/07, sebb <se...@gmail.com> wrote:
> OK, I'm looking into enhancing the Socket factory code to try and fix this.
>
> S///
> On 18/03/07, Steffen Oehme <st...@web.de> wrote:
> > I did some testing but it doesn't work:
> > https.default.protocol=SSLv3 in user.properties
> > JMeter picks this up correctly (as per jmeter.log)
> > The WebLogic server still gives the TLS Error Message
> >
> > Don't you need to set the actual protocol with setEnabledProtocols of
> > SSLSocket? Not familar with this, but from the API it seems as if this
> > is the only way to specify exactly what protocol should be used.
> >
> > The getInstance of SSLContext that you used may not exclude TLS.. At
> > least the description makes me believe so:
> > SSL Supports some version of SSL; may support other versions
> > SSLv2 Supports SSL version 2 or higher
> > SSLv3 Supports SSL version 3; may support other versions
> > TLS Supports some version of TLS; may support other versions
> > TLSv1 Supports TLS version 1; may support other versions
> >
> > sebb schrieb:
> > > https.default.protocol=TLS
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by sebb <se...@gmail.com>.
OK, I'm looking into enhancing the Socket factory code to try and fix this.
S///
On 18/03/07, Steffen Oehme <st...@web.de> wrote:
> I did some testing but it doesn't work:
> https.default.protocol=SSLv3 in user.properties
> JMeter picks this up correctly (as per jmeter.log)
> The WebLogic server still gives the TLS Error Message
>
> Don't you need to set the actual protocol with setEnabledProtocols of
> SSLSocket? Not familar with this, but from the API it seems as if this
> is the only way to specify exactly what protocol should be used.
>
> The getInstance of SSLContext that you used may not exclude TLS.. At
> least the description makes me believe so:
> SSL Supports some version of SSL; may support other versions
> SSLv2 Supports SSL version 2 or higher
> SSLv3 Supports SSL version 3; may support other versions
> TLS Supports some version of TLS; may support other versions
> TLSv1 Supports TLS version 1; may support other versions
>
> sebb schrieb:
> > https.default.protocol=TLS
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by Steffen Oehme <st...@web.de>.
I did some testing but it doesn't work:
https.default.protocol=SSLv3 in user.properties
JMeter picks this up correctly (as per jmeter.log)
The WebLogic server still gives the TLS Error Message
Don't you need to set the actual protocol with setEnabledProtocols of
SSLSocket? Not familar with this, but from the API it seems as if this
is the only way to specify exactly what protocol should be used.
The getInstance of SSLContext that you used may not exclude TLS.. At
least the description makes me believe so:
SSL Supports some version of SSL; may support other versions
SSLv2 Supports SSL version 2 or higher
SSLv3 Supports SSL version 3; may support other versions
TLS Supports some version of TLS; may support other versions
TLSv1 Supports TLS version 1; may support other versions
sebb schrieb:
> https.default.protocol=TLS
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by sebb <se...@gmail.com>.
Sorry, forgot to say what the property was...
The default is:
https.default.protocol=TLS
I did not put it in jmeter.properties, because it may well be removed.
S.
On 18/03/07, Steffen Oehme <st...@web.de> wrote:
> Sebb, what's the properties name and values again? Can't find it in
> the usual config files..
>
> sebb schrieb:
> > I've uploaded r519437 if you want to try and break it ;-)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by Steffen Oehme <st...@web.de>.
Sebb, what's the properties name and values again? Can't find it in
the usual config files..
sebb schrieb:
> I've uploaded r519437 if you want to try and break it ;-)
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by sebb <se...@gmail.com>.
I've uploaded r519437 if you want to try and break it ;-)
On 17/03/07, Steffen Oehme <st...@web.de> wrote:
> Absolutely, just let me know once done.
>
> And for the long-term solution, as I mentioned, a dropdown with values
> such as "HTTP", "HTTPS (SSLv1)", ... "HTTPS (TLSv1)" would be pretty
> nice..
>
> sebb schrieb:
> > Just had another look at the SSL JMeter code, and the JsseSSLManager
> > class creates the context using:
> >
> > SSLContext.getInstance("TLS");
> >
> > A simple (but not very versatille) way to implement other algorithms
> > would be to use a property, with a default of "TLS".
