I'm trying to publish message to a Tibco Queue on a SSL Tibco Server through JMeter 5.4.1 using JMS Point-to-Point Logic Controller.
JMS Point To Point Controller Config
But I'm getting the following error message:
2021-06-13 12:25:46,278 ERROR o.a.j.p.j.s.JMSSampler: Not permitted:
Failed to connect to any server at: ssl://[server-name]:7352,
ssl://[server-name]:7352 [Error: Failed to connect via SSL to
[ssl://[server-name]:7352]: Received fatal alert:
protocol_version: url that returned this exception =
SSL://[server-name]:7352 ]
javax.naming.AuthenticationException: Not permitted: Failed to connect
to any server at: ssl://[server-name]:7352,
ssl://[server-name]:7352 [Error: Failed to connect via SSL to
[ssl://[server-name]:7352]: Received fatal alert:
protocol_version: url that returned this exception =
SSL://[server-name] ] at
com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:670)
~[tibjms.jar:8.0.0] at
com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:491)
~[tibjms.jar:8.0.0] at
javax.naming.InitialContext.lookup(InitialContext.java:417)
~[?:1.8.0_291] at
org.apache.jmeter.protocol.jms.sampler.JMSSampler.threadStarted(JMSSampler.java:638)
[ApacheJMeter_jms.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread$ThreadListenerTraverser.addNode(JMeterThread.java:784)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jorphan.collections.HashTree.traverseInto(HashTree.java:993)
[jorphan.jar:5.4.1] at
org.apache.jorphan.collections.HashTree.traverse(HashTree.java:976)
[jorphan.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.threadStarted(JMeterThread.java:752)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.initRun(JMeterThread.java:740)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:252)
[ApacheJMeter_core.jar:5.4.1]
I tried:
openssl s_client -connect [server-name]:7352
It gave the following output:
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
So added the following line in jmeter.properties file.
https.default.protocol=TLSv1.2
Also commented jdk.tls.disabledAlgorithms from java.security file for JDK (I'm using jdk1.8.0_291)
# jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
# DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
# include jdk.disabled.namedCurves
But still I'm getting the same error. Someone please help.
I think you're using the wrong property (not only the wrong property but the wrong place as well), you're setting default protocol for HTTPS, while you need to set it for TLS, i.e. add the next line to system.properties file
jdk.tls.client.protocols=TLSv1.2
JMeter restart will be required to apply this property.
If it won't help or you will get different errors - consider adding the next line there as well:
javax.net.debug=all
and then check jmeter.log file and stdout for any suspicious entries
More information:
Configuring JMeter
Apache JMeter Properties Customization Guide
I resolved it by using the latest tibjms.jar in the lib directory in JMeter as the Tibco server was upgraded some hours before I raised this issue.
Related
I'm new in ejbca and i have to install it on a virtual machine for job
Ubuntu 20.04
ejbca_7_4_3_2
wildfly-18.0.0.Final
mariadb-server version: 10.3.32-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
openjdk version "1.8.0_312"
Apache Ant(TM) version 1.10.7 compiled on October 24 2019
After a few try's(and a lot of virtual machines cloned and deleted), i finally get the "build successfully" message with the commands ant runinstall and ant deploy-keystore
But when i try to use the URL https://localhost:8443/ejbca/ (the certificate SuperAdmin.p12 is installed) my browser(firefox 96.0 64bits) give the message
An error occurred during a connection to localhost:8443. Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
i have this errors on my log file, the first one related with ant -q clean deployear
and the last, appear every time i try to access via URL https://localhost:8443/ejbca/
ERROR [org.jboss.as.jsf] (MSC service thread 1-1) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorMBean
ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)
at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception
Sounds like a TLS configuration issue. You will find the TLS configuration you did when configuring WildFly in the commands you ran like:
/opt/wildfly/bin/jboss-cli.sh --connect '/subsystem=elytron/server-ssl-context=httpspriv:add(key-manager=httpsKM,protocols=["TLSv1.2"],use-cipher-suites-order=false,cipher-suite-filter="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",trust-manager=httpsTM,need-client-auth=true)'
The result is somewhere in standalone.xml in WildFly, and you can modify it directly in WildFly. For example if you have EC keys in the server certificate while using the above RSA algorithm selection.
In server.log you should also see when WildFly starts up if there are any error in parsing the values, or keystores.
Make sure that you server and client certificates have keys and algorithms that match the TLS algorithm settings, otherwise WildFly will remove those algortihms.
