You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by George <ba...@yahoo.de> on 2015/05/29 13:16:25 UTC
JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Hello,
i try to sent a "hello" email using SMTP Sampler and want to use SSL/TLS on standard port 465 for this connection.More i want to use TLSv1.2 with the very strong cipher "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
Technially if i change the configuration on my server to also accept TLSv1.1 and v1.0 then the SSL connection works and the email is sent perfectly.I see in the logs that the client (jmeter) and my server aggreed on a cipher comming from TLS1.0.Thus in general SSL is working but not with TLSv1.2.
Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above cipher?I tried to put this in my jmeter.sh file but seems it does not matter?
JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
I also installed lates java jdk and i also installed the additional strong security pakage and replaced the .jar files in /usr/java/jre.../lib/security
BrGeorge
Re: JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by George <ba...@yahoo.de>.
Hi,
ough :(My fault.
I was so wonderung why the lib folder is quite empty :)I have to dl it and put everything together :)
I will try again
UBIK LOAD PACK Support <su...@ubikloadpack.com> schrieb am 17:24 Dienstag, 14.Juli 2015:
Hi,
Did you follow install instructions:
- Download the _bin and _lib files
Unpack the archives into the same directory structure
The other archives are not needed to run JMeter.
http://jmeter.apache.org/nightly.html
On Tuesday, July 14, 2015, George <ba...@yahoo.de> wrote:
> HI,
> i will try it.I got the lates nightly build but it seems is broken?
> Try to start jmeter it gives me some ClassNotFoundExceptions.I have lates
> java 1.8.45 installed (which has by the way some 0day :P :()
>
>
>
>
> Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am 17:45 Mittwoch, 17.Juni 2015:
>
>
>
>
> Am 9. Juni 2015 11:41:42 MESZ, schrieb George <bamboocha324@yahoo.de
> <javascript:;>>:
> >HI,
> >ok i will get the nightly build and try it out.
>
> Have you tried the nightly and did it help you?
>
> Regards,
> Felix
>
> >BrGeorge
> >
> >
> >
> >Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am 19:31
> >Montag, 8.Juni 2015:
> >
> >
> > Am 08.06.2015 um 15:12 schrieb George:
> >> Hello Felix,
> >>
> >>
> >> Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am
> >14:58 Sonntag, 7.Juni 2015:
> >>
> >>
> >> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
> >>> Hi George,
> >>>
> >>> Am 03.06.2015 um 12:11 schrieb George:
> >>>> Hello,
> >>>> yes my server can do tls 1.2 perfectly and also with the above
> >>>> (strong) cipher.I did some more tests where i modify step by step
> >my
> >>>> server configuration until it works and here are my results.
> >>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
> >>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> >>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
> >>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
> >>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
> >cipher
> >>>>
> >>>> My jmeter.properties is set to do tls1.2 only - but the SSL
> >>>> configuration is only for the http protocol and not for
> >smtp(s).Thus
> >>>> i think this does not care.I have java jre 1.8 latest plus the
> >oracle
> >>>> security "Unlimited Strength Java Cryptography Extension Policy
> >>>> Files" pakage.
> >>>> My jmeter test plan is very easy.
> >>>> One thread one smtp sampler and one "view results in tree".The SMTP
> >>>> Sampler target my mail server on port "465" and the checkbox "use
> >>>> ssl" is enabled and the hook "Trust all certificates" is enabled
> >>>> too.There is one Subject: hello and Email body: hello. Simple
> >>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
> >>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
> >>>> SSL Handshake. SSL Connection established using "TLSv1
> >>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
> >>>> mutual ssl)
> >>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
> >>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
> >>>> I do not found any jmeter configuration about "smtps".
> >>>>
> >>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
> >the
> >>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
> >>>> Looking on the thunderbird settings its strange but the cipher i
> >want
> >>>> to use is not available. Thus i can do tls1.2 but not with my
> >>>> "strong" cipher.
> >>>> Br.George
> >>> I have added a few println's in TrustAllSSLSocketFactory and found,
> >>> that I have to change the line where the sslcontext is created first
> >>> by calling SSLContext.getInstance("TLS").
> >>>
> >>> When you change that occurence of TLS to TLSv1.2 you should get a
> >>> TLSv1.2 connection with a string cipher suite.
> >>>
> >>> This default setting should probably be configurable as the used
> >>> cipher suites.
> >>> After a bit more research, the behaviour seems to be different
> >between
> >>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
> >connect
> >>> with getInstance("TLS"), while java 7 was not.
> >>> Can you double check, that you are using java 8?
> >> yes i'm using java 8. java -version gives me: java version
> >"1.8.0_20".
> >> It's not the newest java 8 but it is java 8 for sure.
> >> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
> >where to change it to "TLSv1.2" ?
> >You could have changed it inside the source code of the class. But
> >don't
> >bother with it anymore.
> >> I did some debugging test and have activated the jmeter properites to
> >"DEBUG" (log level) and i also put the debug on in the
> >system.properties for ssl (all).When i configure my server to accept
> >TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
> >following:
> >> trigger seeding of SecureRandomdone seeding
> >SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
> >[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
> >TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
> >ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
> >> Now i change my server to only allow TLSv1.2 and then i see this:
> >> *** ClientHello, TLSv1
> >> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
> >handshare_failure
> >> The same error if i turn on TLSv1.1.
> >>
> >> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
> >> There are some configuration properties for http(s) and this works
> >perfectly with TLSv1.2But not for SMTP.
> >
> >I have filed a bug request
> >(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
> >fix.
> >
> >Could you try it out?
> >
> >The next nightly should have the fix, or you can build jmeter yourself
> >from source.
> >
> >Regards
> > Felix
> >> BrGeorge
> >>
> >>
> >>
> >>> Regards
> >> > Felix
> >>> Regards
> >>> Felix
> >>>
> >>>>
> >>>>
> >>>> Felix Schumacher <felix.schumacher@internetallee.de
> <javascript:;>> schrieb
> >am
> >>>> 10:29 Montag, 1.Juni 2015:
> >>>>
> >>>> Am 29.05.2015 um 13:16 schrieb George:
> >>>>> Hello,
> >>>>> i try to sent a "hello" email using SMTP Sampler and want to use
> >>>>> SSL/TLS on standard port 465 for this connection.More i want to
> >use
> >>>>> TLSv1.2 with the very strong cipher
> >>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
> >fail.
> >>>>> Technially if i change the configuration on my server to also
> >accept
> >>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
> >sent
> >>>>> perfectly.I see in the logs that the client (jmeter) and my server
> >>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
> >>>>> working but not with TLSv1.2.
> >>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
> >>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
> >>>>> not matter?
> >>>>>
> >JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
> >>>>>
> >>>> The smtp sampler has no option to specify the wanted ciphersuites,
> >so
> >>>> the option given above will not be used.
> >>>>> I also installed lates java jdk and i also installed the
> >additional
> >>>>> strong security pakage and replaced the .jar files in
> >>>>> /usr/java/jre.../lib/security
> >>>> Which jdk did you install exactly?
> >>>>
> >>>> Have you checked (with openssl or something similar), that your
> >>>> mailserver is capable of TLSv1.2?
> >>>>
> >>>> Regards
> >>>> Felix
> >>>>> BrGeorge
> >>>>>
> >>>>>
> >>>>
> >---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >>>> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >>> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>
> >>
> >>
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org <javascript:;>
> >For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org <javascript:;>
> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
>
>
>
>
--
Regards
Ubik Load Pack <http://ubikloadpack.com> Team
Follow us on Twitter <http://twitter.com/ubikloadpack>
Cordialement
L'équipe Ubik Load Pack <http://ubikloadpack.com>
Suivez-nous sur Twitter <http://twitter.com/ubikloadpack>
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by UBIK LOAD PACK Support <su...@ubikloadpack.com>.
Hi,
Did you follow install instructions:
- Download the _bin and _lib files
Unpack the archives into the same directory structure
The other archives are not needed to run JMeter.
http://jmeter.apache.org/nightly.html
On Tuesday, July 14, 2015, George <ba...@yahoo.de> wrote:
> HI,
> i will try it.I got the lates nightly build but it seems is broken?
> Try to start jmeter it gives me some ClassNotFoundExceptions.I have lates
> java 1.8.45 installed (which has by the way some 0day :P :()
>
>
>
>
> Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am 17:45 Mittwoch, 17.Juni 2015:
>
>
>
>
> Am 9. Juni 2015 11:41:42 MESZ, schrieb George <bamboocha324@yahoo.de
> <javascript:;>>:
> >HI,
> >ok i will get the nightly build and try it out.
>
> Have you tried the nightly and did it help you?
>
> Regards,
> Felix
>
> >BrGeorge
> >
> >
> >
> >Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am 19:31
> >Montag, 8.Juni 2015:
> >
> >
> > Am 08.06.2015 um 15:12 schrieb George:
> >> Hello Felix,
> >>
> >>
> >> Felix Schumacher <felix.schumacher@internetallee.de <javascript:;>>
> schrieb am
> >14:58 Sonntag, 7.Juni 2015:
> >>
> >>
> >> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
> >>> Hi George,
> >>>
> >>> Am 03.06.2015 um 12:11 schrieb George:
> >>>> Hello,
> >>>> yes my server can do tls 1.2 perfectly and also with the above
> >>>> (strong) cipher.I did some more tests where i modify step by step
> >my
> >>>> server configuration until it works and here are my results.
> >>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
> >>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> >>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
> >>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
> >>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
> >cipher
> >>>>
> >>>> My jmeter.properties is set to do tls1.2 only - but the SSL
> >>>> configuration is only for the http protocol and not for
> >smtp(s).Thus
> >>>> i think this does not care.I have java jre 1.8 latest plus the
> >oracle
> >>>> security "Unlimited Strength Java Cryptography Extension Policy
> >>>> Files" pakage.
> >>>> My jmeter test plan is very easy.
> >>>> One thread one smtp sampler and one "view results in tree".The SMTP
> >>>> Sampler target my mail server on port "465" and the checkbox "use
> >>>> ssl" is enabled and the hook "Trust all certificates" is enabled
> >>>> too.There is one Subject: hello and Email body: hello. Simple
> >>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
> >>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
> >>>> SSL Handshake. SSL Connection established using "TLSv1
> >>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
> >>>> mutual ssl)
> >>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
> >>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
> >>>> I do not found any jmeter configuration about "smtps".
> >>>>
> >>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
> >the
> >>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
> >>>> Looking on the thunderbird settings its strange but the cipher i
> >want
> >>>> to use is not available. Thus i can do tls1.2 but not with my
> >>>> "strong" cipher.
> >>>> Br.George
> >>> I have added a few println's in TrustAllSSLSocketFactory and found,
> >>> that I have to change the line where the sslcontext is created first
> >>> by calling SSLContext.getInstance("TLS").
> >>>
> >>> When you change that occurence of TLS to TLSv1.2 you should get a
> >>> TLSv1.2 connection with a string cipher suite.
> >>>
> >>> This default setting should probably be configurable as the used
> >>> cipher suites.
> >>> After a bit more research, the behaviour seems to be different
> >between
> >>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
> >connect
> >>> with getInstance("TLS"), while java 7 was not.
> >>> Can you double check, that you are using java 8?
> >> yes i'm using java 8. java -version gives me: java version
> >"1.8.0_20".
> >> It's not the newest java 8 but it is java 8 for sure.
> >> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
> >where to change it to "TLSv1.2" ?
> >You could have changed it inside the source code of the class. But
> >don't
> >bother with it anymore.
> >> I did some debugging test and have activated the jmeter properites to
> >"DEBUG" (log level) and i also put the debug on in the
> >system.properties for ssl (all).When i configure my server to accept
> >TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
> >following:
> >> trigger seeding of SecureRandomdone seeding
> >SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
> >[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
> >TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
> >ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
> >> Now i change my server to only allow TLSv1.2 and then i see this:
> >> *** ClientHello, TLSv1
> >> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
> >handshare_failure
> >> The same error if i turn on TLSv1.1.
> >>
> >> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
> >> There are some configuration properties for http(s) and this works
> >perfectly with TLSv1.2But not for SMTP.
> >
> >I have filed a bug request
> >(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
> >fix.
> >
> >Could you try it out?
> >
> >The next nightly should have the fix, or you can build jmeter yourself
> >from source.
> >
> >Regards
> > Felix
> >> BrGeorge
> >>
> >>
> >>
> >>> Regards
> >> > Felix
> >>> Regards
> >>> Felix
> >>>
> >>>>
> >>>>
> >>>> Felix Schumacher <felix.schumacher@internetallee.de
> <javascript:;>> schrieb
> >am
> >>>> 10:29 Montag, 1.Juni 2015:
> >>>>
> >>>> Am 29.05.2015 um 13:16 schrieb George:
> >>>>> Hello,
> >>>>> i try to sent a "hello" email using SMTP Sampler and want to use
> >>>>> SSL/TLS on standard port 465 for this connection.More i want to
> >use
> >>>>> TLSv1.2 with the very strong cipher
> >>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
> >fail.
> >>>>> Technially if i change the configuration on my server to also
> >accept
> >>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
> >sent
> >>>>> perfectly.I see in the logs that the client (jmeter) and my server
> >>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
> >>>>> working but not with TLSv1.2.
> >>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
> >>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
> >>>>> not matter?
> >>>>>
> >JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
> >>>>>
> >>>> The smtp sampler has no option to specify the wanted ciphersuites,
> >so
> >>>> the option given above will not be used.
> >>>>> I also installed lates java jdk and i also installed the
> >additional
> >>>>> strong security pakage and replaced the .jar files in
> >>>>> /usr/java/jre.../lib/security
> >>>> Which jdk did you install exactly?
> >>>>
> >>>> Have you checked (with openssl or something similar), that your
> >>>> mailserver is capable of TLSv1.2?
> >>>>
> >>>> Regards
> >>>> Felix
> >>>>> BrGeorge
> >>>>>
> >>>>>
> >>>>
> >---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >>>> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >>> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> <javascript:;>
> >> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
> >>
> >>
> >>
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org <javascript:;>
> >For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org <javascript:;>
> For additional commands, e-mail: user-help@jmeter.apache.org
> <javascript:;>
>
>
>
>
--
Regards
Ubik Load Pack <http://ubikloadpack.com> Team
Follow us on Twitter <http://twitter.com/ubikloadpack>
Cordialement
L'équipe Ubik Load Pack <http://ubikloadpack.com>
Suivez-nous sur Twitter <http://twitter.com/ubikloadpack>
Re: JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by George <ba...@yahoo.de>.
HI,
i will try it.I got the lates nightly build but it seems is broken?
Try to start jmeter it gives me some ClassNotFoundExceptions.I have lates java 1.8.45 installed (which has by the way some 0day :P :()
Felix Schumacher <fe...@internetallee.de> schrieb am 17:45 Mittwoch, 17.Juni 2015:
Am 9. Juni 2015 11:41:42 MESZ, schrieb George <ba...@yahoo.de>:
>HI,
>ok i will get the nightly build and try it out.
Have you tried the nightly and did it help you?