> >
> > If I generate a new nightly with that as an option, would you be able
> > to test it and see it it works for you?
> >
> > A more versatile solution could be worked out later.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by Alf Høgemark <al...@i100.no>.
Yes, it might work well to just leave the protocol field as a text field
where the user can enter whatever he wants, as it is today.
So the "novice" users will continue to enter either http or https.
And people who read the documentation will write "http(tls)", for
example, I assume it will remain case insensitive.
So I favour your suggestion, Sebb.
Regards
Alf Hogemark
sebb wrote:
> On 17/03/07, Alf Høgemark <al...@i100.no> wrote:
>> This discussion about TLS / SSL seems related to
>> :http://issues.apache.org/bugzilla/show_bug.cgi?id=39638
>
> Agreed.
>
>> If Sebb's fix works, and he can suggest how he wants the GUI changed for
>> the "HTTP Request parameters", I can probably look into making a
>> patch for
>> allowing the user to specify what https mode to use.
>> You suggestion on different dropdown values are one option, another one
>> would be to have a separate dropdown for "HTTPS mode" or something.
>
> For backward compatibility we need to keep the exisiting protocol field.
>
> One could add the SSL protocol as a part of the field, e.g.
>
> HTTPS
> HTTPS(TLS)
> HTTPS(SSLv1)
>
> etc. No need to change the GUI - only the code (and documentation).
>
> The advantage is that any protocol could be selected this way, also it
> would be easy to use a variable.
>
> I'm not sure about a drop-down list; this would make the GUI look more
> complicated.
>
> WDYT?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by sebb <se...@gmail.com>.
On 17/03/07, Alf Høgemark <al...@i100.no> wrote:
> This discussion about TLS / SSL seems related to
> :http://issues.apache.org/bugzilla/show_bug.cgi?id=39638
Agreed.
> If Sebb's fix works, and he can suggest how he wants the GUI changed for
> the "HTTP Request parameters", I can probably look into making a patch for
> allowing the user to specify what https mode to use.
> You suggestion on different dropdown values are one option, another one
> would be to have a separate dropdown for "HTTPS mode" or something.
For backward compatibility we need to keep the exisiting protocol field.
One could add the SSL protocol as a part of the field, e.g.
HTTPS
HTTPS(TLS)
HTTPS(SSLv1)
etc. No need to change the GUI - only the code (and documentation).
The advantage is that any protocol could be selected this way, also it
would be easy to use a variable.
I'm not sure about a drop-down list; this would make the GUI look more
complicated.
WDYT?
> I guess it is also an issue to not make the GUI too complex for ordinary
> users, so perhaps something is best kept in config files.
> But I think it should be possible to make some good gui for this.
>
> Regards
> Alf Hogemark
>
>
> Steffen Oehme wrote:
> > Absolutely, just let me know once done.
> >
> > And for the long-term solution, as I mentioned, a dropdown with values
> > such as "HTTP", "HTTPS (SSLv1)", ... "HTTPS (TLSv1)" would be pretty
> > nice..
> >
> > sebb schrieb:
> >
> >> Just had another look at the SSL JMeter code, and the JsseSSLManager
> >> class creates the context using:
> >>
> >> SSLContext.getInstance("TLS");
> >>
> >> A simple (but not very versatille) way to implement other algorithms
> >> would be to use a property, with a default of "TLS".
> >>
> >> If I generate a new nightly with that as an option, would you be able
> >> to test it and see it it works for you?
> >>
> >> A more versatile solution could be worked out later.
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by Alf Høgemark <al...@i100.no>.
This discussion about TLS / SSL seems related to
:http://issues.apache.org/bugzilla/show_bug.cgi?id=39638
If Sebb's fix works, and he can suggest how he wants the GUI changed for
the "HTTP Request parameters", I can probably look into making a patch for
allowing the user to specify what https mode to use.
You suggestion on different dropdown values are one option, another one
would be to have a separate dropdown for "HTTPS mode" or something.
I guess it is also an issue to not make the GUI too complex for ordinary
users, so perhaps something is best kept in config files.
But I think it should be possible to make some good gui for this.
Regards
Alf Hogemark
Steffen Oehme wrote:
> Absolutely, just let me know once done.
