I recently migrated from Gatling 3.3.1 to Gatling 3.4.0.
As a result, everything works fine in my local machine, but crashes in k8s because of the following error:
Couldn't execute warm up request https://gatling.io
java.lang.IllegalArgumentException: TLSv1.3
at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
at sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
...
I migrated back to the working version.
I assumed from here, that TLSv1.3 is switched on by default.
I searched for the appropriate setting in gatling-defaults.conf, but did not succeed.
I use Java 1.8 both locally and on remote k8s
Please help me to resolve this issue!
Thanks in advance!
In order to support TLSv3, Gatling needs:
either to be able to load netty-tcnative (basically BoringSSL)
or run on Java 11+ where TLSv3 is available
We can see in the logs that the former fails. We can also see that netty_transport_native_epoll_x86_64 can't be loaded while netty_transport_native_epoll_x86 can. This means you're running on a 32-bit Linux. netty-tcnative/BoringSSL is only available on 64-bit.
The latter fails as you stated running on Java 8.
We can probably improve things on our side, but you should switch to a 64-bit host.
Otherwise, you can enforce the list of supported protocols in gatling.conf, see https://github.com/gatling/gatling/blob/master/gatling-core/src/main/resources/gatling-defaults.conf#L57
Related
I am trying to understand/reproduce Log4shell vulnerability, using this poc and also information from Marshalsec.
To do that, I've downloaded Ghidra v10.0.4, which is said (on Ghidra download page) to be vulnerable to log4shell. Installed it on an ubuntu VM, along with java 1.8 (as stated in POC), and loaded the Poc + marshalsec snapshot.
Tried to start Ghidra, it said java 11 was needed, so although I've installed java 1.8 I still downloaded java 11 and, when you start ghidra, it says the installed version is not good enough and ask for the path to a java11 version; so I just gave him path to the jdk11 directory and it seems happy with it. Ghidra starts alright.
Then set up my listener and launched the poc, got the payload string to copy/paste in ghidra, and got a response in the ldap listener saying it'll send it to HTTP. But nothing more. The end.
Since the HTTP server is set up by the same POC, I thought maybe I just couldn't see the redirection, so I started the http server myself, started the ldap server myself with marshalsec, and retried (see pics below for exact commands/outputs).
Setting http server:
Set listener:
Setting LDAP server:
Send payload string in Ghidra (in the help/search part, as shown in kozmer POC); immediately got an answer:
I still receive a response on the LDAP listener (two, in fact, which seems weird), but nothing on the HTTP. The the Exploit class is never loaded in ghidra (it directly sends me a pop-up saying search not found, I think it is supposed to wait for the server answer to do that?), and I get nothing back in my listener.
Note that I don't really understand this Marshalsec/LDAP thing so I'm not sure what's happening here. If anyone have time to explain it will be nice. I've read lot of stuff about the vuln but it rarely goes deeply into details (most is like: the payload string send a request to LDAP server, which redirect to HTTP server, which will upload the Exploit class on the vulnerable app and gives you a shell).
Note: I've checked, the http server is up and accessible, the Exploit.class file is here and can be downloaded.
Solved it.
Turned out for log4shell to work you need a vulnerable app and a vulnerable version of Java; which I thought I had, but nope. I had Java 11.0.15, and needed Java 11 (Ghidra need Java 11 minimum, only vulnerable version of Java 11 is the first one).
Downloaded and installed Java 11, POC working perfectly.
Since Twitter changed their website design, I cannot get a set of tweets from any account by using built-in Zinc classes. It throws an error that says: ConnectionClosed: Connection closed while waiting for data
I am using Pharo 5, and I don't know how to tweak the ZnClient settings in order to keep the connection open or something to the purpose of getting the data.
testTwitter
| client |
self ensureSocketStreamFactory.
self isNativeSSLPluginPresent ifFalse: [ ^ self ].
(client := ZnClient new)
get: 'https://www.twitter.com/pharoproject'.
self assert: client isSuccess.
self assert: (client contents includesSubstring: 'Twitter').
client close
That's the test I have in place, it never passes, and throws the error mentioned above. What's missing here? I did a Ruby script using open-uri, openssl and Nokogiri and it fetched the tweets just fine. Perhaps it's a problem with the SSL connection itself?
The issue here is quite easy to answer, but you won't like it. Your issue is connected to the fact that the Twitter has deprecated support for TLS 1.0, TLS 1.1 on July 15/2019. Your pharo is using the deprecated TLS to connect. That is the reason why you are getting the timeout.
The solution?
You have to compile the new SSL/TLS support yourself which is not an easy task to do. You have to compile in at least TLS 1.2 to be able to connect again. There is lack of Pharo documentation how to compile support for new libraries. My guess is that you are using TLS 1.0 (see a note below) - since Pharo 6.1 (so your Pharo 5.x will have same or older libraries) has libgit2.so compiled against libssl.so.1.0.0 (which has dependency libcurl-gnutls.so.4) - If you update the libraries you can see that those support >= TLS 1.2.
Note:
This is connected to the issue which I have posted some time ago. Nobody upvoted it or answered so it got automatically deleted - you can vote to undelete it: https://stackoverflow.com/questions/51399321/getting-error-when-adding-ossubprocess-to-my-pharo-6-1-on-centos-7-4x (see the bottom of the post for the question). I don't have an answer for that as I have dedicated time to my Smalltalk/X project.