I am trying to setup inter-broker SSL (not client) authentication and keep seeing the following errors:
[2019-05-17 06:33:47,151] INFO [Controller id=1004, targetBrokerId=1004] Failed authentication with /$IP (SSL handshake failed) (org.apache.kafka.common.network.Selector)
[2019-05-17 06:33:47,151] INFO [SocketServer brokerId=1004] Failed authentication with /$IP (SSL handshake failed) (org.apache.kafka.common.network.Selector)
[2019-05-17 06:33:47,151] ERROR [Controller id=1004, targetBrokerId=1004] Connection to node 1004 (/$IP:9093) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
My server.properties is:
listeners=PLAINTEXT://$IP:9092,SSL://$IP:9093
security.inter.broker.protocol=SSL
ssl.truststore.password=$PASS
ssl.keystore.password=$PASS
ssl.key.password=$PASS
ssl.endpoint.identification.algorithm=""
ssl.keystore.location=/etc/kafka/kafka.server.keystore.jks
ssl.truststore.location=/etc/kafka/kafka.server.truststore.jks
``
When I run `openssl s_client -debug -connect $IP:9093 -tls1` I get back a list of certificates and `Secure Renegotiation IS supported`
Despite adding `-Djavax.net.debug=all` there's not anything in the logs which points to the problem.
Kafka version 2.2
Any ideas?
I had incorrectly set the value of ssl.endpoint.identification.algorithm="" instead of ssl.endpoint.identification.algorithm", this fixed it.
This value was changed in 2.2 to default to https so setting it to nothing worked.
I was doing a rutinary check of my web at GTMETRIX when I get this error message:
Analysis Error An error occurred fetching the page: HTTPS error: SSL
connect attempt failed error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
There may be a connectivity issue between your server and the GTmetrix
test server. Try testing from another test location or try again
later.
I was looking for answers but can't find any solution. This is the actual status of my SLL configuration:
** Configuring SSL ** testing htaccess rules...
htaccess rules test failed with error: cURL error 35:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure checking if .htaccess can or should be edited...
Any help would be appreciated.
Need your help in setting the SSL manager in Jmeter for performance testing with IBM datapower.
I tried the below steps to Add cert.
• Added (* .jks /*.p12 ) file in the jmeter GUI > Options > SSL Manager.
• I tried the setting the jks file in system.properties file too.
Path : *\jMETER\apache-jmeter-3.0\apache-jmeter-3.0\bin\system.properties
# Truststore properties (trusted certificates)
#javax.net.ssl.trustStore=/path/to/[jsse]cacerts
#javax.net.ssl.trustStorePassword
#javax.net.ssl.trustStoreProvider
#javax.net.ssl.trustStoreType [default = KeyStore.getDefaultType()]
# Keystore properties (client certificates)
# Location
javax.net.ssl.keyStore=****.jks -- Added
#
#The password to your keystore
javax.net.ssl.keyStorePassword=****-- Added
#
#javax.net.ssl.keyStoreProvider
#javax.net.ssl.keyStoreType [default = KeyStore.getDefaultType()]
I dont see the SSL handshake jMETER and datapower even after i followed ablove steps. Getting below error from datapower.
12:47:26 AM ssl error 51751363 10.123.98.73 0x806000ca valcred (###_CVC_Reverse_Server): SSL Proxy Profile '###_SSLPP_Reverse_Server': connection error: peer did not send a certificate
12:47:26 AM mpgw error 51751363 10.123.98.73 0x80e00161 source-https (###_HTTPS_FSH_CON_****): Request processing failed: Connection terminated before request headers read because of the connection error occurs, from URL: 10.123.98.73:58394
12:47:26 AM ssl error 51751363 10.123.98.73 0x8120002f sslproxy (####_SSLPP_Reverse_Server): SSL library error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
Can you please advice how to send the cert(.jks/ .p12) file from jmeter.
Change "Implementation" of your HTTP Request sampler(s) to Java. The fastest and the easiest way of doing this is using HTTP Request Defaults.
If you're using .p12 keystores you will need an extra line in the system.properties file like:
javax.net.ssl.keyStoreType=pkcs12
JMeter restart is required to pick the properties up.
See How to Set Your JMeter Load Test to Use Client Side Certificates article for more information.
