You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@jmeter.apache.org by bu...@apache.org on 2018/08/03 05:06:22 UTC
[Bug 62595] New: SMTPSampler does not allow configuring the SSL/TLS
protocols to be used on handshake
https://bz.apache.org/bugzilla/show_bug.cgi?id=62595
Bug ID: 62595
Summary: SMTPSampler does not allow configuring the SSL/TLS
protocols to be used on handshake
Product: JMeter
Version: 4.0
Hardware: PC
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Main
Assignee: issues@jmeter.apache.org
Reporter: felipe.cuozzo@gmail.com
Target Milestone: ---
Currently the logic on SendMailCommand#prepareMessage method does the
following:
if (useStartTLS || useSSL) {
try {
String allProtocols = StringUtils.join(
SSLContext.getDefault().getSupportedSSLParameters().getProtocols(), " ");
logger.info("Use ssl/tls protocols for mail: {}", allProtocols);
props.setProperty("mail." + protocol + ".ssl.protocols", allProtocols);
The default SSLContext will return a list of all supported protocols for the
current JRE, typically "SSLv2Hello TLSv1 TLSv1.1 TLSv1.2"
If for some reason the server does not accept the deprecated SSLv3 protocol
(see https://tools.ietf.org/html/rfc7568) the handshake will fail.
This article describes how to disable SSLv3 (and the SSLv2Hello
pseudo-protocol)
http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
Which can be done by setting the system property "jdk.tls.client.protocols" at
startup time.
The bug arises because the code is getting the supported not the enabled
protocols.
Expected behavior on the SSL/TLS handshake would be that the SMTPSampler only
used the enabled protocols.
Because the system property changes the settings for the default SSLContext, I
suggest that a new configuration field is added on the GUI panel for the
SMTPSampler that allows to override the list of protocols so one can
specifically set which protocols to be used for the handshake.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 62595] SMTPSampler does not allow configuring the SSL/TLS
protocols to be used on handshake
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62595
--- Comment #4 from Felipe Cuozzo <fe...@gmail.com> ---
Hi Phillipe,
Thank you for the fast turn-around here.
After testing the nightly build I realized I forgot to push a one line change
to the SmtpSampler I had on my local repository.
Please see extra commit on
https://github.com/fcuozzo/jmeter/commit/680f16dd1013d2bc5f1da2b4f1cf5a609e47a9e3
Without that the custom protocols don't actually get set into the
SendEmailCommand so the new behavior does not work.
Thanks for the refactoring and changing to use StringUtils.isEmpty to check if
the String was empty (my bad there, I should have checked what was the common
pattern in the codebase, my previous logic had a NullPointerException bug
lurking in there).
Thanks,
Felipe
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 62595] SMTPSampler does not allow configuring the SSL/TLS
protocols to be used on handshake
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62595
Philippe Mouawad <p....@ubik-ingenierie.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
CC| |p.mouawad@ubik-ingenierie.c
| |om
Hardware|PC |All
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 62595] SMTPSampler does not allow configuring the SSL/TLS
protocols to be used on handshake
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62595
Felipe Cuozzo <fe...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |felipe.cuozzo@gmail.com
--- Comment #1 from Felipe Cuozzo <fe...@gmail.com> ---
I've a proposed patch on
https://github.com/fcuozzo/jmeter/commit/f7c27b90beb3decacbfc9b19b755954892e829c0
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 62595] SMTPSampler does not allow configuring the SSL/TLS
protocols to be used on handshake
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62595
--- Comment #5 from Felix Schumacher <fe...@internetallee.de> ---
Thanks for the followup.
Could you try the next nightly, if thinks work for you then?
Date: Thu Aug 9 09:19:43 2018
New Revision: 1837704
URL: http://svn.apache.org/viewvc?rev=1837704&view=rev
Log:
Bug 62595 - SMTPSampler does not allow configuring the SSL/TLS protocols to be
used on handshake
Followup to r1837445. Missing the line to actually use the settings for sending
mails.
Contributed by Felipe Cuozzo
Bugzilla Id: 62595
Modified:
jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/SmtpSampler.java
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 62595] SMTPSampler does not allow configuring the SSL/TLS
protocols to be used on handshake
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62595
Philippe Mouawad <p....@ubik-ingenierie.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
Resolution|--- |FIXED
Target Milestone|--- |JMETER_4.1
Status|NEW |RESOLVED
--- Comment #2 from Philippe Mouawad <p....@ubik-ingenierie.com> ---
Author: pmouawad
Date: Sat Aug 4 18:46:53 2018
New Revision: 1837445
URL: http://svn.apache.org/viewvc?rev=1837445&view=rev
Log:
Bug 62595 - SMTPSampler does not allow configuring the SSL/TLS protocols to be
used on handshake
Contributed by Felipe Cuozzo
Bugzilla Id: 62595
Modified:
jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties
jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties
jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/gui/SecuritySettingsPanel.java
jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
jmeter/trunk/xdocs/changes.xml
jmeter/trunk/xdocs/usermanual/component_reference.xml
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 62595] SMTPSampler does not allow configuring the SSL/TLS
protocols to be used on handshake
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62595
--- Comment #3 from Philippe Mouawad <p....@ubik-ingenierie.com> ---
Thanks for contributing.
This will be available in next JMeter 5.0.
Meanwhile if you can test nightly build after today and give us feedback it
would be nice.
http://jmeter.apache.org/nightly.html
Thanks
Regards
--
You are receiving this mail because:
You are the assignee for the bug.