Or just switch to a newer Pharo. Adding your method to ZnHTTPSTest in Pharo 8 just works (tested on Pharo 8 build 686, Ubuntu 18.04.02 LTS with the stable vm in PharoLauncher)
Firstly, there are related posts:
GlassFish Server update center installation times out
Java EE 7 updatetool installation fails
I got my Java EE 7 SDK (Update 3) from here: http://www.oracle.com/technetwork/java/javaee/downloads/index.html
I have tried each of the solutions in the above posts and here: https://blogs.oracle.com/dipol/troubleshooting-glassfish-update-center
Including:
In the cmd prompt running set PKG_CLIENT_CONNECT_TIMEOUT=300 and set PKG_CLIENT_READ_TIMEOUT=300 before updatetool in C:\glassfish4\bin\updatetool.bat (c:\glassfish4 in my install directory - all settings were default, including install update tool...).
Set above mentioned timeout to much larger values - doesn't appear to make a difference at all, the process basically bombs immediately.
Running C:\glassfish4\bin\updatetool.bat many times.
Triple checking that I didn't somehow configure a proxy server in my sleep.
Use the update tool via the Glassfish admin console at http://localhost:4848 (seems to show no available update or add-ons, which seems odd..)
I get the following screenshot when I run C:\glassfish4\bin\updatetool.bat
I have no idea why the error would be proxy related, unless it happened to be something on their end. Interestingly, If I go directly to the URL mentioned (via Chrome) I get the following page:
What could possibly be going wrong here?
The updatetool was a commercial feature of Oracle GlassFish. Any update functionality relied on Oracle providing a site where updates could be hosted. Since Oracle GlassFish is no longer supported, this site no longer exists so the updatetool won't work any more.
Rather than downloading GlassFish from Oracle, you should download it from the official open source site, hosted on GitHub. Alternatively, if you really do need support, you could try Payara Server which is open source, and derived from GlassFish, but has support available (disclaimer: I work for Payara)
I'm trying to get asterisk 11.20.0 running with WebRTC (sip.js 0.72 which I believe is a fork of jssip), but I'm seeing the following (and the called party rings, but when the phone is answered the call gets hung up).
This is my setup:
What I see:
In the CLI:
[2015-11-24 01:01:53] NOTICE[43619][C-00000002]: res_rtp_asterisk.c:4441 ast_rtp_read: Unknown RTP codec 95 received from '(null)'
In Firefox:
InvalidSessionDescriptionError: Invalid description, no ice-ufrag attribute
Attachments:
SIP Dialogue (Asterisk CLI)
Webphone Log
Config Files (httpd.conf, sip.conf, rtp.conf)
Asterisk Compiled with Libuuid & Friends
What I've tried so far:
Changed webRTC implementations (tried chrome and firefox both with SIPML and SIP.JS)
Set the STUN server to null on the client side (stunServers: ['stun:null'])
Configured properly (I hope) my sip.conf and rtp.conf and httpd.conf
Made sure I have libuuid, uuid and their -devel companions and after i've recompiled asterisk.
What I've read:
http://forums.asterisk.org/viewtopic.php?p=201702
https://wiki.asterisk.org/wiki/display/AST/Asterisk+WebRTC+Support
https://wiki.asterisk.org/wiki/display/AST/WebRTC+tutorial+using+SIPML5
http://jssip.net/documentation/misc/interoperability/asterisk/
http://sipjs.com/guides/server-configuration/asterisk/
https://kunjans.wordpress.com/2015/01/09/web-sip-client-sipml5-with-asterisk-13-on-centos-6-6/
http://forums.digium.com/viewtopic.php?f=1&t=89798
Please, if you can, give me a hand. I'm about to smash my box with a sledge hammer.
Faced same issue and followed instruction in http://forums.digium.com/viewtopic.php?f=1&t=90167 realise that:
This issue is caused because you asterisk don't have ICE support, you can solve that by installing the uuid/libuuid and uuid-devel/libuuid-devel packages on your system. Then recompile asterisk(be sure to rerun the configure script before the make command).
I did recompile my Astersik 11.16.0 with patch for ECDH support and fallback to prime256v1 https://issues.asterisk.org/jira/browse/ASTERISK-25265 and looks like lost uuid support at that time. Reverting back to non-patched version (with uuid support, use to be compiled before) resolved my issue with "no ice-ufrag attribute" error in Firefox console and calls are going well now from WebRTC client SIPML5 based to asterisk, but not in opposit direction
I have tried for days now trying to find the right version of red5phone, but to no avail. Also, I need red5 and asterisk to be on different servers. I have followed all instructions described in the various tutorials on web, but nothing helps. I have downloaded 2 different versions of red5phone: sip1, sip_47 from the red5phone google code site, but none of them worked!
When I use:
a) sip1 - shows the correct parameters being passed on the red5 server console, but connection is stuck up with the console displaying the following error:
[NioProcessor-1] ERROR o.r.server.service.ServiceInvoker - Method login with parameters [<sip user>, <sip user>,<sip user>,<sip user pwd>, <asterisk server i/p>, <asterisk server i/p>] not found in org.red5.server.webapp.sip.Application#2d0c94a7
b) sip47 - when I type in the values in the flex interface and check the red5 server console, I see all parameters correct(the ones I passed) except for asterisk server ip that i m trying to connect. Instead, it shows 127.0.0.1 by default and completely ignores the passed ip and regsitration fails.
I am using:
red5 server version: 0.9.1, centos: 4.8(final), red5phone used: sip_47 (tried sip1 as well)
As a desperate measure I tried debugging the source code for red5phone (java and flex files) myself. but when I try to create the environment on my local system, I get several compile errors for missing java packages such as javax.media, org.slf4j, org.red5, etc. really confused and desperate for some guidance. Any tips highly appreciated.
Sunil, I'm also new to this, I would try red5-voicebridge installed in your red5 server.
red5-voicebridge Please let me know if you got it to work.