You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by Akash Pancholi <ak...@optovue.com> on 2010/12/17 20:31:46 UTC
SSL setup issue
Hello All,
I'm a newbie and trying to setup certificate with Jmeter for https load
testing, but keep getting following exception:
hread Name: Thread Group 1-1
Sample Start: 2010-12-17 11:00:07 PST
Load time: 378
Latency: 0
Size in bytes: 1332
Sample Count: 1
Error Count: 1
Response code: Non HTTP response code: javax.net.ssl.SSLHandshakeException
Response message: Non HTTP response message: Received fatal alert:
handshake_failure
Response headers:
HTTPSampleResult fields:
ContentType:
DataEncoding: null
Response data:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown
Source)
at
org.apache.jmeter.protocol.http.sampler.HTTPSampler.sample(HTTPSampler.java:483)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:965)
at
org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:951)
at
org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:348)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:243)
at java.lang.Thread.run(Unknown Source)
I saw plenty of messages related to this and tried a few things but doesn't
seem to help:
1. Imported my certificate to cacerts (import was successful and Jmeter did
prompt me for password while running the script).
2. Added following to System.properties:
ssl.provider=com.sun.net.ssl.internal.ssl.Provider
ssl.pkgs=com.sun.net.ssl.internal.www.protocol
I'm using Jmeter 2.4 and jre1.6. Appreciate any help.
Thanks.
Re: SSL setup issue
Posted by Mariusz W <ma...@gmail.com>.
Hi,
Can you set in jmeter.bat
set JVM_ARGS=-Djavax.net.debug=all
and check some errors/warnings in console output.
Have you added some external libraries to jmeter classpath or to ext in java
or some strange libraries to your app?
Sometime in init code there are hidden something like
Protocol easyhttps = new Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
Protocol.registerProtocol("https", easyhttps);
where EasySSLProtocolSocketFactory is changed at XXXXXXX and it can do
different unknown things and that factory is global for JVM afaik
On Mon, Dec 20, 2010 at 8:46 PM, Akash Pancholi
<ak...@optovue.com>wrote:
> My IE user agent is Mozilla/4.0, same as in test plan, I changed my FF
> agent
> to the same, but can not access the site there, interestingly, it's
> throwing
> the same exception as JMeter:
>
> Secure Connection Failed
>
> SSL peer was unable to negotiate an acceptable set of security parameters.
> (Error code: ssl_error_handshake_failure_alert)
>
> On Mon, Dec 20, 2010 at 9:49 AM, sebb <se...@gmail.com> wrote:
>
> > On 20 December 2010 17:40, Akash Pancholi <ak...@optovue.com>
> > wrote:
> > > Thanks for the replies.
> > >
> > > The webstie needs a certificate, I could access it all right manually
> in
> > IE,
> > > and execute the plan using BadBoy. The test plan was recorded with
> > BadBoy,
> > > and exported to Jmeter.
> > >
> > > I tried without certificate first, but got the same error. Protocol is
> > HTTPS
> > > and port 443. I simplified the test plan to only one request, but still
> > got
> > > the same error.
> > >
> > > The website can be accessed only in IE, does that matter?
> >
> > That depends on why the website requires IE.
> > It may be sufficient to change the User-Agent.
> >
> > Can you access the site in FireFox if you change FF's User-Agent to
> > look like IE?
> >
> > Does it make any difference if you use the HttpClient HTTP sampler?
> >
> > > On Mon, Dec 20, 2010 at 6:08 AM, sebb <se...@gmail.com> wrote:
> > >
> > >> On 20 December 2010 07:25, Felix Frank <ff...@mpexnet.de> wrote:
> > >> >> 1. Imported my certificate to cacerts (import was successful and
> > Jmeter
> > >> did
> > >> >> prompt me for password while running the script).
> > >> >
> > >> > Adding your certificates to Jmeter is only important when recording
> > >> > using the HTTP Proxy, afaik.
> > >>
> > >> Certificates aren't needed by JMeter unless the website needs a
> > >> *client* certificate (which is quite rare).