I have the PushAdapter from the example push notification defined in an new project, and, I've added the apns-certificate-sandbox.p12 to the native api application (a native api), added the correct bundleId value in the application-descriptor.xml, but, I keep getting this error:
[WARNING ] Failed to retreive invalid devices
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
[ERROR ] Couldn't get feedback connection
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
[ERROR ] Unknown exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Unknown exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
This is a new installation of Worklight (6.0.0.20130909-1459), and I've tried two separate installations (one into Eclipse and one into RAD), both same errors.
Is there some additional work that needs to be done for push testing to work in the Worklight Development Server (Websphere Liberty) environment for SSL to work? There aren't any devices subscribed yet, but, not sure why this error is occurring or if it's relevant at all.
The detailed trace is here:
[11/1/13 11:50:20:834 EDT] 00000034 com.worklight.core.exceptions.InstrumentedException E Unknown exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
com.worklight.core.exceptions.InstrumentedException: Unknown exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.worklight.core.exceptions.DefaultExceptionHandler.handleException(DefaultExceptionHandler.java:56)
at com.worklight.core.tasks.TaskThread.run(TaskThread.java:113)
Caused by: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.notnoop.apns.internal.Utilities.parseFeedbackStreamRaw(Utilities.java:201)
at com.notnoop.apns.internal.Utilities.parseFeedbackStream(Utilities.java:211)
at com.notnoop.apns.internal.ApnsFeedbackConnection.getInactiveDevicesImpl(ApnsFeedbackConnection.java:87)
at com.notnoop.apns.internal.ApnsFeedbackConnection.getInactiveDevices(ApnsFeedbackConnection.java:67)
at com.notnoop.apns.internal.AbstractApnsService.getInactiveDevices(AbstractApnsService.java:99)
at com.notnoop.apns.internal.ApnsServiceImpl.getInactiveDevices(ApnsServiceImpl.java:36)
at com.worklight.integration.notification.apns.ApplicationConnection.getInactiveDevices(ApplicationConnection.java:110)
at com.worklight.integration.notification.apns.APNSMediator.maintain(APNSMediator.java:95)
at com.worklight.integration.notification.Dispatcher.maintain(Dispatcher.java:148)
at com.worklight.integration.notification.NotificationCleanupTask.step(NotificationCleanupTask.java:29)
at com.worklight.core.tasks.TaskThread.run(TaskThread.java:111)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:69)
at java.io.DataInputStream.readInt(DataInputStream.java:387)
at com.notnoop.apns.internal.Utilities.parseFeedbackStreamRaw(Utilities.java:192)
... 10 more
This looks like an error from the server trying to test a connection to the Apple Push/Feedback service.
A couple of things to check:
Is the application built for development or distribution?
If development, ensure you are using the Development SSL certificate. Export both the certificate and private key into a file named: apns-certificate-sandbox.p12
If distribution, ensure you are using the Production SSL certificate. Export both the certificate and private key into the a file named: apns-certificate-production.p12
Ensure the .p12 file was created correctly and that you specified the corresponding password in the application descriptor file.
Ensure that your Worklight server can access the APNs hosts/ports for the push and for feedback service. i.e Firewall ports need to be opened for the following:
gateway.push.apple.com, port 2195
gateway.sandbox.push.apple.com, port 2195
feedback.push.apple.com, port 2196
feedback.sandbox.push.apple.com on port 2196
Worklight product never used http://code.google.com/p/javapns for push, it is using com.notnoop.apns . This package works well with Oracle JDK 1.6 and 1.7
Can you shed some more light on which JDK exactly version were you using ?
I tested push sample on the embedded Liberty+Oracle JDK 1.7_07b +iPhone 5 and it worked.
how did you create this certificate ? can you write here step-by-step what you did? (and specify every file you copied,edited i the way)
If you are asking about using javaPNS: Ofcourse, since its an open framework, you could manually copy (and use) any jar into your Worklight project as a 3rd party dependency, however, it seems that this javaPNS jar has some bugs with SSL.
Why don't you look at the Worklight's push notification samples and work your way from there ( http://www.ibm.com/developerworks/mobile/worklight/getting-started.html#client-basics ) ? (Worklight comes with a working push notification solution , works on JDK1.6 or 1.7 without issues with your PKCS12 certificates)
On my side it has been veririfed that in OS X (sometimes in Windows too actually), the certificate_unknown error is thrown when using JRE 7 instead of JRE 6. It seems that the notnoop open source library used in Worklight is not handling well Java 7.
https://github.com/notnoop/java-apns/issues/54