Regards,
Felix
>BrGeorge
>
>
>
>Felix Schumacher <fe...@internetallee.de> schrieb am 19:31
>Montag, 8.Juni 2015:
>
>
> Am 08.06.2015 um 15:12 schrieb George:
>> Hello Felix,
>>
>>
>> Felix Schumacher <fe...@internetallee.de> schrieb am
>14:58 Sonntag, 7.Juni 2015:
>>
>>
>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>> Hi George,
>>>
>>> Am 03.06.2015 um 12:11 schrieb George:
>>>> Hello,
>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>> (strong) cipher.I did some more tests where i modify step by step
>my
>>>> server configuration until it works and here are my results.
>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>cipher
>>>>
>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>> configuration is only for the http protocol and not for
>smtp(s).Thus
>>>> i think this does not care.I have java jre 1.8 latest plus the
>oracle
>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>> Files" pakage.
>>>> My jmeter test plan is very easy.
>>>> One thread one smtp sampler and one "view results in tree".The SMTP
>>>> Sampler target my mail server on port "465" and the checkbox "use
>>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>>> mutual ssl)
>>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>>> I do not found any jmeter configuration about "smtps".
>>>>
>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
>the
>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>>> Looking on the thunderbird settings its strange but the cipher i
>want
>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>> "strong" cipher.
>>>> Br.George
>>> I have added a few println's in TrustAllSSLSocketFactory and found,
>>> that I have to change the line where the sslcontext is created first
>>> by calling SSLContext.getInstance("TLS").
>>>
>>> When you change that occurence of TLS to TLSv1.2 you should get a
>>> TLSv1.2 connection with a string cipher suite.
>>>
>>> This default setting should probably be configurable as the used
>>> cipher suites.
>>> After a bit more research, the behaviour seems to be different
>between
>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>connect
>>> with getInstance("TLS"), while java 7 was not.
>>> Can you double check, that you are using java 8?
>> yes i'm using java 8. java -version gives me: java version
>"1.8.0_20".
>> It's not the newest java 8 but it is java 8 for sure.
>> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
>where to change it to "TLSv1.2" ?
>You could have changed it inside the source code of the class. But
>don't
>bother with it anymore.
>> I did some debugging test and have activated the jmeter properites to
>"DEBUG" (log level) and i also put the debug on in the
>system.properties for ssl (all).When i configure my server to accept
>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>following:
>> trigger seeding of SecureRandomdone seeding
>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>> Now i change my server to only allow TLSv1.2 and then i see this:
>> *** ClientHello, TLSv1
>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
>handshare_failure
>> The same error if i turn on TLSv1.1.
>>
>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>> There are some configuration properties for http(s) and this works
>perfectly with TLSv1.2But not for SMTP.
>
>I have filed a bug request
>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
>fix.
>
>Could you try it out?
>
>The next nightly should have the fix, or you can build jmeter yourself
>from source.
>
>Regards
> Felix
>> BrGeorge
>>
>>
>>
>>> Regards
>> > Felix
>>> Regards
>>> Felix
>>>
>>>>
>>>>
>>>> Felix Schumacher <fe...@internetallee.de> schrieb
>am
>>>> 10:29 Montag, 1.Juni 2015:
>>>>
>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>> Hello,
>>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>>> SSL/TLS on standard port 465 for this connection.More i want to
>use
>>>>> TLSv1.2 with the very strong cipher
>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
>fail.
>>>>> Technially if i change the configuration on my server to also
>accept
>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
>sent
>>>>> perfectly.I see in the logs that the client (jmeter) and my server
>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>> working but not with TLSv1.2.
>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>>>> not matter?
>>>>>
>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>
>>>> The smtp sampler has no option to specify the wanted ciphersuites,
>so
>>>> the option given above will not be used.
>>>>> I also installed lates java jdk and i also installed the
>additional
>>>>> strong security pakage and replaced the .jar files in
>>>>> /usr/java/jre.../lib/security
>>>> Which jdk did you install exactly?
>>>>
>>>> Have you checked (with openssl or something similar), that your
>>>> mailserver is capable of TLSv1.2?
>>>>
>>>> Regards
>>>> Felix
>>>>> BrGeorge
>>>>>
>>>>>
>>>>
>---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>>
>>>>
>>>
>>>
>---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 30.07.2015 um 16:19 schrieb George:
>
>
>
> Felix Schumacher <fe...@internetallee.de> schrieb am 13:11 Mittwoch, 22.Juli 2015:
>
>
>
>
> Am 22. Juli 2015 12:33:44 MESZ, schrieb Felix Schumacher <fe...@internetallee.de>:
>>
>> Am 20. Juli 2015 20:56:55 MESZ, schrieb Felix Schumacher
>> <fe...@internetallee.de>:
>>>
>>> Am 20. Juli 2015 13:39:57 MESZ, schrieb George
>> <ba...@yahoo.de>:
>>>>
>>>>
>>>> Felix Schumacher <fe...@internetallee.de> schrieb am 13:25
>>>> Freitag, 17.Juli 2015:
>>>>
>>>>
>>>>
>>>>
>>>> Am 15. Juli 2015 11:17:33 MESZ, schrieb George
>>> <ba...@yahoo.de>:
>>>>> Hello,
>>>>> Could you try to not top-post? And my mail client has problems
>>>> showing some of your new lines, which makes reading your malls harder
>>>> than it should be.
>>>>
>>>> OK sorry. I'm using the yahoo webmail client and just click "reply".
>>>>
>>>>
>>>>> i have now the r1609478 running and have set up in the
>>>>> jmeter.properties to use TLSv1.2.But this setting is only for
>>>> "http"...
>>>>> and not for smtp. Anyway i set to be TLSv1.2
>>>>> Right, http and smtp samplers have quite different settings.
>>>>> It's still not running. I put the Debug on an i see on my terminal:
>>>> ***
>>>>> CelintHello, TLSv1In JMeter logger panel i see:
>>>>> jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls
>>>>> protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i
>>>>> try to connect on port: 465 it's not working.
>>>>> Are these three only debug messages? Could you post the complete
>> log
>>>> messages somewhere? It would be best to have logs from the nightly
>>>> build and the latest official build.
>>>>
>>>>> Maybe a tcpdump of both tries could help.
>>>> Attached a screeshot of my tcpdump. As you can see the "Client Hello"
>>>> is done using TLSv1.0
>>> I can see no screenshot it was probably stripped of by the list.
>>>
>>> And when you're at it, the complete debug logs would be nice, too :)
>>>
>>>>> I also tried with a native mail client Thunderbird 31.4 which
>>> supports
>>>>> TLSv1.2.There it works perfectly like a charm from the beginning on.
>>>>> In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2
>>>>> ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong
>>>>> ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird
>>>> its
>>>>> working with at least TLSv1.2.
>>>>> Thus:My Server works perfectly and accept TLSv1.2 connections
>> ONLY.If
>>>> a
>>>>> client try to connect with anything below TLSv1.2 then my server do
>>>> not
>>>>> accept it.
>>>>> Is the mail server reachable via a public address, so that I could
>>>> try to access it?
>>>>
>>>> No the mail server is not public - sorry
>>>>
>>>>> For testing purposes i can activate TLSv1.1 and TLSv1.0 and then
>>>> JMeter
>>>>> is working too.
>>>>>
>>>>>
>>>>>
>>>>> Maybe some more info.If i use JMeter and the HTTP Sampler then i can
>>>> do
>>>>> TLSv1.2 connections with the strong cipher.But for this i need to
>> put
>>>>> this:
>>>>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>> in my jmeter.sh start script.
>>>>> So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with
>>>>> TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher
>> =
>>>>> also not working
>>>>> Well http and smtp tls are two different beats with respect to
>>>> jmeter.
>>>>
>>>>> Would you be able to build jmeter yourself and apply patches?
>>>> technically yes i do have java dev. skills.I will try to get the
>>> latest
>>>> source and apply tlsv1.2 for smtp(s).Maybe we should make the same
>>>> steps for smtp(s) as for http(s) and extend the jmeter.properties
>>>> having also smtp(s) parameters?also adding support for
>>>> "-Dsmtps.cipherSuites..." would be good to apply a cipherstring you
>>>> want only to have?
>>> I will send another mail, as soon as I have a patch with more options.
>>
>> OK, I think I have found the issue. The constants for ssl protocols
>> differ for smtp (startTLS) and smtps.
>>
>> You have to find the string "mail.smtp.ssl.protocols" in
>> src/protocol/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
>> amd replace it with "mail."+protocol+".ssl.protocols".
>>
>> I had tested Port 25 with startTLS and you are using smtps, so it
>> worked for me and didn't work for you.
>>
>> Please try it out.
>> I have checked the changes in, so you could fetch the newest sources via svn and compile them to try.
>> Regards,
>> Felix
>
> Hello,
> sorry for answering late.I have tried wit jmeter: 1692251 which is not the newest but this one contain the changes you have commited.
> Yes now it is working perfectly on "real" ssl SMTP(s) Port 465.I'm able to do TLSv1.2 with cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384I also see the "ClientHello, TLSv1.2".
> Perfect. Thank you for your help.
> Next step :)
> So as the client and my server do TLSv1.2 they commit to use a cipher from TLSv1.2.
> But i would like to force JMeter to use one very specific cipher namely: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384I can configure my server to only accept TLSv1.2 on this spezific cipher.
> For HTTPs this is already working with jmeter quite perfectly.
> For this i have to start my jmeter and add this to my jmeter.shJMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Doing so all HTTPs connections will be done using this specific cipher.
> So is there a way to have something similar for SMTP(s)?
> e.g. JMETER_OPTS="-Dsmtps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
You might want to try the attached patch.
It introduces a new jmeter property named mail.ssl.ciphersuites, which
you should add to your bin/user.properties.
Regards,
Felix
> Br,George
>
>
>
>> Regards,
>> Felix
>>> Regards,
>>> Felix
>>>
>>>> BrGeorge
>>>>
>>>>> Regards,
>>>>> Felix
>>>>>
>>>>>
>>>>> BrGeorge
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Felix Schumacher <fe...@internetallee.de> schrieb am
>> 17:45
>>>>> Mittwoch, 17.Juni 2015:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Am 9. Juni 2015 11:41:42 MESZ, schrieb George
>>> <ba...@yahoo.de>:
>>>>>> HI,
>>>>>> ok i will get the nightly build and try it out.
>>>>> Have you tried the nightly and did it help you?
>>>>>
>>>>> Regards,
>>>>> Felix
>>>>>
>>>>>> BrGeorge
>>>>>>
>>>>>>
>>>>>>
>>>>>> Felix Schumacher <fe...@internetallee.de> schrieb am
>>> 19:31
>>>>>> Montag, 8.Juni 2015:
>>>>>>
>>>>>>
>>>>>> Am 08.06.2015 um 15:12 schrieb George:
>>>>>>> Hello Felix,
>>>>>>>
>>>>>>>
>>>>>>> Felix Schumacher <fe...@internetallee.de> schrieb
>>>> am
>>>>>> 14:58 Sonntag, 7.Juni 2015:
>>>>>>>
>>>>>>>
>>>>>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>>>>>>> Hi George,
>>>>>>>>
>>>>>>>> Am 03.06.2015 um 12:11 schrieb George:
>>>>>>>>> Hello,
>>>>>>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>>>>>>> (strong) cipher.I did some more tests where i modify step by
>>> step
>>>>>> my
>>>>>>>>> server configuration until it works and here are my results.
>>>>>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>>>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>>>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>>>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>>>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>>>>>> cipher
>>>>>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>>>>>>> configuration is only for the http protocol and not for
>>>>>> smtp(s).Thus
>>>>>>>>> i think this does not care.I have java jre 1.8 latest plus the
>>>>>> oracle
>>>>>>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>>>>>>> Files" pakage.
>>>>>>>>> My jmeter test plan is very easy.
>>>>>>>>> One thread one smtp sampler and one "view results in tree".The
>>>>> SMTP
>>>>>>>>> Sampler target my mail server on port "465" and the checkbox
>>> "use
>>>>>>>>> ssl" is enabled and the hook "Trust all certificates" is
>> enabled
>>>>>>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>>>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>>>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success:
>>>> Perfectly
>>>>>>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>>>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means
>>>> no
>>>>>>>>> mutual ssl)
>>>>>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler
>>>>> using
>>>>>>>>> (direct) ssl on port 465 - but it only works if i activate
>>>> tls1.0.
>>>>>>>>> I do not found any jmeter configuration about "smtps".
>>>>>>>>>
>>>>>>>>> I did some further tests wirh thunderbird 31.4 (on a
>> linux).Here
>>>>>> the
>>>>>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4:
>>>> Success.
>>>>>>>>> Looking on the thunderbird settings its strange but the cipher
>> i
>>>>>> want
>>>>>>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>>>>>>> "strong" cipher.
>>>>>>>>> Br.George
>>>>>>>> I have added a few println's in TrustAllSSLSocketFactory and
>>>> found,
>>>>>>>> that I have to change the line where the sslcontext is created
>>>>> first
>>>>>>>> by calling SSLContext.getInstance("TLS").
>>>>>>>>
>>>>>>>> When you change that occurence of TLS to TLSv1.2 you should get
>> a
>>>>>>>> TLSv1.2 connection with a string cipher suite.
>>>>>>>>
>>>>>>>> This default setting should probably be configurable as the used
>>>>>>>> cipher suites.
>>>>>>>> After a bit more research, the behaviour seems to be different
>>>>>> between
>>>>>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>>>>>> connect
>>>>>>>> with getInstance("TLS"), while java 7 was not.
>>>>>>>> Can you double check, that you are using java 8?
>>>>>>> yes i'm using java 8. java -version gives me: java version
>>>>>> "1.8.0_20".
>>>>>>> It's not the newest java 8 but it is java 8 for sure.
>>>>>>> I'm not sure what you mean about "SSLContext.getInstance("TLS")
>>> and
>>>>>> where to change it to "TLSv1.2" ?
>>>>>> You could have changed it inside the source code of the class. But
>>>>>> don't
>>>>>> bother with it anymore.
>>>>>>> I did some debugging test and have activated the jmeter
>> properites
>>>>> to
>>>>>> "DEBUG" (log level) and i also put the debug on in the
>>>>>> system.properties for ssl (all).When i configure my server to
>> accept
>>>>>> TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>>>>>> following:
>>>>>>> trigger seeding of SecureRandomdone seeding
>>>>>> SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%%
>>> Initialized:
>>>>>> [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>>>>>> ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>>>>>>> Now i change my server to only allow TLSv1.2 and then i see this:
>>>>>>> *** ClientHello, TLSv1
>>>>>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description
>> =
>>>>>> handshare_failure
>>>>>>> The same error if i turn on TLSv1.1.
>>>>>>>
>>>>>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>>>>>>> There are some configuration properties for http(s) and this
>> works
>>>>>> perfectly with TLSv1.2But not for SMTP.
>>>>>>
>>>>>> I have filed a bug request
>>>>>> (https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and
>> submitted
>>>> a
>>>>>> fix.
>>>>>>
>>>>>> Could you try it out?
>>>>>>
>>>>>> The next nightly should have the fix, or you can build jmeter
>>>> yourself
>>>>> >from source.