> > >> Are you sure the site needs a client certificate?
> > >>
> > >> JMeter provides its own certificate for HTTPS recording by its proxy.
> > >> If you wish, you can add that to your browser cert. store - but that's
> > >> not recommended, because the JMeter certificate is not secure.
> > >>
> > >> >> 2. Added following to System.properties:
> > >> >
> > >> > It is usually not required to make any changes to the properties,
> > HTTPS
> > >> > is supposed to work out of the box.
> > >>
> > >> Yes.
> > >>
> > >> >> ssl.provider=com.sun.net.ssl.internal.ssl.Provider
> > >> >>
> > >> >> ssl.pkgs=com.sun.net.ssl.internal.www.protocol
> > >> >>
> > >> >> I'm using Jmeter 2.4 and jre1.6. Appreciate any help.
> > >> >
> > >> > To ensure basic functionality, make a test plan that consists of
> only
> > >> > one sampler, which accesses your application's homepage.
> > >>
> > >> Good advice.
> > >>
> > >> > Make sure to specify the correct protocol (HTTPS) and port (probably
> > >> 443).
> > >>
> > >> Port 443 is selected by default for HTTPS (and 80 is selected for
> HTTP)
> > >>
> > >> > HTH,
> > >> > Felix
> > >> >
> > >> >
> ---------------------------------------------------------------------
> > >> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > >> > For additional commands, e-mail:
> jmeter-user-help@jakarta.apache.org
> > >> >
> > >> >
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > >> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> > >>
> > >>
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
Re: SSL setup issue
Posted by Felix Frank <ff...@mpexnet.de>.
On 12/20/2010 08:46 PM, Akash Pancholi wrote:
> My IE user agent is Mozilla/4.0, same as in test plan, I changed my FF agent
> to the same, but can not access the site there, interestingly, it's throwing
> the same exception as JMeter:
>
> Secure Connection Failed
>
> SSL peer was unable to negotiate an acceptable set of security parameters.
> (Error code: ssl_error_handshake_failure_alert)
This sounds like there *might* be a cipher problem. Maybe the server
only has supported for insecure ciphers that are no longer included in
Mozilla's SSL engine.
You can use "openssl s_client" to prod the server for supported ciphers,
I believe.
But then, it may just as well be merely the missing client certificate I
guess...
Regards,
Felix
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: SSL setup issue
Posted by Deepak Shetty <sh...@gmail.com>.
you need to figure out what your application needs first.
Is some client certificate installed only in IE? is there some sort of NTLM
authentication etc. speak to a developer
regards
deepak
On Mon, Dec 20, 2010 at 11:46 AM, Akash Pancholi <akash_pancholi@optovue.com
> wrote:
> My IE user agent is Mozilla/4.0, same as in test plan, I changed my FF
> agent
> to the same, but can not access the site there, interestingly, it's
> throwing
> the same exception as JMeter:
>
> Secure Connection Failed
>
> SSL peer was unable to negotiate an acceptable set of security parameters.
> (Error code: ssl_error_handshake_failure_alert)
>
> On Mon, Dec 20, 2010 at 9:49 AM, sebb <se...@gmail.com> wrote:
>
> > On 20 December 2010 17:40, Akash Pancholi <ak...@optovue.com>
> > wrote:
> > > Thanks for the replies.
> > >
> > > The webstie needs a certificate, I could access it all right manually
> in
> > IE,
> > > and execute the plan using BadBoy. The test plan was recorded with
> > BadBoy,
> > > and exported to Jmeter.
> > >
> > > I tried without certificate first, but got the same error. Protocol is
> > HTTPS
> > > and port 443. I simplified the test plan to only one request, but still
> > got
> > > the same error.
> > >
> > > The website can be accessed only in IE, does that matter?
> >
> > That depends on why the website requires IE.
> > It may be sufficient to change the User-Agent.
> >
> > Can you access the site in FireFox if you change FF's User-Agent to
> > look like IE?