>
> And for the long-term solution, as I mentioned, a dropdown with values
> such as "HTTP", "HTTPS (SSLv1)", ... "HTTPS (TLSv1)" would be pretty
> nice..
>
> sebb schrieb:
>
>> Just had another look at the SSL JMeter code, and the JsseSSLManager
>> class creates the context using:
>>
>> SSLContext.getInstance("TLS");
>>
>> A simple (but not very versatille) way to implement other algorithms
>> would be to use a property, with a default of "TLS".
>>
>> If I generate a new nightly with that as an option, would you be able
>> to test it and see it it works for you?
>>
>> A more versatile solution could be worked out later.
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by Steffen Oehme <st...@web.de>.
Absolutely, just let me know once done.
And for the long-term solution, as I mentioned, a dropdown with values
such as "HTTP", "HTTPS (SSLv1)", ... "HTTPS (TLSv1)" would be pretty
nice..
sebb schrieb:
> Just had another look at the SSL JMeter code, and the JsseSSLManager
> class creates the context using:
>
> SSLContext.getInstance("TLS");
>
> A simple (but not very versatille) way to implement other algorithms
> would be to use a property, with a default of "TLS".
>
> If I generate a new nightly with that as an option, would you be able
> to test it and see it it works for you?
>
> A more versatile solution could be worked out later.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by sebb <se...@gmail.com>.
Just had another look at the SSL JMeter code, and the JsseSSLManager
class creates the context using:
SSLContext.getInstance("TLS");
A simple (but not very versatille) way to implement other algorithms
would be to use a property, with a default of "TLS".
If I generate a new nightly with that as an option, would you be able
to test it and see it it works for you?
A more versatile solution could be worked out later.
S///
On 17/03/07, Steffen Oehme <st...@web.de> wrote:
> Sure, but I really don't want to go down to the code and modify it!
>
> From what I read, the protocol in JSSE is set with the
> setEnabledProtocols-Method for an SSLSocket.
> The parameters can be:
> SSLv2 SSL version 2 protocol
> SSLv3 SSL version 3 protocol
> TLSv1 TLS version 1 protocol (defined in RFC 2246)
> SSLv2Hello Enables the sending of SSLv2 hellos. For compatibility
> reasons, some protocols such as SSLv3 and TLSv1 allow sending
> SSLv3/TLSv1 hellos encapsulated in an SSLv2 format hello.
>
> See also:
> http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html#setEnabledProtocols(java.lang.String[])
> http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#AppA
>
> Is there no defined way to configure the protocol in JMeter?
>
> A simple dropdown in the HTTP Request Defaults would be a good
> enhancement, I'd say..
>
> sebb schrieb:
> > If it's an easy task in Java, presumably the same will work in JMeter.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by Steffen Oehme <st...@web.de>.
Sure, but I really don't want to go down to the code and modify it!
>From what I read, the protocol in JSSE is set with the
setEnabledProtocols-Method for an SSLSocket.
The parameters can be:
SSLv2 SSL version 2 protocol
SSLv3 SSL version 3 protocol
TLSv1 TLS version 1 protocol (defined in RFC 2246)
SSLv2Hello Enables the sending of SSLv2 hellos. For compatibility
reasons, some protocols such as SSLv3 and TLSv1 allow sending
SSLv3/TLSv1 hellos encapsulated in an SSLv2 format hello.
See also:
http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html#setEnabledProtocols(java.lang.String[])
http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#AppA
Is there no defined way to configure the protocol in JMeter?
A simple dropdown in the HTTP Request Defaults would be a good
enhancement, I'd say..
sebb schrieb:
> If it's an easy task in Java, presumably the same will work in JMeter.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: HTTPS: SSL instead of TLS
Posted by sebb <se...@gmail.com>.
If it's an easy task in Java, presumably the same will work in JMeter.
On 16/03/07, Steffen Oehme <st...@web.de> wrote:
> Hi,
> one of the applications I wanted to check with JMeter requires me to
> use SSL instead of TLS. No way to work around that from the
> application side, I'm afraid.
>
> Anyways, I checked on the user guide, the jmeter.properties and on the
> web but didn't see how I can tell JMeter to not use TLS but instead
> SSL. In Java that's usually an easy task, so I thought there must be
> some sort of a switch for JMeter as well.
>
> Has anyone worked around this issue already?
>
> Steffen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org