>>>>>> Regards
>>>>>> Felix
>>>>>>> BrGeorge
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Regards
>>>>>>> > Felix
>>>>>>>> Regards
>>>>>>>> Felix
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Felix Schumacher <fe...@internetallee.de>
>>>>> schrieb
>>>>>> am
>>>>>>>>> 10:29 Montag, 1.Juni 2015:
>>>>>>>>>
>>>>>>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>>>>>>> Hello,
>>>>>>>>>> i try to sent a "hello" email using SMTP Sampler and want to
>>> use
>>>>>>>>>> SSL/TLS on standard port 465 for this connection.More i want
>> to
>>>>>> use
>>>>>>>>>> TLSv1.2 with the very strong cipher
>>>>>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the
>>> handshake
>>>>>> fail.
>>>>>>>>>> Technially if i change the configuration on my server to also
>>>>>> accept
>>>>>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email
>> is
>>>>>> sent
>>>>>>>>>> perfectly.I see in the logs that the client (jmeter) and my
>>>>> server
>>>>>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>>>>>>> working but not with TLSv1.2.
>>>>>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the
>>> above
>>>>>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it
>>>> does
>>>>>>>>>> not matter?
>>>>>>>>>>
>>>>>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>>>>> The smtp sampler has no option to specify the wanted
>>>> ciphersuites,
>>>>>> so
>>>>>>>>> the option given above will not be used.
>>>>>>>>>> I also installed lates java jdk and i also installed the
>>>>>> additional
>>>>>>>>>> strong security pakage and replaced the .jar files in
>>>>>>>>>> /usr/java/jre.../lib/security
>>>>>>>>> Which jdk did you install exactly?
>>>>>>>>>
>>>>>>>>> Have you checked (with openssl or something similar), that your
>>>>>>>>> mailserver is capable of TLSv1.2?
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> Felix
>>>>>>>>>> BrGeorge
>>>>>>>>>>
>>>>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>>>
>>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>
>
Re: JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by George <ba...@yahoo.de>.
Felix Schumacher <fe...@internetallee.de> schrieb am 13:11 Mittwoch, 22.Juli 2015:
Am 22. Juli 2015 12:33:44 MESZ, schrieb Felix Schumacher <fe...@internetallee.de>:
>
>
>Am 20. Juli 2015 20:56:55 MESZ, schrieb Felix Schumacher
><fe...@internetallee.de>:
>>
>>
>>Am 20. Juli 2015 13:39:57 MESZ, schrieb George
><ba...@yahoo.de>:
>>>
>>>
>>>
>>>Felix Schumacher <fe...@internetallee.de> schrieb am 13:25
>>>Freitag, 17.Juli 2015:
>>>
>>>
>>>
>>>
>>>Am 15. Juli 2015 11:17:33 MESZ, schrieb George
>><ba...@yahoo.de>:
>>>>Hello,
>>>
>>>> Could you try to not top-post? And my mail client has problems
>>>showing some of your new lines, which makes reading your malls harder
>>>than it should be.
>>>
>>>OK sorry. I'm using the yahoo webmail client and just click "reply".
>>>
>>>
>>>>i have now the r1609478 running and have set up in the
>>>>jmeter.properties to use TLSv1.2.But this setting is only for
>>>"http"...
>>>>and not for smtp. Anyway i set to be TLSv1.2
>>>
>>>> Right, http and smtp samplers have quite different settings.
>>>
>>>>It's still not running. I put the Debug on an i see on my terminal:
>>>***
>>>>CelintHello, TLSv1In JMeter logger panel i see:
>>>>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls
>>>>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i
>>>>try to connect on port: 465 it's not working.
>>>
>>>> Are these three only debug messages? Could you post the complete
>log
>>>messages somewhere? It would be best to have logs from the nightly
>>>build and the latest official build.
>>>
>>>> Maybe a tcpdump of both tries could help.
>>>
>>>Attached a screeshot of my tcpdump. As you can see the "Client Hello"
>>>is done using TLSv1.0
>>
>>I can see no screenshot it was probably stripped of by the list.
>>
>>And when you're at it, the complete debug logs would be nice, too :)
>>
>>>
>>>>I also tried with a native mail client Thunderbird 31.4 which
>>supports
>>>>TLSv1.2.There it works perfectly like a charm from the beginning on.
>>>>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2
>>>>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong
>>>>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird
>>>its
>>>>working with at least TLSv1.2.
>>>>Thus:My Server works perfectly and accept TLSv1.2 connections
>ONLY.If
>>>a
>>>>client try to connect with anything below TLSv1.2 then my server do
>>>not
>>>>accept it.
>>>
>>>> Is the mail server reachable via a public address, so that I could
>>>try to access it?
>>>
>>>No the mail server is not public - sorry
>>>
>>>>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then
>>>JMeter
>>>>is working too.
>>>>
>>>>
>>>>
>>>>Maybe some more info.If i use JMeter and the HTTP Sampler then i can
>>>do
>>>>TLSv1.2 connections with the strong cipher.But for this i need to
>put
>>>>this:
>>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>in my jmeter.sh start script.
>>>>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with
>>>>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher
>=
>>>>also not working
>>>
>>>> Well http and smtp tls are two different beats with respect to
>>>jmeter.
>>>
>>>> Would you be able to build jmeter yourself and apply patches?
>>>
>>>technically yes i do have java dev. skills.I will try to get the
>>latest
>>>source and apply tlsv1.2 for smtp(s).Maybe we should make the same
>>>steps for smtp(s) as for http(s) and extend the jmeter.properties
>>>having also smtp(s) parameters?also adding support for
>>>"-Dsmtps.cipherSuites..." would be good to apply a cipherstring you
>>>want only to have?
>>
>>I will send another mail, as soon as I have a patch with more options.
>
>
>OK, I think I have found the issue. The constants for ssl protocols
>differ for smtp (startTLS) and smtps.
>
>You have to find the string "mail.smtp.ssl.protocols" in
>src/protocol/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
>amd replace it with "mail."+protocol+".ssl.protocols".
>
>I had tested Port 25 with startTLS and you are using smtps, so it
>worked for me and didn't work for you.
>
>Please try it out.
>I have checked the changes in, so you could fetch the newest sources via svn and compile them to try.
>Regards,
>Felix
Hello,
sorry for answering late.I have tried wit jmeter: 1692251 which is not the newest but this one contain the changes you have commited.
Yes now it is working perfectly on "real" ssl SMTP(s) Port 465.I'm able to do TLSv1.2 with cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384I also see the "ClientHello, TLSv1.2".
Perfect. Thank you for your help.
Next step :)
So as the client and my server do TLSv1.2 they commit to use a cipher from TLSv1.2.
But i would like to force JMeter to use one very specific cipher namely: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384I can configure my server to only accept TLSv1.2 on this spezific cipher.
For HTTPs this is already working with jmeter quite perfectly.
For this i have to start my jmeter and add this to my jmeter.shJMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Doing so all HTTPs connections will be done using this specific cipher.
So is there a way to have something similar for SMTP(s)?
e.g. JMETER_OPTS="-Dsmtps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
Br,George
>
>Regards,
>Felix
>>
>>Regards,
>>Felix
>>
>>>
>>>BrGeorge
>>>
>>>>Regards,
>>>>Felix
>>>>
>>>>
>>>>BrGeorge
>>>>
>>>>
>>>>
>>>>
>>>>Felix Schumacher <fe...@internetallee.de> schrieb am
>17:45
>>>>Mittwoch, 17.Juni 2015:
>>>>
>>>>
>>>>
>>>>
>>>>Am 9. Juni 2015 11:41:42 MESZ, schrieb George
>><ba...@yahoo.de>:
>>>>>HI,
>>>>>ok i will get the nightly build and try it out.
>>>>
>>>>Have you tried the nightly and did it help you?
>>>>
>>>>Regards,
>>>>Felix
>>>>
>>>>>BrGeorge
>>>>>
>>>>>
>>>>>
>>>>>Felix Schumacher <fe...@internetallee.de> schrieb am
>>19:31
>>>>>Montag, 8.Juni 2015:
>>>>>
>>>>>
>>>>> Am 08.06.2015 um 15:12 schrieb George:
>>>>>> Hello Felix,
>>>>>>
>>>>>>
>>>>>> Felix Schumacher <fe...@internetallee.de> schrieb
>>>am
>>>>>14:58 Sonntag, 7.Juni 2015:
>>>>>>
>>>>>>
>>>>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>>>>>> Hi George,
>>>>>>>
>>>>>>> Am 03.06.2015 um 12:11 schrieb George:
>>>>>>>> Hello,
>>>>>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>>>>>> (strong) cipher.I did some more tests where i modify step by
>>step
>>>>>my
>>>>>>>> server configuration until it works and here are my results.
>>>>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>>>>>cipher
>>>>>>>>
>>>>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>>>>>> configuration is only for the http protocol and not for
>>>>>smtp(s).Thus
>>>>>>>> i think this does not care.I have java jre 1.8 latest plus the
>>>>>oracle
>>>>>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>>>>>> Files" pakage.
>>>>>>>> My jmeter test plan is very easy.
>>>>>>>> One thread one smtp sampler and one "view results in tree".The
>>>>SMTP
>>>>>>>> Sampler target my mail server on port "465" and the checkbox
>>"use
>>>>>>>> ssl" is enabled and the hook "Trust all certificates" is
>enabled
>>>>>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success:
>>>Perfectly
>>>>>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means
>>>no
>>>>>>>> mutual ssl)
>>>>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler
>>>>using
>>>>>>>> (direct) ssl on port 465 - but it only works if i activate
>>>tls1.0.
>>>>>>>> I do not found any jmeter configuration about "smtps".
>>>>>>>>
>>>>>>>> I did some further tests wirh thunderbird 31.4 (on a
>linux).Here
>>>>>the
>>>>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4:
>>>Success.
>>>>>>>> Looking on the thunderbird settings its strange but the cipher
>i
>>>>>want
>>>>>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>>>>>> "strong" cipher.
>>>>>>>> Br.George
>>>>>>> I have added a few println's in TrustAllSSLSocketFactory and
>>>found,
>>>>>>> that I have to change the line where the sslcontext is created
>>>>first
>>>>>>> by calling SSLContext.getInstance("TLS").
>>>>>>>
>>>>>>> When you change that occurence of TLS to TLSv1.2 you should get
>a
>>>>>>> TLSv1.2 connection with a string cipher suite.
>>>>>>>
>>>>>>> This default setting should probably be configurable as the used
>>>>>>> cipher suites.
>>>>>>> After a bit more research, the behaviour seems to be different
>>>>>between
>>>>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>>>>>connect
>>>>>>> with getInstance("TLS"), while java 7 was not.
>>>>>>> Can you double check, that you are using java 8?
>>>>>> yes i'm using java 8. java -version gives me: java version
>>>>>"1.8.0_20".
>>>>>> It's not the newest java 8 but it is java 8 for sure.
>>>>>> I'm not sure what you mean about "SSLContext.getInstance("TLS")
>>and
>>>>>where to change it to "TLSv1.2" ?
>>>>>You could have changed it inside the source code of the class. But
>>>>>don't
>>>>>bother with it anymore.
>>>>>> I did some debugging test and have activated the jmeter
>properites
>>>>to
>>>>>"DEBUG" (log level) and i also put the debug on in the
>>>>>system.properties for ssl (all).When i configure my server to
>accept
>>>>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>>>>>following:
>>>>>> trigger seeding of SecureRandomdone seeding
>>>>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%%
>>Initialized:
>>>>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>>>>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>>>>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>>>>>> Now i change my server to only allow TLSv1.2 and then i see this:
>>>>>> *** ClientHello, TLSv1
>>>>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description
>=
>>>>>handshare_failure
>>>>>> The same error if i turn on TLSv1.1.
>>>>>>
>>>>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>>>>>> There are some configuration properties for http(s) and this
>works
>>>>>perfectly with TLSv1.2But not for SMTP.
>>>>>
>>>>>I have filed a bug request
>>>>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and
>submitted
>>>a
>>>>>fix.
>>>>>
>>>>>Could you try it out?
>>>>>
>>>>>The next nightly should have the fix, or you can build jmeter
>>>yourself
>>>>
>>>>>from source.
>>>>>
>>>>>Regards
>>>>> Felix
>>>>>> BrGeorge
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Regards
>>>>>> > Felix
>>>>>>> Regards
>>>>>>> Felix
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Felix Schumacher <fe...@internetallee.de>
>>>>schrieb
>>>>>am
>>>>>>>> 10:29 Montag, 1.Juni 2015:
>>>>>>>>
>>>>>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>>>>>> Hello,
>>>>>>>>> i try to sent a "hello" email using SMTP Sampler and want to
>>use
>>>>>>>>> SSL/TLS on standard port 465 for this connection.More i want
>to
>>>>>use
>>>>>>>>> TLSv1.2 with the very strong cipher
>>>>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the
>>handshake
>>>>>fail.
>>>>>>>>> Technially if i change the configuration on my server to also
>>>>>accept
>>>>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email
>is
>>>>>sent
>>>>>>>>> perfectly.I see in the logs that the client (jmeter) and my
>>>>server
>>>>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>>>>>> working but not with TLSv1.2.
>>>>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the
>>above
>>>>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it
>>>does
>>>>>>>>> not matter?
>>>>>>>>>
>>>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>>>>>
>>>>>>>> The smtp sampler has no option to specify the wanted
>>>ciphersuites,
>>>>>so
>>>>>>>> the option given above will not be used.
>>>>>>>>> I also installed lates java jdk and i also installed the
>>>>>additional
>>>>>>>>> strong security pakage and replaced the .jar files in
>>>>>>>>> /usr/java/jre.../lib/security
>>>>>>>> Which jdk did you install exactly?
>>>>>>>>
>>>>>>>> Have you checked (with openssl or something similar), that your
>>>>>>>> mailserver is capable of TLSv1.2?
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Felix
>>>>>>>>> BrGeorge
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>>
>>>>>>
>>>>>>
>>>>---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>---------------------------------------------------------------------
>>>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 22. Juli 2015 12:33:44 MESZ, schrieb Felix Schumacher <fe...@internetallee.de>:
>
>
>Am 20. Juli 2015 20:56:55 MESZ, schrieb Felix Schumacher
><fe...@internetallee.de>:
>>
>>
>>Am 20. Juli 2015 13:39:57 MESZ, schrieb George
><ba...@yahoo.de>:
>>>
>>>
>>>
>>>Felix Schumacher <fe...@internetallee.de> schrieb am 13:25
>>>Freitag, 17.Juli 2015:
>>>
>>>
>>>
>>>
>>>Am 15. Juli 2015 11:17:33 MESZ, schrieb George
>><ba...@yahoo.de>:
>>>>Hello,
>>>
>>>> Could you try to not top-post? And my mail client has problems
>>>showing some of your new lines, which makes reading your malls harder
>>>than it should be.
>>>
>>>OK sorry. I'm using the yahoo webmail client and just click "reply".
>>>
>>>
>>>>i have now the r1609478 running and have set up in the
>>>>jmeter.properties to use TLSv1.2.But this setting is only for
>>>"http"...
>>>>and not for smtp. Anyway i set to be TLSv1.2
>>>
>>>> Right, http and smtp samplers have quite different settings.
>>>
>>>>It's still not running. I put the Debug on an i see on my terminal:
>>>***
>>>>CelintHello, TLSv1In JMeter logger panel i see:
>>>>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls
>>>>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i
>>>>try to connect on port: 465 it's not working.