> >
> > Does it make any difference if you use the HttpClient HTTP sampler?
> >
> > > On Mon, Dec 20, 2010 at 6:08 AM, sebb <se...@gmail.com> wrote:
> > >
> > >> On 20 December 2010 07:25, Felix Frank <ff...@mpexnet.de> wrote:
> > >> >> 1. Imported my certificate to cacerts (import was successful and
> > Jmeter
> > >> did
> > >> >> prompt me for password while running the script).
> > >> >
> > >> > Adding your certificates to Jmeter is only important when recording
> > >> > using the HTTP Proxy, afaik.
> > >>
> > >> Certificates aren't needed by JMeter unless the website needs a
> > >> *client* certificate (which is quite rare).
> > >> Are you sure the site needs a client certificate?
> > >>
> > >> JMeter provides its own certificate for HTTPS recording by its proxy.
> > >> If you wish, you can add that to your browser cert. store - but that's
> > >> not recommended, because the JMeter certificate is not secure.
> > >>
> > >> >> 2. Added following to System.properties:
> > >> >
> > >> > It is usually not required to make any changes to the properties,
> > HTTPS
> > >> > is supposed to work out of the box.
> > >>
> > >> Yes.
> > >>
> > >> >> ssl.provider=com.sun.net.ssl.internal.ssl.Provider
> > >> >>
> > >> >> ssl.pkgs=com.sun.net.ssl.internal.www.protocol
> > >> >>
> > >> >> I'm using Jmeter 2.4 and jre1.6. Appreciate any help.
> > >> >
> > >> > To ensure basic functionality, make a test plan that consists of
> only
> > >> > one sampler, which accesses your application's homepage.
> > >>
> > >> Good advice.
> > >>
> > >> > Make sure to specify the correct protocol (HTTPS) and port (probably
> > >> 443).
> > >>
> > >> Port 443 is selected by default for HTTPS (and 80 is selected for
> HTTP)
> > >>
> > >> > HTH,
> > >> > Felix
> > >> >
> > >> >
> ---------------------------------------------------------------------
> > >> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > >> > For additional commands, e-mail:
> jmeter-user-help@jakarta.apache.org
> > >> >
> > >> >
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > >> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> > >>
> > >>
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
Re: SSL setup issue
Posted by Akash Pancholi <ak...@optovue.com>.
My IE user agent is Mozilla/4.0, same as in test plan, I changed my FF agent
to the same, but can not access the site there, interestingly, it's throwing
the same exception as JMeter:
Secure Connection Failed
SSL peer was unable to negotiate an acceptable set of security parameters.
(Error code: ssl_error_handshake_failure_alert)
On Mon, Dec 20, 2010 at 9:49 AM, sebb <se...@gmail.com> wrote:
> On 20 December 2010 17:40, Akash Pancholi <ak...@optovue.com>
> wrote:
> > Thanks for the replies.
> >
> > The webstie needs a certificate, I could access it all right manually in
> IE,
> > and execute the plan using BadBoy. The test plan was recorded with
> BadBoy,
> > and exported to Jmeter.
> >
> > I tried without certificate first, but got the same error. Protocol is
> HTTPS
> > and port 443. I simplified the test plan to only one request, but still
> got
> > the same error.
> >
> > The website can be accessed only in IE, does that matter?
>
> That depends on why the website requires IE.
> It may be sufficient to change the User-Agent.
>
> Can you access the site in FireFox if you change FF's User-Agent to
> look like IE?
>
> Does it make any difference if you use the HttpClient HTTP sampler?
>
> > On Mon, Dec 20, 2010 at 6:08 AM, sebb <se...@gmail.com> wrote:
> >
> >> On 20 December 2010 07:25, Felix Frank <ff...@mpexnet.de> wrote:
> >> >> 1. Imported my certificate to cacerts (import was successful and
> Jmeter
> >> did
> >> >> prompt me for password while running the script).
> >> >
> >> > Adding your certificates to Jmeter is only important when recording
> >> > using the HTTP Proxy, afaik.
