Bug 54759 - SSLPeerUnverifiedException using HTTPS , property documented
SSLPeerUnverifiedException using HTTPS , property documented
Status: RESOLVED FIXED
Product: JMeter
Classification: Unclassified
Component: HTTP
2.9
All All
: P2 normal (vote)
: ---
Assigned To: JMeter issues mailing list
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-03-28 04:27 UTC by Carlos Barragan
Modified: 2013-04-14 20:05 UTC (History)
2 users (show)



Attachments
Includes console output showing the handshake and the java.net.SocketException (159.78 KB, text/plain)
2013-03-28 04:27 UTC, Carlos Barragan
Details
Test showing failure with HttpClient (3.06 KB, text/plain)
2013-04-01 20:34 UTC, Philippe Mouawad
Details
Test showing failure with Java API (1.90 KB, text/plain)
2013-04-01 20:34 UTC, Philippe Mouawad
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Barragan 2013-03-28 04:27:32 UTC
Created attachment 30109 [details]
Includes console output showing the handshake and the java.net.SocketException

JMeter: 2.9r1437961
OS: Windows 7 64 bits
Java version: jdk1.7.0_17
Attach: Full debug information from java console (output.txt)

Already consulted https://issues.apache.org/bugzilla/show_bug.cgi?id=53922 but it says that it should not happen with Java 7. 

I created an HTTP request to https://clui.xstratacoal.com.au and found the following exception (worked with other secure sites): 

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
	at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:286)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:62)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1088)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1077)
	at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:428)
	at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:256)
	at java.lang.Thread.run(Unknown Source)
Comment 1 Philippe Mouawad 2013-04-01 20:34:02 UTC
Created attachment 30132 [details]
Test showing failure with HttpClient
Comment 2 Philippe Mouawad 2013-04-01 20:34:22 UTC
Created attachment 30133 [details]
Test showing failure with Java API
Comment 3 Philippe Mouawad 2013-04-01 20:35:27 UTC
This is very strange, this website URL fails with :
- Java core API
- HTTPClient4 core API

with last jdk6 and last jdk7.
Comment 4 Philippe Mouawad 2013-04-14 15:08:57 UTC
For Java Impl add this to system.properties:
https.protocols=SSLv3

It will fix issue for Java Implementation.

So it seems the server only supports SSLv3, attempt to negotiate upwards from v2 to v3 seems not to be supported by server.

To fix it for HC family it seems we need to call this on SSL Socket:
- socket.setEnabledProtocols(new String[] { "SSLv3" });

We need to find a way to make this configurable.
Comment 5 Philippe Mouawad 2013-04-14 20:03:22 UTC
After further analysis, in fact property in jmeter.properties already exists and is named:
#https.socket.protocols=SSLv2Hello SSLv3 TLSv1

Setting it to this fixes issue
https.socket.protocols=SSLv3

I will document this property.
Comment 6 Philippe Mouawad 2013-04-14 20:05:30 UTC
Date: Sun Apr 14 20:04:49 2013
New Revision: 1467823

URL: http://svn.apache.org/r1467823
Log:
Bug 54759 - SSLPeerUnverifiedException using HTTPS , property documented
Bugzilla Id: 54759

Modified:
    jmeter/trunk/bin/jmeter.properties
    jmeter/trunk/xdocs/changes.xml