>>>
>>>> Are these three only debug messages? Could you post the complete
>log
>>>messages somewhere? It would be best to have logs from the nightly
>>>build and the latest official build.
>>>
>>>> Maybe a tcpdump of both tries could help.
>>>
>>>Attached a screeshot of my tcpdump. As you can see the "Client Hello"
>>>is done using TLSv1.0
>>
>>I can see no screenshot it was probably stripped of by the list.
>>
>>And when you're at it, the complete debug logs would be nice, too :)
>>
>>>
>>>>I also tried with a native mail client Thunderbird 31.4 which
>>supports
>>>>TLSv1.2.There it works perfectly like a charm from the beginning on.
>>>>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2
>>>>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong
>>>>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird
>>>its
>>>>working with at least TLSv1.2.
>>>>Thus:My Server works perfectly and accept TLSv1.2 connections
>ONLY.If
>>>a
>>>>client try to connect with anything below TLSv1.2 then my server do
>>>not
>>>>accept it.
>>>
>>>> Is the mail server reachable via a public address, so that I could
>>>try to access it?
>>>
>>>No the mail server is not public - sorry
>>>
>>>>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then
>>>JMeter
>>>>is working too.
>>>>
>>>>
>>>>
>>>>Maybe some more info.If i use JMeter and the HTTP Sampler then i can
>>>do
>>>>TLSv1.2 connections with the strong cipher.But for this i need to
>put
>>>>this:
>>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>in my jmeter.sh start script.
>>>>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with
>>>>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher
>=
>>>>also not working
>>>
>>>> Well http and smtp tls are two different beats with respect to
>>>jmeter.
>>>
>>>> Would you be able to build jmeter yourself and apply patches?
>>>
>>>technically yes i do have java dev. skills.I will try to get the
>>latest
>>>source and apply tlsv1.2 for smtp(s).Maybe we should make the same
>>>steps for smtp(s) as for http(s) and extend the jmeter.properties
>>>having also smtp(s) parameters?also adding support for
>>>"-Dsmtps.cipherSuites..." would be good to apply a cipherstring you
>>>want only to have?
>>
>>I will send another mail, as soon as I have a patch with more options.
>
>
>OK, I think I have found the issue. The constants for ssl protocols
>differ for smtp (startTLS) and smtps.
>
>You have to find the string "mail.smtp.ssl.protocols" in
>src/protocol/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
>amd replace it with "mail."+protocol+".ssl.protocols".
>
>I had tested Port 25 with startTLS and you are using smtps, so it
>worked for me and didn't work for you.
>
>Please try it out.
I have checked the changes in, so you could fetch the newest sources via svn and compile them to try.
Regards,
Felix
>
>Regards,
>Felix
>>
>>Regards,
>>Felix
>>
>>>
>>>BrGeorge
>>>
>>>>Regards,
>>>>Felix
>>>>
>>>>
>>>>BrGeorge
>>>>
>>>>
>>>>
>>>>
>>>>Felix Schumacher <fe...@internetallee.de> schrieb am
>17:45
>>>>Mittwoch, 17.Juni 2015:
>>>>
>>>>
>>>>
>>>>
>>>>Am 9. Juni 2015 11:41:42 MESZ, schrieb George
>><ba...@yahoo.de>:
>>>>>HI,
>>>>>ok i will get the nightly build and try it out.
>>>>
>>>>Have you tried the nightly and did it help you?
>>>>
>>>>Regards,
>>>>Felix
>>>>
>>>>>BrGeorge
>>>>>
>>>>>
>>>>>
>>>>>Felix Schumacher <fe...@internetallee.de> schrieb am
>>19:31
>>>>>Montag, 8.Juni 2015:
>>>>>
>>>>>
>>>>> Am 08.06.2015 um 15:12 schrieb George:
>>>>>> Hello Felix,
>>>>>>
>>>>>>
>>>>>> Felix Schumacher <fe...@internetallee.de> schrieb
>>>am
>>>>>14:58 Sonntag, 7.Juni 2015:
>>>>>>
>>>>>>
>>>>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>>>>>> Hi George,
>>>>>>>
>>>>>>> Am 03.06.2015 um 12:11 schrieb George:
>>>>>>>> Hello,
>>>>>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>>>>>> (strong) cipher.I did some more tests where i modify step by
>>step
>>>>>my
>>>>>>>> server configuration until it works and here are my results.
>>>>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>>>>>cipher
>>>>>>>>
>>>>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>>>>>> configuration is only for the http protocol and not for
>>>>>smtp(s).Thus
>>>>>>>> i think this does not care.I have java jre 1.8 latest plus the
>>>>>oracle
>>>>>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>>>>>> Files" pakage.
>>>>>>>> My jmeter test plan is very easy.
>>>>>>>> One thread one smtp sampler and one "view results in tree".The
>>>>SMTP
>>>>>>>> Sampler target my mail server on port "465" and the checkbox
>>"use
>>>>>>>> ssl" is enabled and the hook "Trust all certificates" is
>enabled
>>>>>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success:
>>>Perfectly
>>>>>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means
>>>no
>>>>>>>> mutual ssl)
>>>>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler
>>>>using
>>>>>>>> (direct) ssl on port 465 - but it only works if i activate
>>>tls1.0.
>>>>>>>> I do not found any jmeter configuration about "smtps".
>>>>>>>>
>>>>>>>> I did some further tests wirh thunderbird 31.4 (on a
>linux).Here
>>>>>the
>>>>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4:
>>>Success.
>>>>>>>> Looking on the thunderbird settings its strange but the cipher
>i
>>>>>want
>>>>>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>>>>>> "strong" cipher.
>>>>>>>> Br.George
>>>>>>> I have added a few println's in TrustAllSSLSocketFactory and
>>>found,
>>>>>>> that I have to change the line where the sslcontext is created
>>>>first
>>>>>>> by calling SSLContext.getInstance("TLS").
>>>>>>>
>>>>>>> When you change that occurence of TLS to TLSv1.2 you should get
>a
>>>>>>> TLSv1.2 connection with a string cipher suite.
>>>>>>>
>>>>>>> This default setting should probably be configurable as the used
>>>>>>> cipher suites.
>>>>>>> After a bit more research, the behaviour seems to be different
>>>>>between
>>>>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>>>>>connect
>>>>>>> with getInstance("TLS"), while java 7 was not.
>>>>>>> Can you double check, that you are using java 8?
>>>>>> yes i'm using java 8. java -version gives me: java version
>>>>>"1.8.0_20".
>>>>>> It's not the newest java 8 but it is java 8 for sure.
>>>>>> I'm not sure what you mean about "SSLContext.getInstance("TLS")
>>and
>>>>>where to change it to "TLSv1.2" ?
>>>>>You could have changed it inside the source code of the class. But
>>>>>don't
>>>>>bother with it anymore.
>>>>>> I did some debugging test and have activated the jmeter
>properites
>>>>to
>>>>>"DEBUG" (log level) and i also put the debug on in the
>>>>>system.properties for ssl (all).When i configure my server to
>accept
>>>>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>>>>>following:
>>>>>> trigger seeding of SecureRandomdone seeding
>>>>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%%
>>Initialized:
>>>>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>>>>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>>>>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>>>>>> Now i change my server to only allow TLSv1.2 and then i see this:
>>>>>> *** ClientHello, TLSv1
>>>>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description
>=
>>>>>handshare_failure
>>>>>> The same error if i turn on TLSv1.1.
>>>>>>
>>>>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>>>>>> There are some configuration properties for http(s) and this
>works
>>>>>perfectly with TLSv1.2But not for SMTP.
>>>>>
>>>>>I have filed a bug request
>>>>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and
>submitted
>>>a
>>>>>fix.
>>>>>
>>>>>Could you try it out?
>>>>>
>>>>>The next nightly should have the fix, or you can build jmeter
>>>yourself
>>>>
>>>>>from source.
>>>>>
>>>>>Regards
>>>>> Felix
>>>>>> BrGeorge
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Regards
>>>>>> > Felix
>>>>>>> Regards
>>>>>>> Felix
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Felix Schumacher <fe...@internetallee.de>
>>>>schrieb
>>>>>am
>>>>>>>> 10:29 Montag, 1.Juni 2015:
>>>>>>>>
>>>>>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>>>>>> Hello,
>>>>>>>>> i try to sent a "hello" email using SMTP Sampler and want to
>>use
>>>>>>>>> SSL/TLS on standard port 465 for this connection.More i want
>to
>>>>>use
>>>>>>>>> TLSv1.2 with the very strong cipher
>>>>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the
>>handshake
>>>>>fail.
>>>>>>>>> Technially if i change the configuration on my server to also
>>>>>accept
>>>>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email
>is
>>>>>sent
>>>>>>>>> perfectly.I see in the logs that the client (jmeter) and my
>>>>server
>>>>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>>>>>> working but not with TLSv1.2.
>>>>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the
>>above
>>>>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it
>>>does
>>>>>>>>> not matter?
>>>>>>>>>
>>>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>>>>>
>>>>>>>> The smtp sampler has no option to specify the wanted
>>>ciphersuites,
>>>>>so
>>>>>>>> the option given above will not be used.
>>>>>>>>> I also installed lates java jdk and i also installed the
>>>>>additional
>>>>>>>>> strong security pakage and replaced the .jar files in
>>>>>>>>> /usr/java/jre.../lib/security
>>>>>>>> Which jdk did you install exactly?
>>>>>>>>
>>>>>>>> Have you checked (with openssl or something similar), that your
>>>>>>>> mailserver is capable of TLSv1.2?
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Felix
>>>>>>>>> BrGeorge
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>>
>>>>>>
>>>>>>
>>>>---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>---------------------------------------------------------------------
>>>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 20. Juli 2015 20:56:55 MESZ, schrieb Felix Schumacher <fe...@internetallee.de>:
>
>
>Am 20. Juli 2015 13:39:57 MESZ, schrieb George <ba...@yahoo.de>:
>>
>>
>>
>>Felix Schumacher <fe...@internetallee.de> schrieb am 13:25
>>Freitag, 17.Juli 2015:
>>
>>
>>
>>
>>Am 15. Juli 2015 11:17:33 MESZ, schrieb George
><ba...@yahoo.de>:
>>>Hello,
>>
>>> Could you try to not top-post? And my mail client has problems
>>showing some of your new lines, which makes reading your malls harder
>>than it should be.
>>
>>OK sorry. I'm using the yahoo webmail client and just click "reply".
>>
>>
>>>i have now the r1609478 running and have set up in the
>>>jmeter.properties to use TLSv1.2.But this setting is only for
>>"http"...
>>>and not for smtp. Anyway i set to be TLSv1.2
>>
>>> Right, http and smtp samplers have quite different settings.
>>
>>>It's still not running. I put the Debug on an i see on my terminal:
>>***
>>>CelintHello, TLSv1In JMeter logger panel i see:
>>>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls
>>>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i
>>>try to connect on port: 465 it's not working.
>>
>>> Are these three only debug messages? Could you post the complete log
>>messages somewhere? It would be best to have logs from the nightly
>>build and the latest official build.
>>
>>> Maybe a tcpdump of both tries could help.
>>
>>Attached a screeshot of my tcpdump. As you can see the "Client Hello"
>>is done using TLSv1.0
>
>I can see no screenshot it was probably stripped of by the list.
>
>And when you're at it, the complete debug logs would be nice, too :)
>
>>
>>>I also tried with a native mail client Thunderbird 31.4 which
>supports
>>>TLSv1.2.There it works perfectly like a charm from the beginning on.
>>>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2
>>>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong
>>>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird
>>its
>>>working with at least TLSv1.2.
>>>Thus:My Server works perfectly and accept TLSv1.2 connections ONLY.If
>>a
>>>client try to connect with anything below TLSv1.2 then my server do
>>not
>>>accept it.
>>
>>> Is the mail server reachable via a public address, so that I could
>>try to access it?
>>
>>No the mail server is not public - sorry
>>
>>>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then
>>JMeter
>>>is working too.
>>>
>>>
>>>
>>>Maybe some more info.If i use JMeter and the HTTP Sampler then i can
>>do
>>>TLSv1.2 connections with the strong cipher.But for this i need to put
>>>this:
>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>in my jmeter.sh start script.
>>>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with
>>>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher =
>>>also not working
>>
>>> Well http and smtp tls are two different beats with respect to
>>jmeter.
>>
>>> Would you be able to build jmeter yourself and apply patches?
>>
>>technically yes i do have java dev. skills.I will try to get the
>latest
>>source and apply tlsv1.2 for smtp(s).Maybe we should make the same
>>steps for smtp(s) as for http(s) and extend the jmeter.properties
>>having also smtp(s) parameters?also adding support for
>>"-Dsmtps.cipherSuites..." would be good to apply a cipherstring you
>>want only to have?
>
>I will send another mail, as soon as I have a patch with more options.
OK, I think I have found the issue. The constants for ssl protocols differ for smtp (startTLS) and smtps.
You have to find the string "mail.smtp.ssl.protocols" in src/protocol/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java amd replace it with "mail."+protocol+".ssl.protocols".
I had tested Port 25 with startTLS and you are using smtps, so it worked for me and didn't work for you.
Please try it out.
Regards,
Felix
>
>Regards,
>Felix
>
>>
>>BrGeorge
>>
>>>Regards,
>>>Felix
>>>
>>>
>>>BrGeorge
>>>
>>>
>>>
>>>
>>>Felix Schumacher <fe...@internetallee.de> schrieb am 17:45
>>>Mittwoch, 17.Juni 2015:
>>>
>>>
>>>
>>>
>>>Am 9. Juni 2015 11:41:42 MESZ, schrieb George
><ba...@yahoo.de>:
>>>>HI,
>>>>ok i will get the nightly build and try it out.
>>>
>>>Have you tried the nightly and did it help you?
>>>
>>>Regards,
>>>Felix
>>>
>>>>BrGeorge
>>>>
>>>>
>>>>
>>>>Felix Schumacher <fe...@internetallee.de> schrieb am
>19:31
>>>>Montag, 8.Juni 2015:
>>>>
>>>>
>>>> Am 08.06.2015 um 15:12 schrieb George:
>>>>> Hello Felix,
>>>>>
>>>>>
>>>>> Felix Schumacher <fe...@internetallee.de> schrieb
>>am
>>>>14:58 Sonntag, 7.Juni 2015:
>>>>>
>>>>>
>>>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>>>>> Hi George,
>>>>>>
>>>>>> Am 03.06.2015 um 12:11 schrieb George:
>>>>>>> Hello,
>>>>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>>>>> (strong) cipher.I did some more tests where i modify step by
>step
>>>>my
>>>>>>> server configuration until it works and here are my results.
>>>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>>>>cipher
>>>>>>>
>>>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>>>>> configuration is only for the http protocol and not for
>>>>smtp(s).Thus
>>>>>>> i think this does not care.I have java jre 1.8 latest plus the
>>>>oracle
>>>>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>>>>> Files" pakage.
>>>>>>> My jmeter test plan is very easy.