> >>
> >> Certificates aren't needed by JMeter unless the website needs a
> >> *client* certificate (which is quite rare).
> >> Are you sure the site needs a client certificate?
> >>
> >> JMeter provides its own certificate for HTTPS recording by its proxy.
> >> If you wish, you can add that to your browser cert. store - but that's
> >> not recommended, because the JMeter certificate is not secure.
> >>
> >> >> 2. Added following to System.properties:
> >> >
> >> > It is usually not required to make any changes to the properties,
> HTTPS
> >> > is supposed to work out of the box.
> >>
> >> Yes.
> >>
> >> >> ssl.provider=com.sun.net.ssl.internal.ssl.Provider
> >> >>
> >> >> ssl.pkgs=com.sun.net.ssl.internal.www.protocol
> >> >>
> >> >> I'm using Jmeter 2.4 and jre1.6. Appreciate any help.
> >> >
> >> > To ensure basic functionality, make a test plan that consists of only
> >> > one sampler, which accesses your application's homepage.
> >>
> >> Good advice.
> >>
> >> > Make sure to specify the correct protocol (HTTPS) and port (probably
> >> 443).
> >>
> >> Port 443 is selected by default for HTTPS (and 80 is selected for HTTP)
> >>
> >> > HTH,
> >> > Felix
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> >> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >> >
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> >> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: SSL setup issue
Posted by sebb <se...@gmail.com>.
On 20 December 2010 17:40, Akash Pancholi <ak...@optovue.com> wrote:
> Thanks for the replies.
>
> The webstie needs a certificate, I could access it all right manually in IE,
> and execute the plan using BadBoy. The test plan was recorded with BadBoy,
> and exported to Jmeter.
>
> I tried without certificate first, but got the same error. Protocol is HTTPS
> and port 443. I simplified the test plan to only one request, but still got
> the same error.
>
> The website can be accessed only in IE, does that matter?
That depends on why the website requires IE.
It may be sufficient to change the User-Agent.
Can you access the site in FireFox if you change FF's User-Agent to
look like IE?
Does it make any difference if you use the HttpClient HTTP sampler?
> On Mon, Dec 20, 2010 at 6:08 AM, sebb <se...@gmail.com> wrote:
>
>> On 20 December 2010 07:25, Felix Frank <ff...@mpexnet.de> wrote:
>> >> 1. Imported my certificate to cacerts (import was successful and Jmeter
>> did
>> >> prompt me for password while running the script).
>> >
>> > Adding your certificates to Jmeter is only important when recording
>> > using the HTTP Proxy, afaik.
>>
>> Certificates aren't needed by JMeter unless the website needs a
>> *client* certificate (which is quite rare).
>> Are you sure the site needs a client certificate?
>>
>> JMeter provides its own certificate for HTTPS recording by its proxy.
>> If you wish, you can add that to your browser cert. store - but that's
>> not recommended, because the JMeter certificate is not secure.
>>
>> >> 2. Added following to System.properties:
>> >
>> > It is usually not required to make any changes to the properties, HTTPS
>> > is supposed to work out of the box.
>>
>> Yes.
>>
>> >> ssl.provider=com.sun.net.ssl.internal.ssl.Provider
>> >>
>> >> ssl.pkgs=com.sun.net.ssl.internal.www.protocol
>> >>
>> >> I'm using Jmeter 2.4 and jre1.6. Appreciate any help.
>> >
>> > To ensure basic functionality, make a test plan that consists of only
>> > one sampler, which accesses your application's homepage.
>>
>> Good advice.
>>
>> > Make sure to specify the correct protocol (HTTPS) and port (probably
>> 443).
>>
>> Port 443 is selected by default for HTTPS (and 80 is selected for HTTP)
>>
>> > HTH,
>> > Felix
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: SSL setup issue
Posted by Akash Pancholi <ak...@optovue.com>.
Thanks for the replies.
The webstie needs a certificate, I could access it all right manually in IE,
and execute the plan using BadBoy. The test plan was recorded with BadBoy,
and exported to Jmeter.