>>>>>>> One thread one smtp sampler and one "view results in tree".The
>>>SMTP
>>>>>>> Sampler target my mail server on port "465" and the checkbox
>"use
>>>>>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>>>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success:
>>Perfectly
>>>>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means
>>no
>>>>>>> mutual ssl)
>>>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler
>>>using
>>>>>>> (direct) ssl on port 465 - but it only works if i activate
>>tls1.0.
>>>>>>> I do not found any jmeter configuration about "smtps".
>>>>>>>
>>>>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
>>>>the
>>>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4:
>>Success.
>>>>>>> Looking on the thunderbird settings its strange but the cipher i
>>>>want
>>>>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>>>>> "strong" cipher.
>>>>>>> Br.George
>>>>>> I have added a few println's in TrustAllSSLSocketFactory and
>>found,
>>>>>> that I have to change the line where the sslcontext is created
>>>first
>>>>>> by calling SSLContext.getInstance("TLS").
>>>>>>
>>>>>> When you change that occurence of TLS to TLSv1.2 you should get a
>>>>>> TLSv1.2 connection with a string cipher suite.
>>>>>>
>>>>>> This default setting should probably be configurable as the used
>>>>>> cipher suites.
>>>>>> After a bit more research, the behaviour seems to be different
>>>>between
>>>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>>>>connect
>>>>>> with getInstance("TLS"), while java 7 was not.
>>>>>> Can you double check, that you are using java 8?
>>>>> yes i'm using java 8. java -version gives me: java version
>>>>"1.8.0_20".
>>>>> It's not the newest java 8 but it is java 8 for sure.
>>>>> I'm not sure what you mean about "SSLContext.getInstance("TLS")
>and
>>>>where to change it to "TLSv1.2" ?
>>>>You could have changed it inside the source code of the class. But
>>>>don't
>>>>bother with it anymore.
>>>>> I did some debugging test and have activated the jmeter properites
>>>to
>>>>"DEBUG" (log level) and i also put the debug on in the
>>>>system.properties for ssl (all).When i configure my server to accept
>>>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>>>>following:
>>>>> trigger seeding of SecureRandomdone seeding
>>>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%%
>Initialized:
>>>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>>>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>>>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>>>>> Now i change my server to only allow TLSv1.2 and then i see this:
>>>>> *** ClientHello, TLSv1
>>>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
>>>>handshare_failure
>>>>> The same error if i turn on TLSv1.1.
>>>>>
>>>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>>>>> There are some configuration properties for http(s) and this works
>>>>perfectly with TLSv1.2But not for SMTP.
>>>>
>>>>I have filed a bug request
>>>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted
>>a
>>>>fix.
>>>>
>>>>Could you try it out?
>>>>
>>>>The next nightly should have the fix, or you can build jmeter
>>yourself
>>>
>>>>from source.
>>>>
>>>>Regards
>>>> Felix
>>>>> BrGeorge
>>>>>
>>>>>
>>>>>
>>>>>> Regards
>>>>> > Felix
>>>>>> Regards
>>>>>> Felix
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Felix Schumacher <fe...@internetallee.de>
>>>schrieb
>>>>am
>>>>>>> 10:29 Montag, 1.Juni 2015:
>>>>>>>
>>>>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>>>>> Hello,
>>>>>>>> i try to sent a "hello" email using SMTP Sampler and want to
>use
>>>>>>>> SSL/TLS on standard port 465 for this connection.More i want to
>>>>use
>>>>>>>> TLSv1.2 with the very strong cipher
>>>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the
>handshake
>>>>fail.
>>>>>>>> Technially if i change the configuration on my server to also
>>>>accept
>>>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
>>>>sent
>>>>>>>> perfectly.I see in the logs that the client (jmeter) and my
>>>server
>>>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>>>>> working but not with TLSv1.2.
>>>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the
>above
>>>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it
>>does
>>>>>>>> not matter?
>>>>>>>>
>>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>>>>
>>>>>>> The smtp sampler has no option to specify the wanted
>>ciphersuites,
>>>>so
>>>>>>> the option given above will not be used.
>>>>>>>> I also installed lates java jdk and i also installed the
>>>>additional
>>>>>>>> strong security pakage and replaced the .jar files in
>>>>>>>> /usr/java/jre.../lib/security
>>>>>>> Which jdk did you install exactly?
>>>>>>>
>>>>>>> Have you checked (with openssl or something similar), that your
>>>>>>> mailserver is capable of TLSv1.2?
>>>>>>>
>>>>>>> Regards
>>>>>>> Felix
>>>>>>>> BrGeorge
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>
>>>>>
>>>>>
>>>---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>
>>
>>
>>------------------------------------------------------------------------
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 20. Juli 2015 13:39:57 MESZ, schrieb George <ba...@yahoo.de>:
>
>
>
>Felix Schumacher <fe...@internetallee.de> schrieb am 13:25
>Freitag, 17.Juli 2015:
>
>
>
>
>Am 15. Juli 2015 11:17:33 MESZ, schrieb George <ba...@yahoo.de>:
>>Hello,
>
>> Could you try to not top-post? And my mail client has problems
>showing some of your new lines, which makes reading your malls harder
>than it should be.
>
>OK sorry. I'm using the yahoo webmail client and just click "reply".
>
>
>>i have now the r1609478 running and have set up in the
>>jmeter.properties to use TLSv1.2.But this setting is only for
>"http"...
>>and not for smtp. Anyway i set to be TLSv1.2
>
>> Right, http and smtp samplers have quite different settings.
>
>>It's still not running. I put the Debug on an i see on my terminal:
>***
>>CelintHello, TLSv1In JMeter logger panel i see:
>>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls
>>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i
>>try to connect on port: 465 it's not working.
>
>> Are these three only debug messages? Could you post the complete log
>messages somewhere? It would be best to have logs from the nightly
>build and the latest official build.
>
>> Maybe a tcpdump of both tries could help.
>
>Attached a screeshot of my tcpdump. As you can see the "Client Hello"
>is done using TLSv1.0
I can see no screenshot it was probably stripped of by the list.
And when you're at it, the complete debug logs would be nice, too :)
>
>>I also tried with a native mail client Thunderbird 31.4 which supports
>>TLSv1.2.There it works perfectly like a charm from the beginning on.
>>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2
>>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong
>>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird
>its
>>working with at least TLSv1.2.
>>Thus:My Server works perfectly and accept TLSv1.2 connections ONLY.If
>a
>>client try to connect with anything below TLSv1.2 then my server do
>not
>>accept it.
>
>> Is the mail server reachable via a public address, so that I could
>try to access it?
>
>No the mail server is not public - sorry
>
>>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then
>JMeter
>>is working too.
>>
>>
>>
>>Maybe some more info.If i use JMeter and the HTTP Sampler then i can
>do
>>TLSv1.2 connections with the strong cipher.But for this i need to put
>>this:
>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>in my jmeter.sh start script.
>>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with
>>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher =
>>also not working
>
>> Well http and smtp tls are two different beats with respect to
>jmeter.
>
>> Would you be able to build jmeter yourself and apply patches?
>
>technically yes i do have java dev. skills.I will try to get the latest
>source and apply tlsv1.2 for smtp(s).Maybe we should make the same
>steps for smtp(s) as for http(s) and extend the jmeter.properties
>having also smtp(s) parameters?also adding support for
>"-Dsmtps.cipherSuites..." would be good to apply a cipherstring you
>want only to have?
I will send another mail, as soon as I have a patch with more options.
Regards,
Felix
>
>BrGeorge
>
>>Regards,
>>Felix
>>
>>
>>BrGeorge
>>
>>
>>
>>
>>Felix Schumacher <fe...@internetallee.de> schrieb am 17:45
>>Mittwoch, 17.Juni 2015:
>>
>>
>>
>>
>>Am 9. Juni 2015 11:41:42 MESZ, schrieb George <ba...@yahoo.de>:
>>>HI,
>>>ok i will get the nightly build and try it out.
>>
>>Have you tried the nightly and did it help you?
>>
>>Regards,
>>Felix
>>
>>>BrGeorge
>>>
>>>
>>>
>>>Felix Schumacher <fe...@internetallee.de> schrieb am 19:31
>>>Montag, 8.Juni 2015:
>>>
>>>
>>> Am 08.06.2015 um 15:12 schrieb George:
>>>> Hello Felix,
>>>>
>>>>
>>>> Felix Schumacher <fe...@internetallee.de> schrieb
>am
>>>14:58 Sonntag, 7.Juni 2015:
>>>>
>>>>
>>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>>>> Hi George,
>>>>>
>>>>> Am 03.06.2015 um 12:11 schrieb George:
>>>>>> Hello,
>>>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>>>> (strong) cipher.I did some more tests where i modify step by step
>>>my
>>>>>> server configuration until it works and here are my results.
>>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>>>cipher
>>>>>>
>>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>>>> configuration is only for the http protocol and not for
>>>smtp(s).Thus
>>>>>> i think this does not care.I have java jre 1.8 latest plus the
>>>oracle
>>>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>>>> Files" pakage.
>>>>>> My jmeter test plan is very easy.
>>>>>> One thread one smtp sampler and one "view results in tree".The
>>SMTP
>>>>>> Sampler target my mail server on port "465" and the checkbox "use
>>>>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success:
>Perfectly
>>>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means
>no
>>>>>> mutual ssl)
>>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler
>>using
>>>>>> (direct) ssl on port 465 - but it only works if i activate
>tls1.0.
>>>>>> I do not found any jmeter configuration about "smtps".
>>>>>>
>>>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
>>>the
>>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4:
>Success.
>>>>>> Looking on the thunderbird settings its strange but the cipher i
>>>want
>>>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>>>> "strong" cipher.
>>>>>> Br.George
>>>>> I have added a few println's in TrustAllSSLSocketFactory and
>found,
>>>>> that I have to change the line where the sslcontext is created
>>first
>>>>> by calling SSLContext.getInstance("TLS").
>>>>>
>>>>> When you change that occurence of TLS to TLSv1.2 you should get a
>>>>> TLSv1.2 connection with a string cipher suite.
>>>>>
>>>>> This default setting should probably be configurable as the used
>>>>> cipher suites.
>>>>> After a bit more research, the behaviour seems to be different
>>>between
>>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>>>connect
>>>>> with getInstance("TLS"), while java 7 was not.
>>>>> Can you double check, that you are using java 8?
>>>> yes i'm using java 8. java -version gives me: java version
>>>"1.8.0_20".
>>>> It's not the newest java 8 but it is java 8 for sure.
>>>> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
>>>where to change it to "TLSv1.2" ?
>>>You could have changed it inside the source code of the class. But
>>>don't
>>>bother with it anymore.
>>>> I did some debugging test and have activated the jmeter properites
>>to
>>>"DEBUG" (log level) and i also put the debug on in the
>>>system.properties for ssl (all).When i configure my server to accept
>>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>>>following:
>>>> trigger seeding of SecureRandomdone seeding
>>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
>>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>>>> Now i change my server to only allow TLSv1.2 and then i see this:
>>>> *** ClientHello, TLSv1
>>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
>>>handshare_failure
>>>> The same error if i turn on TLSv1.1.
>>>>
>>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>>>> There are some configuration properties for http(s) and this works
>>>perfectly with TLSv1.2But not for SMTP.
>>>
>>>I have filed a bug request
>>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted
>a
>>>fix.
>>>
>>>Could you try it out?
>>>
>>>The next nightly should have the fix, or you can build jmeter
>yourself
>>
>>>from source.
>>>
>>>Regards
>>> Felix
>>>> BrGeorge
>>>>
>>>>
>>>>
>>>>> Regards
>>>> > Felix
>>>>> Regards
>>>>> Felix
>>>>>
>>>>>>
>>>>>>
>>>>>> Felix Schumacher <fe...@internetallee.de>
>>schrieb
>>>am
>>>>>> 10:29 Montag, 1.Juni 2015:
>>>>>>
>>>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>>>> Hello,
>>>>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>>>>> SSL/TLS on standard port 465 for this connection.More i want to
>>>use
>>>>>>> TLSv1.2 with the very strong cipher
>>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
>>>fail.
>>>>>>> Technially if i change the configuration on my server to also
>>>accept
>>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
>>>sent
>>>>>>> perfectly.I see in the logs that the client (jmeter) and my
>>server
>>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>>>> working but not with TLSv1.2.
>>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it
>does
>>>>>>> not matter?
>>>>>>>
>>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>>>
>>>>>> The smtp sampler has no option to specify the wanted
>ciphersuites,
>>>so
>>>>>> the option given above will not be used.
>>>>>>> I also installed lates java jdk and i also installed the
>>>additional
>>>>>>> strong security pakage and replaced the .jar files in
>>>>>>> /usr/java/jre.../lib/security
>>>>>> Which jdk did you install exactly?
>>>>>>
>>>>>> Have you checked (with openssl or something similar), that your
>>>>>> mailserver is capable of TLSv1.2?
>>>>>>
>>>>>> Regards
>>>>>> Felix
>>>>>>> BrGeorge
>>>>>>>
>>>>>>>
>>>>>>
>>>---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>
>>>>
>>>>
>>---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>
>
>
>------------------------------------------------------------------------
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by George <ba...@yahoo.de>.
Felix Schumacher <fe...@internetallee.de> schrieb am 13:25 Freitag, 17.Juli 2015:
Am 15. Juli 2015 11:17:33 MESZ, schrieb George <ba...@yahoo.de>:
>Hello,
> Could you try to not top-post? And my mail client has problems showing some of your new lines, which makes reading your malls harder than it should be.
OK sorry. I'm using the yahoo webmail client and just click "reply".
>i have now the r1609478 running and have set up in the
>jmeter.properties to use TLSv1.2.But this setting is only for "http"...
>and not for smtp. Anyway i set to be TLSv1.2
> Right, http and smtp samplers have quite different settings.
>It's still not running. I put the Debug on an i see on my terminal: ***
>CelintHello, TLSv1In JMeter logger panel i see:
>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls
>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i
>try to connect on port: 465 it's not working.
> Are these three only debug messages? Could you post the complete log messages somewhere? It would be best to have logs from the nightly build and the latest official build.
> Maybe a tcpdump of both tries could help.
Attached a screeshot of my tcpdump. As you can see the "Client Hello" is done using TLSv1.0
>I also tried with a native mail client Thunderbird 31.4 which supports
>TLSv1.2.There it works perfectly like a charm from the beginning on.
>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2
>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong
>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird its
>working with at least TLSv1.2.
>Thus:My Server works perfectly and accept TLSv1.2 connections ONLY.If a
>client try to connect with anything below TLSv1.2 then my server do not
>accept it.
> Is the mail server reachable via a public address, so that I could try to access it?
No the mail server is not public - sorry
>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then JMeter
>is working too.
>
>
>
>Maybe some more info.If i use JMeter and the HTTP Sampler then i can do
>TLSv1.2 connections with the strong cipher.But for this i need to put
>this:
>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>in my jmeter.sh start script.
>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with
>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher =
>also not working
> Well http and smtp tls are two different beats with respect to jmeter.
> Would you be able to build jmeter yourself and apply patches?
technically yes i do have java dev. skills.I will try to get the latest source and apply tlsv1.2 for smtp(s).Maybe we should make the same steps for smtp(s) as for http(s) and extend the jmeter.properties having also smtp(s) parameters?also adding support for "-Dsmtps.cipherSuites..." would be good to apply a cipherstring you want only to have?
BrGeorge
>Regards,
>Felix
>
>
>BrGeorge
>
>
>
>
>Felix Schumacher <fe...@internetallee.de> schrieb am 17:45
>Mittwoch, 17.Juni 2015:
>
>
>
>
>Am 9. Juni 2015 11:41:42 MESZ, schrieb George <ba...@yahoo.de>:
>>HI,
>>ok i will get the nightly build and try it out.
>
>Have you tried the nightly and did it help you?
>
>Regards,
>Felix
>
>>BrGeorge
>>
>>
>>
>>Felix Schumacher <fe...@internetallee.de> schrieb am 19:31
>>Montag, 8.Juni 2015:
>>
>>
>> Am 08.06.2015 um 15:12 schrieb George:
>>> Hello Felix,
>>>
>>>
>>> Felix Schumacher <fe...@internetallee.de> schrieb am
>>14:58 Sonntag, 7.Juni 2015:
>>>
>>>
>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>>> Hi George,
>>>>
>>>> Am 03.06.2015 um 12:11 schrieb George:
>>>>> Hello,
>>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>>> (strong) cipher.I did some more tests where i modify step by step
>>my
>>>>> server configuration until it works and here are my results.
>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>>cipher
>>>>>
>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>>> configuration is only for the http protocol and not for
>>smtp(s).Thus
>>>>> i think this does not care.I have java jre 1.8 latest plus the
>>oracle
>>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>>> Files" pakage.
>>>>> My jmeter test plan is very easy.
>>>>> One thread one smtp sampler and one "view results in tree".The
>SMTP
>>>>> Sampler target my mail server on port "465" and the checkbox "use
>>>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>>>> mutual ssl)
>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler
>using
>>>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>>>> I do not found any jmeter configuration about "smtps".
>>>>>
>>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
>>the
>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>>>> Looking on the thunderbird settings its strange but the cipher i
>>want
>>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>>> "strong" cipher.
>>>>> Br.George
>>>> I have added a few println's in TrustAllSSLSocketFactory and found,
>>>> that I have to change the line where the sslcontext is created
>first
>>>> by calling SSLContext.getInstance("TLS").
>>>>
>>>> When you change that occurence of TLS to TLSv1.2 you should get a
>>>> TLSv1.2 connection with a string cipher suite.
>>>>
>>>> This default setting should probably be configurable as the used
>>>> cipher suites.
>>>> After a bit more research, the behaviour seems to be different
>>between
>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>>connect
>>>> with getInstance("TLS"), while java 7 was not.
>>>> Can you double check, that you are using java 8?
>>> yes i'm using java 8. java -version gives me: java version
>>"1.8.0_20".
>>> It's not the newest java 8 but it is java 8 for sure.
>>> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
>>where to change it to "TLSv1.2" ?
>>You could have changed it inside the source code of the class. But
>>don't
>>bother with it anymore.
>>> I did some debugging test and have activated the jmeter properites
>to
>>"DEBUG" (log level) and i also put the debug on in the
>>system.properties for ssl (all).When i configure my server to accept
>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>>following:
>>> trigger seeding of SecureRandomdone seeding
>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>>> Now i change my server to only allow TLSv1.2 and then i see this:
>>> *** ClientHello, TLSv1
>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
>>handshare_failure
>>> The same error if i turn on TLSv1.1.
>>>
>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>>> There are some configuration properties for http(s) and this works
>>perfectly with TLSv1.2But not for SMTP.
>>
>>I have filed a bug request
>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
>>fix.
>>
>>Could you try it out?
>>
>>The next nightly should have the fix, or you can build jmeter yourself
>
>>from source.
>>
>>Regards
>> Felix
>>> BrGeorge
>>>
>>>
>>>
>>>> Regards
>>> > Felix
>>>> Regards
>>>> Felix
>>>>
>>>>>
>>>>>
>>>>> Felix Schumacher <fe...@internetallee.de>
>schrieb
>>am
>>>>> 10:29 Montag, 1.Juni 2015:
>>>>>
>>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>>> Hello,
>>>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>>>> SSL/TLS on standard port 465 for this connection.More i want to
>>use
>>>>>> TLSv1.2 with the very strong cipher
>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
>>fail.
>>>>>> Technially if i change the configuration on my server to also
>>accept
>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
>>sent
>>>>>> perfectly.I see in the logs that the client (jmeter) and my
>server
>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>>> working but not with TLSv1.2.
>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>>>>> not matter?
>>>>>>
>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>>
>>>>> The smtp sampler has no option to specify the wanted ciphersuites,
>>so
>>>>> the option given above will not be used.
>>>>>> I also installed lates java jdk and i also installed the
>>additional
>>>>>> strong security pakage and replaced the .jar files in
>>>>>> /usr/java/jre.../lib/security
>>>>> Which jdk did you install exactly?
>>>>>
>>>>> Have you checked (with openssl or something similar), that your
>>>>> mailserver is capable of TLSv1.2?
>>>>>
>>>>> Regards
>>>>> Felix
>>>>>> BrGeorge
>>>>>>
>>>>>>
>>>>>
>>---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>
>>>
>---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 15. Juli 2015 11:17:33 MESZ, schrieb George <ba...@yahoo.de>:
>Hello,
Could you try to not top-post? And my mail client has problems showing some of your new lines, which makes reading your malls harder than it should be.
>i have now the r1609478 running and have set up in the
>jmeter.properties to use TLSv1.2.But this setting is only for "http"...
>and not for smtp. Anyway i set to be TLSv1.2
Right, http and smtp samplers have quite different settings.
>It's still not running. I put the Debug on an i see on my terminal: ***
>CelintHello, TLSv1In JMeter logger panel i see:
>jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls
>protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i
>try to connect on port: 465 it's not working.
Are these three only debug messages? Could you post the complete log messages somewhere? It would be best to have logs from the nightly build and the latest official build.
Maybe a tcpdump of both tries could help.
>I also tried with a native mail client Thunderbird 31.4 which supports
>TLSv1.2.There it works perfectly like a charm from the beginning on.
>In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2
>ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong
>ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird its
>working with at least TLSv1.2.
>Thus:My Server works perfectly and accept TLSv1.2 connections ONLY.If a
>client try to connect with anything below TLSv1.2 then my server do not
>accept it.
Is the mail server reachable via a public address, so that I could try to access it?
>For testing purposes i can activate TLSv1.1 and TLSv1.0 and then JMeter
>is working too.
>
>
>
>Maybe some more info.If i use JMeter and the HTTP Sampler then i can do
>TLSv1.2 connections with the strong cipher.But for this i need to put
>this:
>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>in my jmeter.sh start script.
>So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with
>TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher =
>also not working
Well http and smtp tls are two different beats with respect to jmeter.
Would you be able to build jmeter yourself and apply patches?
Regards,
Felix
>
>
>BrGeorge
>
>
>
>
>Felix Schumacher <fe...@internetallee.de> schrieb am 17:45
>Mittwoch, 17.Juni 2015:
>
>
>
>
>Am 9. Juni 2015 11:41:42 MESZ, schrieb George <ba...@yahoo.de>:
>>HI,
>>ok i will get the nightly build and try it out.
>
>Have you tried the nightly and did it help you?
>
>Regards,
>Felix
>
>>BrGeorge
>>
>>
>>
>>Felix Schumacher <fe...@internetallee.de> schrieb am 19:31
>>Montag, 8.Juni 2015:
>>
>>
>> Am 08.06.2015 um 15:12 schrieb George:
>>> Hello Felix,
>>>
>>>
>>> Felix Schumacher <fe...@internetallee.de> schrieb am
>>14:58 Sonntag, 7.Juni 2015:
>>>
>>>
>>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>>> Hi George,
>>>>
>>>> Am 03.06.2015 um 12:11 schrieb George:
>>>>> Hello,
>>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>>> (strong) cipher.I did some more tests where i modify step by step
>>my
>>>>> server configuration until it works and here are my results.
>>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>>cipher
>>>>>
>>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>>> configuration is only for the http protocol and not for
>>smtp(s).Thus
>>>>> i think this does not care.I have java jre 1.8 latest plus the
>>oracle
>>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>>> Files" pakage.
>>>>> My jmeter test plan is very easy.
>>>>> One thread one smtp sampler and one "view results in tree".The
>SMTP
>>>>> Sampler target my mail server on port "465" and the checkbox "use
>>>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>>>> mutual ssl)
>>>>> OK thus it works.I can sent an email with jmeter SMTP sampler
>using
>>>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>>>> I do not found any jmeter configuration about "smtps".
>>>>>
>>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
>>the
>>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>>>> Looking on the thunderbird settings its strange but the cipher i
>>want
>>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>>> "strong" cipher.
>>>>> Br.George
>>>> I have added a few println's in TrustAllSSLSocketFactory and found,
>>>> that I have to change the line where the sslcontext is created
>first
>>>> by calling SSLContext.getInstance("TLS").
>>>>
>>>> When you change that occurence of TLS to TLSv1.2 you should get a
>>>> TLSv1.2 connection with a string cipher suite.
>>>>
>>>> This default setting should probably be configurable as the used
>>>> cipher suites.
>>>> After a bit more research, the behaviour seems to be different
>>between
>>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>>connect
>>>> with getInstance("TLS"), while java 7 was not.
>>>> Can you double check, that you are using java 8?
>>> yes i'm using java 8. java -version gives me: java version
>>"1.8.0_20".
>>> It's not the newest java 8 but it is java 8 for sure.
>>> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
>>where to change it to "TLSv1.2" ?
>>You could have changed it inside the source code of the class. But
>>don't
>>bother with it anymore.
>>> I did some debugging test and have activated the jmeter properites
>to
>>"DEBUG" (log level) and i also put the debug on in the
>>system.properties for ssl (all).When i configure my server to accept
>>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>>following:
>>> trigger seeding of SecureRandomdone seeding
>>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
>>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>>> Now i change my server to only allow TLSv1.2 and then i see this:
>>> *** ClientHello, TLSv1
>>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
>>handshare_failure
>>> The same error if i turn on TLSv1.1.
>>>
>>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>>> There are some configuration properties for http(s) and this works
>>perfectly with TLSv1.2But not for SMTP.
>>
>>I have filed a bug request
>>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
>>fix.
>>
>>Could you try it out?
>>
>>The next nightly should have the fix, or you can build jmeter yourself
>
>>from source.
>>
>>Regards
>> Felix
>>> BrGeorge
>>>
>>>
>>>
>>>> Regards
>>> > Felix
>>>> Regards
>>>> Felix
>>>>
>>>>>
>>>>>
>>>>> Felix Schumacher <fe...@internetallee.de>
>schrieb
>>am
>>>>> 10:29 Montag, 1.Juni 2015:
>>>>>
>>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>>> Hello,
>>>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>>>> SSL/TLS on standard port 465 for this connection.More i want to
>>use
>>>>>> TLSv1.2 with the very strong cipher
>>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
>>fail.
>>>>>> Technially if i change the configuration on my server to also
>>accept
>>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
>>sent
>>>>>> perfectly.I see in the logs that the client (jmeter) and my
>server
>>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>>> working but not with TLSv1.2.
>>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>>>>> not matter?
>>>>>>
>>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>>
>>>>> The smtp sampler has no option to specify the wanted ciphersuites,
>>so
>>>>> the option given above will not be used.
>>>>>> I also installed lates java jdk and i also installed the
>>additional
>>>>>> strong security pakage and replaced the .jar files in
>>>>>> /usr/java/jre.../lib/security
>>>>> Which jdk did you install exactly?
>>>>>
>>>>> Have you checked (with openssl or something similar), that your
>>>>> mailserver is capable of TLSv1.2?
>>>>>
>>>>> Regards
>>>>> Felix
>>>>>> BrGeorge
>>>>>>
>>>>>>
>>>>>
>>---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>
>>>
>---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by George <ba...@yahoo.de>.
Hello,
i have now the r1609478 running and have set up in the jmeter.properties to use TLSv1.2.But this setting is only for "http"... and not for smtp. Anyway i set to be TLSv1.2
It's still not running. I put the Debug on an i see on my terminal: *** CelintHello, TLSv1In JMeter logger panel i see: jmeter.protocol.smtp.sampler.protocol.SendMailCommand: User ssl/tls protocols for mail: SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2But when i try to connect on port: 465 it's not working.
I also tried with a native mail client Thunderbird 31.4 which supports TLSv1.2.There it works perfectly like a charm from the beginning on.
In my Serverlogs i see this: SSL-Tunnel established (TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 (128/128)Of cource it's not the strong ciper: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but with Thunderbird its working with at least TLSv1.2.
Thus:My Server works perfectly and accept TLSv1.2 connections ONLY.If a client try to connect with anything below TLSv1.2 then my server do not accept it.
For testing purposes i can activate TLSv1.1 and TLSv1.0 and then JMeter is working too.
Maybe some more info.If i use JMeter and the HTTP Sampler then i can do TLSv1.2 connections with the strong cipher.But for this i need to put this: JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" in my jmeter.sh start script.
So: HTTP and TLSv1.2 and strong cipher = works with JMeterSMTP with TLSv1.2 = is (still) not workingSMTP with TLSv1.2 and strong cipher = also not working
BrGeorge
Felix Schumacher <fe...@internetallee.de> schrieb am 17:45 Mittwoch, 17.Juni 2015:
Am 9. Juni 2015 11:41:42 MESZ, schrieb George <ba...@yahoo.de>:
>HI,
>ok i will get the nightly build and try it out.
Have you tried the nightly and did it help you?
Regards,
Felix
>BrGeorge
>
>
>
>Felix Schumacher <fe...@internetallee.de> schrieb am 19:31
>Montag, 8.Juni 2015:
>
>
> Am 08.06.2015 um 15:12 schrieb George:
>> Hello Felix,
>>
>>
>> Felix Schumacher <fe...@internetallee.de> schrieb am
>14:58 Sonntag, 7.Juni 2015:
>>
>>
>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>> Hi George,
>>>
>>> Am 03.06.2015 um 12:11 schrieb George:
>>>> Hello,
>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>> (strong) cipher.I did some more tests where i modify step by step
>my
>>>> server configuration until it works and here are my results.
>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>cipher
>>>>
>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>> configuration is only for the http protocol and not for
>smtp(s).Thus
>>>> i think this does not care.I have java jre 1.8 latest plus the
>oracle
>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>> Files" pakage.
>>>> My jmeter test plan is very easy.
>>>> One thread one smtp sampler and one "view results in tree".The SMTP
>>>> Sampler target my mail server on port "465" and the checkbox "use
>>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>>> mutual ssl)
>>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>>> I do not found any jmeter configuration about "smtps".
>>>>
>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
>the
>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>>> Looking on the thunderbird settings its strange but the cipher i
>want
>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>> "strong" cipher.
>>>> Br.George
>>> I have added a few println's in TrustAllSSLSocketFactory and found,
>>> that I have to change the line where the sslcontext is created first
>>> by calling SSLContext.getInstance("TLS").
>>>
>>> When you change that occurence of TLS to TLSv1.2 you should get a
>>> TLSv1.2 connection with a string cipher suite.