I tried without certificate first, but got the same error. Protocol is HTTPS
and port 443. I simplified the test plan to only one request, but still got
the same error.
The website can be accessed only in IE, does that matter?
On Mon, Dec 20, 2010 at 6:08 AM, sebb <se...@gmail.com> wrote:
> On 20 December 2010 07:25, Felix Frank <ff...@mpexnet.de> wrote:
> >> 1. Imported my certificate to cacerts (import was successful and Jmeter
> did
> >> prompt me for password while running the script).
> >
> > Adding your certificates to Jmeter is only important when recording
> > using the HTTP Proxy, afaik.
>
> Certificates aren't needed by JMeter unless the website needs a
> *client* certificate (which is quite rare).
> Are you sure the site needs a client certificate?
>
> JMeter provides its own certificate for HTTPS recording by its proxy.
> If you wish, you can add that to your browser cert. store - but that's
> not recommended, because the JMeter certificate is not secure.
>
> >> 2. Added following to System.properties:
> >
> > It is usually not required to make any changes to the properties, HTTPS
> > is supposed to work out of the box.
>
> Yes.
>
> >> ssl.provider=com.sun.net.ssl.internal.ssl.Provider
> >>
> >> ssl.pkgs=com.sun.net.ssl.internal.www.protocol
> >>
> >> I'm using Jmeter 2.4 and jre1.6. Appreciate any help.
> >
> > To ensure basic functionality, make a test plan that consists of only
> > one sampler, which accesses your application's homepage.
>
> Good advice.
>
> > Make sure to specify the correct protocol (HTTPS) and port (probably
> 443).
>
> Port 443 is selected by default for HTTPS (and 80 is selected for HTTP)
>
> > HTH,
> > Felix
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
Re: SSL setup issue
Posted by sebb <se...@gmail.com>.
On 20 December 2010 07:25, Felix Frank <ff...@mpexnet.de> wrote:
>> 1. Imported my certificate to cacerts (import was successful and Jmeter did
>> prompt me for password while running the script).
>
> Adding your certificates to Jmeter is only important when recording
> using the HTTP Proxy, afaik.
Certificates aren't needed by JMeter unless the website needs a
*client* certificate (which is quite rare).
Are you sure the site needs a client certificate?
JMeter provides its own certificate for HTTPS recording by its proxy.
If you wish, you can add that to your browser cert. store - but that's
not recommended, because the JMeter certificate is not secure.
>> 2. Added following to System.properties:
>
> It is usually not required to make any changes to the properties, HTTPS
> is supposed to work out of the box.
Yes.
>> ssl.provider=com.sun.net.ssl.internal.ssl.Provider
>>
>> ssl.pkgs=com.sun.net.ssl.internal.www.protocol
>>
>> I'm using Jmeter 2.4 and jre1.6. Appreciate any help.
>
> To ensure basic functionality, make a test plan that consists of only
> one sampler, which accesses your application's homepage.
Good advice.
> Make sure to specify the correct protocol (HTTPS) and port (probably 443).
Port 443 is selected by default for HTTPS (and 80 is selected for HTTP)
> HTH,
> Felix
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
Re: SSL setup issue
Posted by Felix Frank <ff...@mpexnet.de>.
> 1. Imported my certificate to cacerts (import was successful and Jmeter did
> prompt me for password while running the script).
Adding your certificates to Jmeter is only important when recording
using the HTTP Proxy, afaik.
> 2. Added following to System.properties:
It is usually not required to make any changes to the properties, HTTPS
is supposed to work out of the box.
> ssl.provider=com.sun.net.ssl.internal.ssl.Provider
>
> ssl.pkgs=com.sun.net.ssl.internal.www.protocol
>
> I'm using Jmeter 2.4 and jre1.6. Appreciate any help.
To ensure basic functionality, make a test plan that consists of only
one sampler, which accesses your application's homepage.
Make sure to specify the correct protocol (HTTPS) and port (probably 443).
HTH,
Felix
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org