>>>
>>> This default setting should probably be configurable as the used
>>> cipher suites.
>>> After a bit more research, the behaviour seems to be different
>between
>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>connect
>>> with getInstance("TLS"), while java 7 was not.
>>> Can you double check, that you are using java 8?
>> yes i'm using java 8. java -version gives me: java version
>"1.8.0_20".
>> It's not the newest java 8 but it is java 8 for sure.
>> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
>where to change it to "TLSv1.2" ?
>You could have changed it inside the source code of the class. But
>don't
>bother with it anymore.
>> I did some debugging test and have activated the jmeter properites to
>"DEBUG" (log level) and i also put the debug on in the
>system.properties for ssl (all).When i configure my server to accept
>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>following:
>> trigger seeding of SecureRandomdone seeding
>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>> Now i change my server to only allow TLSv1.2 and then i see this:
>> *** ClientHello, TLSv1
>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
>handshare_failure
>> The same error if i turn on TLSv1.1.
>>
>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>> There are some configuration properties for http(s) and this works
>perfectly with TLSv1.2But not for SMTP.
>
>I have filed a bug request
>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
>fix.
>
>Could you try it out?
>
>The next nightly should have the fix, or you can build jmeter yourself
>from source.
>
>Regards
> Felix
>> BrGeorge
>>
>>
>>
>>> Regards
>> > Felix
>>> Regards
>>> Felix
>>>
>>>>
>>>>
>>>> Felix Schumacher <fe...@internetallee.de> schrieb
>am
>>>> 10:29 Montag, 1.Juni 2015:
>>>>
>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>> Hello,
>>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>>> SSL/TLS on standard port 465 for this connection.More i want to
>use
>>>>> TLSv1.2 with the very strong cipher
>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
>fail.
>>>>> Technially if i change the configuration on my server to also
>accept
>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
>sent
>>>>> perfectly.I see in the logs that the client (jmeter) and my server
>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>> working but not with TLSv1.2.
>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>>>> not matter?
>>>>>
>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>
>>>> The smtp sampler has no option to specify the wanted ciphersuites,
>so
>>>> the option given above will not be used.
>>>>> I also installed lates java jdk and i also installed the
>additional
>>>>> strong security pakage and replaced the .jar files in
>>>>> /usr/java/jre.../lib/security
>>>> Which jdk did you install exactly?
>>>>
>>>> Have you checked (with openssl or something similar), that your
>>>> mailserver is capable of TLSv1.2?
>>>>
>>>> Regards
>>>> Felix
>>>>> BrGeorge
>>>>>
>>>>>
>>>>
>---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>>
>>>>
>>>
>>>
>---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 9. Juni 2015 11:41:42 MESZ, schrieb George <ba...@yahoo.de>:
>HI,
>ok i will get the nightly build and try it out.
Have you tried the nightly and did it help you?
Regards,
Felix
>BrGeorge
>
>
>
>Felix Schumacher <fe...@internetallee.de> schrieb am 19:31
>Montag, 8.Juni 2015:
>
>
> Am 08.06.2015 um 15:12 schrieb George:
>> Hello Felix,
>>
>>
>> Felix Schumacher <fe...@internetallee.de> schrieb am
>14:58 Sonntag, 7.Juni 2015:
>>
>>
>> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>>> Hi George,
>>>
>>> Am 03.06.2015 um 12:11 schrieb George:
>>>> Hello,
>>>> yes my server can do tls 1.2 perfectly and also with the above
>>>> (strong) cipher.I did some more tests where i modify step by step
>my
>>>> server configuration until it works and here are my results.
>>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY
>cipher
>>>>
>>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>>> configuration is only for the http protocol and not for
>smtp(s).Thus
>>>> i think this does not care.I have java jre 1.8 latest plus the
>oracle
>>>> security "Unlimited Strength Java Cryptography Extension Policy
>>>> Files" pakage.
>>>> My jmeter test plan is very easy.
>>>> One thread one smtp sampler and one "view results in tree".The SMTP
>>>> Sampler target my mail server on port "465" and the checkbox "use
>>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>>> too.There is one Subject: hello and Email body: hello. Simple
>>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>>> SSL Handshake. SSL Connection established using "TLSv1
>>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>>> mutual ssl)
>>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>>> I do not found any jmeter configuration about "smtps".
>>>>
>>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here
>the
>>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>>> Looking on the thunderbird settings its strange but the cipher i
>want
>>>> to use is not available. Thus i can do tls1.2 but not with my
>>>> "strong" cipher.
>>>> Br.George
>>> I have added a few println's in TrustAllSSLSocketFactory and found,
>>> that I have to change the line where the sslcontext is created first
>>> by calling SSLContext.getInstance("TLS").
>>>
>>> When you change that occurence of TLS to TLSv1.2 you should get a
>>> TLSv1.2 connection with a string cipher suite.
>>>
>>> This default setting should probably be configurable as the used
>>> cipher suites.
>>> After a bit more research, the behaviour seems to be different
>between
>>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2
>connect
>>> with getInstance("TLS"), while java 7 was not.
>>> Can you double check, that you are using java 8?
>> yes i'm using java 8. java -version gives me: java version
>"1.8.0_20".
>> It's not the newest java 8 but it is java 8 for sure.
>> I'm not sure what you mean about "SSLContext.getInstance("TLS") and
>where to change it to "TLSv1.2" ?
>You could have changed it inside the source code of the class. But
>don't
>bother with it anymore.
>> I did some debugging test and have activated the jmeter properites to
>"DEBUG" (log level) and i also put the debug on in the
>system.properties for ssl (all).When i configure my server to accept
>TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the
>following:
>> trigger seeding of SecureRandomdone seeding
>SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized:
>[Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]**
>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH
>ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
>> Now i change my server to only allow TLSv1.2 and then i see this:
>> *** ClientHello, TLSv1
>> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description =
>handshare_failure
>> The same error if i turn on TLSv1.1.
>>
>> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
>> There are some configuration properties for http(s) and this works
>perfectly with TLSv1.2But not for SMTP.
>
>I have filed a bug request
>(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a
>fix.
>
>Could you try it out?
>
>The next nightly should have the fix, or you can build jmeter yourself
>from source.
>
>Regards
> Felix
>> BrGeorge
>>
>>
>>
>>> Regards
>> > Felix
>>> Regards
>>> Felix
>>>
>>>>
>>>>
>>>> Felix Schumacher <fe...@internetallee.de> schrieb
>am
>>>> 10:29 Montag, 1.Juni 2015:
>>>>
>>>> Am 29.05.2015 um 13:16 schrieb George:
>>>>> Hello,
>>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>>> SSL/TLS on standard port 465 for this connection.More i want to
>use
>>>>> TLSv1.2 with the very strong cipher
>>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake
>fail.
>>>>> Technially if i change the configuration on my server to also
>accept
>>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is
>sent
>>>>> perfectly.I see in the logs that the client (jmeter) and my server
>>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>>> working but not with TLSv1.2.
>>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>>>> not matter?
>>>>>
>JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>>
>>>> The smtp sampler has no option to specify the wanted ciphersuites,
>so
>>>> the option given above will not be used.
>>>>> I also installed lates java jdk and i also installed the
>additional
>>>>> strong security pakage and replaced the .jar files in
>>>>> /usr/java/jre.../lib/security
>>>> Which jdk did you install exactly?
>>>>
>>>> Have you checked (with openssl or something similar), that your
>>>> mailserver is capable of TLSv1.2?
>>>>
>>>> Regards
>>>> Felix
>>>>> BrGeorge
>>>>>
>>>>>
>>>>
>---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>>
>>>>
>>>>
>>>
>>>
>---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>For additional commands, e-mail: user-help@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by George <ba...@yahoo.de>.
HI,
ok i will get the nightly build and try it out.
BrGeorge
Felix Schumacher <fe...@internetallee.de> schrieb am 19:31 Montag, 8.Juni 2015:
Am 08.06.2015 um 15:12 schrieb George:
> Hello Felix,
>
>
> Felix Schumacher <fe...@internetallee.de> schrieb am 14:58 Sonntag, 7.Juni 2015:
>
>
> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>> Hi George,
>>
>> Am 03.06.2015 um 12:11 schrieb George:
>>> Hello,
>>> yes my server can do tls 1.2 perfectly and also with the above
>>> (strong) cipher.I did some more tests where i modify step by step my
>>> server configuration until it works and here are my results.
>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
>>>
>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>> configuration is only for the http protocol and not for smtp(s).Thus
>>> i think this does not care.I have java jre 1.8 latest plus the oracle
>>> security "Unlimited Strength Java Cryptography Extension Policy
>>> Files" pakage.
>>> My jmeter test plan is very easy.
>>> One thread one smtp sampler and one "view results in tree".The SMTP
>>> Sampler target my mail server on port "465" and the checkbox "use
>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>> too.There is one Subject: hello and Email body: hello. Simple
>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>> SSL Handshake. SSL Connection established using "TLSv1
>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>> mutual ssl)
>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>> I do not found any jmeter configuration about "smtps".
>>>
>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here the
>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>> Looking on the thunderbird settings its strange but the cipher i want
>>> to use is not available. Thus i can do tls1.2 but not with my
>>> "strong" cipher.
>>> Br.George
>> I have added a few println's in TrustAllSSLSocketFactory and found,
>> that I have to change the line where the sslcontext is created first
>> by calling SSLContext.getInstance("TLS").
>>
>> When you change that occurence of TLS to TLSv1.2 you should get a
>> TLSv1.2 connection with a string cipher suite.
>>
>> This default setting should probably be configurable as the used
>> cipher suites.
>> After a bit more research, the behaviour seems to be different between
>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 connect
>> with getInstance("TLS"), while java 7 was not.
>> Can you double check, that you are using java 8?
> yes i'm using java 8. java -version gives me: java version "1.8.0_20".
> It's not the newest java 8 but it is java 8 for sure.
> I'm not sure what you mean about "SSLContext.getInstance("TLS") and where to change it to "TLSv1.2" ?
You could have changed it inside the source code of the class. But don't
bother with it anymore.
> I did some debugging test and have activated the jmeter properites to "DEBUG" (log level) and i also put the debug on in the system.properties for ssl (all).When i configure my server to accept TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the following:
> trigger seeding of SecureRandomdone seeding SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
> Now i change my server to only allow TLSv1.2 and then i see this:
> *** ClientHello, TLSv1
> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description = handshare_failure
> The same error if i turn on TLSv1.1.
>
> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
> There are some configuration properties for http(s) and this works perfectly with TLSv1.2But not for SMTP.
I have filed a bug request
(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a fix.
Could you try it out?
The next nightly should have the fix, or you can build jmeter yourself
from source.
Regards
Felix
> BrGeorge
>
>
>
>> Regards
> > Felix
>> Regards
>> Felix
>>
>>>
>>>
>>> Felix Schumacher <fe...@internetallee.de> schrieb am
>>> 10:29 Montag, 1.Juni 2015:
>>>
>>> Am 29.05.2015 um 13:16 schrieb George:
>>>> Hello,
>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>> SSL/TLS on standard port 465 for this connection.More i want to use
>>>> TLSv1.2 with the very strong cipher
>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
>>>> Technially if i change the configuration on my server to also accept
>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is sent
>>>> perfectly.I see in the logs that the client (jmeter) and my server
>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>> working but not with TLSv1.2.
>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>>> not matter?
>>>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>
>>> The smtp sampler has no option to specify the wanted ciphersuites, so
>>> the option given above will not be used.
>>>> I also installed lates java jdk and i also installed the additional
>>>> strong security pakage and replaced the .jar files in
>>>> /usr/java/jre.../lib/security
>>> Which jdk did you install exactly?
>>>
>>> Have you checked (with openssl or something similar), that your
>>> mailserver is capable of TLSv1.2?
>>>
>>> Regards
>>> Felix
>>>> BrGeorge
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 08.06.2015 um 15:12 schrieb George:
> Hello Felix,
>
>
> Felix Schumacher <fe...@internetallee.de> schrieb am 14:58 Sonntag, 7.Juni 2015:
>
>
> Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
>> Hi George,
>>
>> Am 03.06.2015 um 12:11 schrieb George:
>>> Hello,
>>> yes my server can do tls 1.2 perfectly and also with the above
>>> (strong) cipher.I did some more tests where i modify step by step my
>>> server configuration until it works and here are my results.
>>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
>>>
>>> My jmeter.properties is set to do tls1.2 only - but the SSL
>>> configuration is only for the http protocol and not for smtp(s).Thus
>>> i think this does not care.I have java jre 1.8 latest plus the oracle
>>> security "Unlimited Strength Java Cryptography Extension Policy
>>> Files" pakage.
>>> My jmeter test plan is very easy.
>>> One thread one smtp sampler and one "view results in tree".The SMTP
>>> Sampler target my mail server on port "465" and the checkbox "use
>>> ssl" is enabled and the hook "Trust all certificates" is enabled
>>> too.There is one Subject: hello and Email body: hello. Simple
>>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>>> SSL Handshake. SSL Connection established using "TLSv1
>>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>>> mutual ssl)
>>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>>> I do not found any jmeter configuration about "smtps".
>>>
>>> I did some further tests wirh thunderbird 31.4 (on a linux).Here the
>>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>>> Looking on the thunderbird settings its strange but the cipher i want
>>> to use is not available. Thus i can do tls1.2 but not with my
>>> "strong" cipher.
>>> Br.George
>> I have added a few println's in TrustAllSSLSocketFactory and found,
>> that I have to change the line where the sslcontext is created first
>> by calling SSLContext.getInstance("TLS").
>>
>> When you change that occurence of TLS to TLSv1.2 you should get a
>> TLSv1.2 connection with a string cipher suite.
>>
>> This default setting should probably be configurable as the used
>> cipher suites.
>> After a bit more research, the behaviour seems to be different between
>> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 connect
>> with getInstance("TLS"), while java 7 was not.
>> Can you double check, that you are using java 8?
> yes i'm using java 8. java -version gives me: java version "1.8.0_20".
> It's not the newest java 8 but it is java 8 for sure.
> I'm not sure what you mean about "SSLContext.getInstance("TLS") and where to change it to "TLSv1.2" ?
You could have changed it inside the source code of the class. But don't
bother with it anymore.
> I did some debugging test and have activated the jmeter properites to "DEBUG" (log level) and i also put the debug on in the system.properties for ssl (all).When i configure my server to accept TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the following:
> trigger seeding of SecureRandomdone seeding SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
> Now i change my server to only allow TLSv1.2 and then i see this:
> *** ClientHello, TLSv1
> and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description = handshare_failure
> The same error if i turn on TLSv1.1.
>
> Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
> There are some configuration properties for http(s) and this works perfectly with TLSv1.2But not for SMTP.
I have filed a bug request
(https://bz.apache.org/bugzilla/show_bug.cgi?id=58013) and submitted a fix.
Could you try it out?
The next nightly should have the fix, or you can build jmeter yourself
from source.
Regards
Felix
> BrGeorge
>
>
>
>> Regards
> > Felix
>> Regards
>> Felix
>>
>>>
>>>
>>> Felix Schumacher <fe...@internetallee.de> schrieb am
>>> 10:29 Montag, 1.Juni 2015:
>>>
>>> Am 29.05.2015 um 13:16 schrieb George:
>>>> Hello,
>>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>>> SSL/TLS on standard port 465 for this connection.More i want to use
>>>> TLSv1.2 with the very strong cipher
>>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
>>>> Technially if i change the configuration on my server to also accept
>>>> TLSv1.1 and v1.0 then the SSL connection works and the email is sent
>>>> perfectly.I see in the logs that the client (jmeter) and my server
>>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>>> working but not with TLSv1.2.
>>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>>> not matter?
>>>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>>
>>> The smtp sampler has no option to specify the wanted ciphersuites, so
>>> the option given above will not be used.
>>>> I also installed lates java jdk and i also installed the additional
>>>> strong security pakage and replaced the .jar files in
>>>> /usr/java/jre.../lib/security
>>> Which jdk did you install exactly?
>>>
>>> Have you checked (with openssl or something similar), that your
>>> mailserver is capable of TLSv1.2?
>>>
>>> Regards
>>> Felix
>>>> BrGeorge
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>>> For additional commands, e-mail: user-help@jmeter.apache.org
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by George <ba...@yahoo.de>.
Hello Felix,
Felix Schumacher <fe...@internetallee.de> schrieb am 14:58 Sonntag, 7.Juni 2015:
Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
> Hi George,
>
> Am 03.06.2015 um 12:11 schrieb George:
>> Hello,
>> yes my server can do tls 1.2 perfectly and also with the above
>> (strong) cipher.I did some more tests where i modify step by step my
>> server configuration until it works and here are my results.
>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
>>
>> My jmeter.properties is set to do tls1.2 only - but the SSL
>> configuration is only for the http protocol and not for smtp(s).Thus
>> i think this does not care.I have java jre 1.8 latest plus the oracle
>> security "Unlimited Strength Java Cryptography Extension Policy
>> Files" pakage.
>> My jmeter test plan is very easy.
>> One thread one smtp sampler and one "view results in tree".The SMTP
>> Sampler target my mail server on port "465" and the checkbox "use
>> ssl" is enabled and the hook "Trust all certificates" is enabled
>> too.There is one Subject: hello and Email body: hello. Simple
>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>> SSL Handshake. SSL Connection established using "TLSv1
>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>> mutual ssl)
>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>> I do not found any jmeter configuration about "smtps".
>>
>> I did some further tests wirh thunderbird 31.4 (on a linux).Here the
>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>> Looking on the thunderbird settings its strange but the cipher i want
>> to use is not available. Thus i can do tls1.2 but not with my
>> "strong" cipher.
>> Br.George
> I have added a few println's in TrustAllSSLSocketFactory and found,
> that I have to change the line where the sslcontext is created first
> by calling SSLContext.getInstance("TLS").
>
> When you change that occurence of TLS to TLSv1.2 you should get a
> TLSv1.2 connection with a string cipher suite.
>
> This default setting should probably be configurable as the used
> cipher suites.
> After a bit more research, the behaviour seems to be different between
> java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 connect
> with getInstance("TLS"), while java 7 was not.
> Can you double check, that you are using java 8?
yes i'm using java 8. java -version gives me: java version "1.8.0_20".
It's not the newest java 8 but it is java 8 for sure.
I'm not sure what you mean about "SSLContext.getInstance("TLS") and where to change it to "TLSv1.2" ?
I did some debugging test and have activated the jmeter properites to "DEBUG" (log level) and i also put the debug on in the system.properties for ssl (all).When i configure my server to accept TLSv1.0, TLSv1.1 and TLSv1.2 then jmeter ssl works and i see the following:
trigger seeding of SecureRandomdone seeding SecureRandom***ClientHello, TLSv1***ServerHello, TLSv1%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*** Certificate chain*** ECDH ServerKeyExchange*** ServerHelloDone***ECDHClientKeyExchange.....
Now i change my server to only allow TLSv1.2 and then i see this:
*** ClientHello, TLSv1
and then broken pipe and "SEND TLSv1.2 ALERT: fatal, description = handshare_failure
The same error if i turn on TLSv1.1.
Well i do not know how to tun on TLSv1.2 for SMTP in Jmeter?
There are some configuration properties for http(s) and this works perfectly with TLSv1.2But not for SMTP.
BrGeorge
> Regards
> Felix
>
> Regards
> Felix
>
>>
>>
>>
>> Felix Schumacher <fe...@internetallee.de> schrieb am
>> 10:29 Montag, 1.Juni 2015:
>>
>> Am 29.05.2015 um 13:16 schrieb George:
>>> Hello,
>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>> SSL/TLS on standard port 465 for this connection.More i want to use
>>> TLSv1.2 with the very strong cipher
>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
>>> Technially if i change the configuration on my server to also accept
>>> TLSv1.1 and v1.0 then the SSL connection works and the email is sent
>>> perfectly.I see in the logs that the client (jmeter) and my server
>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>> working but not with TLSv1.2.
>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>> not matter?
>>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>
>> The smtp sampler has no option to specify the wanted ciphersuites, so
>> the option given above will not be used.
>>> I also installed lates java jdk and i also installed the additional
>>> strong security pakage and replaced the .jar files in
>>> /usr/java/jre.../lib/security
>> Which jdk did you install exactly?
>>
>> Have you checked (with openssl or something similar), that your
>> mailserver is capable of TLSv1.2?
>>
>> Regards
>> Felix
>>> BrGeorge
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
> Hi George,
>
> Am 03.06.2015 um 12:11 schrieb George:
>> Hello,
>> yes my server can do tls 1.2 perfectly and also with the above
>> (strong) cipher.I did some more tests where i modify step by step my
>> server configuration until it works and here are my results.
>> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
>> ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>> Test 2:My server allows ONLY tls 1.2 and ANY cipher
>> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
>> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
>>
>> My jmeter.properties is set to do tls1.2 only - but the SSL
>> configuration is only for the http protocol and not for smtp(s).Thus
>> i think this does not care.I have java jre 1.8 latest plus the oracle
>> security "Unlimited Strength Java Cryptography Extension Policy
>> Files" pakage.
>> My jmeter test plan is very easy.
>> One thread one smtp sampler and one "view results in tree".The SMTP
>> Sampler target my mail server on port "465" and the checkbox "use
>> ssl" is enabled and the hook "Trust all certificates" is enabled
>> too.There is one Subject: hello and Email body: hello. Simple
>> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
>> handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
>> SSL Handshake. SSL Connection established using "TLSv1
>> ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
>> mutual ssl)
>> OK thus it works.I can sent an email with jmeter SMTP sampler using
>> (direct) ssl on port 465 - but it only works if i activate tls1.0.
>> I do not found any jmeter configuration about "smtps".
>>
>> I did some further tests wirh thunderbird 31.4 (on a linux).Here the
>> results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
>> Looking on the thunderbird settings its strange but the cipher i want
>> to use is not available. Thus i can do tls1.2 but not with my
>> "strong" cipher.
>> Br.George
> I have added a few println's in TrustAllSSLSocketFactory and found,
> that I have to change the line where the sslcontext is created first
> by calling SSLContext.getInstance("TLS").
>
> When you change that occurence of TLS to TLSv1.2 you should get a
> TLSv1.2 connection with a string cipher suite.
>
> This default setting should probably be configurable as the used
> cipher suites.
After a bit more research, the behaviour seems to be different between
java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 connect
with getInstance("TLS"), while java 7 was not.
Can you double check, that you are using java 8?
Regards
Felix
>
> Regards
> Felix
>
>>
>>
>>
>> Felix Schumacher <fe...@internetallee.de> schrieb am
>> 10:29 Montag, 1.Juni 2015:
>>
>> Am 29.05.2015 um 13:16 schrieb George:
>>> Hello,
>>> i try to sent a "hello" email using SMTP Sampler and want to use
>>> SSL/TLS on standard port 465 for this connection.More i want to use
>>> TLSv1.2 with the very strong cipher
>>> "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
>>> Technially if i change the configuration on my server to also accept
>>> TLSv1.1 and v1.0 then the SSL connection works and the email is sent
>>> perfectly.I see in the logs that the client (jmeter) and my server
>>> aggreed on a cipher comming from TLS1.0.Thus in general SSL is
>>> working but not with TLSv1.2.
>>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
>>> cipher?I tried to put this in my jmeter.sh file but seems it does
>>> not matter?
>>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
>>>
>> The smtp sampler has no option to specify the wanted ciphersuites, so
>> the option given above will not be used.
>>> I also installed lates java jdk and i also installed the additional
>>> strong security pakage and replaced the .jar files in
>>> /usr/java/jre.../lib/security
>> Which jdk did you install exactly?
>>
>> Have you checked (with openssl or something similar), that your
>> mailserver is capable of TLSv1.2?
>>
>> Regards
>> Felix
>>> BrGeorge
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
>> For additional commands, e-mail: user-help@jmeter.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Hi George,
Am 03.06.2015 um 12:11 schrieb George:
> Hello,
> yes my server can do tls 1.2 perfectly and also with the above (strong) cipher.I did some more tests where i modify step by step my server configuration until it works and here are my results.
> Test 1:My server allows ONLY tls 1.2 and ONLY the cipher ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> Test 2:My server allows ONLY tls 1.2 and ANY cipher
> Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
> Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
>
> My jmeter.properties is set to do tls1.2 only - but the SSL configuration is only for the http protocol and not for smtp(s).Thus i think this does not care.I have java jre 1.8 latest plus the oracle security "Unlimited Strength Java Cryptography Extension Policy Files" pakage.
> My jmeter test plan is very easy.
> One thread one smtp sampler and one "view results in tree".The SMTP Sampler target my mail server on port "465" and the checkbox "use ssl" is enabled and the hook "Trust all certificates" is enabled too.There is one Subject: hello and Email body: hello. Simple
> Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly SSL Handshake. SSL Connection established using "TLSv1 ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no mutual ssl)
> OK thus it works.I can sent an email with jmeter SMTP sampler using (direct) ssl on port 465 - but it only works if i activate tls1.0.
> I do not found any jmeter configuration about "smtps".
>
> I did some further tests wirh thunderbird 31.4 (on a linux).Here the results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
> Looking on the thunderbird settings its strange but the cipher i want to use is not available. Thus i can do tls1.2 but not with my "strong" cipher.
> Br.George
I have added a few println's in TrustAllSSLSocketFactory and found, that
I have to change the line where the sslcontext is created first by
calling SSLContext.getInstance("TLS").
When you change that occurence of TLS to TLSv1.2 you should get a
TLSv1.2 connection with a string cipher suite.
This default setting should probably be configurable as the used cipher
suites.
Regards
Felix
>
>
>
>
> Felix Schumacher <fe...@internetallee.de> schrieb am 10:29 Montag, 1.Juni 2015:
>
>
> Am 29.05.2015 um 13:16 schrieb George:
>> Hello,
>> i try to sent a "hello" email using SMTP Sampler and want to use SSL/TLS on standard port 465 for this connection.More i want to use TLSv1.2 with the very strong cipher "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
>> Technially if i change the configuration on my server to also accept TLSv1.1 and v1.0 then the SSL connection works and the email is sent perfectly.I see in the logs that the client (jmeter) and my server aggreed on a cipher comming from TLS1.0.Thus in general SSL is working but not with TLSv1.2.
>> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above cipher?I tried to put this in my jmeter.sh file but seems it does not matter?
>> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
> The smtp sampler has no option to specify the wanted ciphersuites, so
> the option given above will not be used.
>> I also installed lates java jdk and i also installed the additional strong security pakage and replaced the .jar files in /usr/java/jre.../lib/security
> Which jdk did you install exactly?
>
> Have you checked (with openssl or something similar), that your
> mailserver is capable of TLSv1.2?
>
> Regards
> Felix
>> BrGeorge
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by George <ba...@yahoo.de>.
Hello,
yes my server can do tls 1.2 perfectly and also with the above (strong) cipher.I did some more tests where i modify step by step my server configuration until it works and here are my results.
Test 1:My server allows ONLY tls 1.2 and ONLY the cipher ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Test 2:My server allows ONLY tls 1.2 and ANY cipher
Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
My jmeter.properties is set to do tls1.2 only - but the SSL configuration is only for the http protocol and not for smtp(s).Thus i think this does not care.I have java jre 1.8 latest plus the oracle security "Unlimited Strength Java Cryptography Extension Policy Files" pakage.
My jmeter test plan is very easy.
One thread one smtp sampler and one "view results in tree".The SMTP Sampler target my mail server on port "465" and the checkbox "use ssl" is enabled and the hook "Trust all certificates" is enabled too.There is one Subject: hello and Email body: hello. Simple
Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly SSL Handshake. SSL Connection established using "TLSv1 ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no mutual ssl)
OK thus it works.I can sent an email with jmeter SMTP sampler using (direct) ssl on port 465 - but it only works if i activate tls1.0.
I do not found any jmeter configuration about "smtps".
I did some further tests wirh thunderbird 31.4 (on a linux).Here the results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
Looking on the thunderbird settings its strange but the cipher i want to use is not available. Thus i can do tls1.2 but not with my "strong" cipher.
Br.George
Felix Schumacher <fe...@internetallee.de> schrieb am 10:29 Montag, 1.Juni 2015:
Am 29.05.2015 um 13:16 schrieb George:
> Hello,
> i try to sent a "hello" email using SMTP Sampler and want to use SSL/TLS on standard port 465 for this connection.More i want to use TLSv1.2 with the very strong cipher "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
> Technially if i change the configuration on my server to also accept TLSv1.1 and v1.0 then the SSL connection works and the email is sent perfectly.I see in the logs that the client (jmeter) and my server aggreed on a cipher comming from TLS1.0.Thus in general SSL is working but not with TLSv1.2.
> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above cipher?I tried to put this in my jmeter.sh file but seems it does not matter?
> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
The smtp sampler has no option to specify the wanted ciphersuites, so
the option given above will not be used.
> I also installed lates java jdk and i also installed the additional strong security pakage and replaced the .jar files in /usr/java/jre.../lib/security
Which jdk did you install exactly?
Have you checked (with openssl or something similar), that your
mailserver is capable of TLSv1.2?
Regards
Felix
> BrGeorge
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org
Re: JMeter SMTP Sampler with (SSL/TLS) and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 29.05.2015 um 13:16 schrieb George:
> Hello,
> i try to sent a "hello" email using SMTP Sampler and want to use SSL/TLS on standard port 465 for this connection.More i want to use TLSv1.2 with the very strong cipher "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
> Technially if i change the configuration on my server to also accept TLSv1.1 and v1.0 then the SSL connection works and the email is sent perfectly.I see in the logs that the client (jmeter) and my server aggreed on a cipher comming from TLS1.0.Thus in general SSL is working but not with TLSv1.2.
> Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above cipher?I tried to put this in my jmeter.sh file but seems it does not matter?
> JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
The smtp sampler has no option to specify the wanted ciphersuites, so
the option given above will not be used.
> I also installed lates java jdk and i also installed the additional strong security pakage and replaced the .jar files in /usr/java/jre.../lib/security
Which jdk did you install exactly?
Have you checked (with openssl or something similar), that your
mailserver is capable of TLSv1.2?
Regards
Felix
> BrGeorge
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
For additional commands, e-mail: user-help@jmeter.apache.org