大佬教程收集整理的这篇文章主要介绍了javax.net.ssl.SSLHandshakeException:将JMeter与SSL(JDK8)一起使用时,握手失败,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
因此,在进行了一些挖掘并在注释中提出了想法之后,它可以归结为tomcat配置。RC4-SHA根据RFC7465,仅允许进行tomcat配置,这是不安全的,并且Java
8中不再支持该配置(感谢Robert供参考)。
通过更新服务器SSL配置并删除RC4-SHA仅密码,并允许所有默认密码套件(例如SSLCipherSuite="RC4-SHA"从server.xmltomcat配置文件中删除),我使JMeter可以在Java8上工作。
添加更强的安全性加密(JCE无限强度策略),将允许更好的密码套件和更强的加密。您将需要了解美国的出口规则。
我将需要决定要支持哪些密码。这取决于我们期望连接到SSL tomcat连接器的客户端。一个客户端肯定是我们的JMeter测试客户端,并且将要连接的其他RESTful客户端很少,它们都是用各种语言编写的,并且适用于各种平台。
希望这次讨论能对其他人有所帮助并有所启发。
我想编辑此答案以添加推荐的(当前)TLS协议和CipherSuite设置。
我发现有关Mozilla ServerSide SSL Configuration的一些精彩讨论:
Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNulL:!eNulL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
Versions: TLSv1.1, TLSv1.2
RSA key size: 2048
DH Parameter size: 2048
Elliptic curves: secp256r1, secp384r1, secp521r1 (at a minimum)
Certificate signature: SHA-256
HSTS: max-age=15724800
Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELliA:DES-CBC3-SHA:!aNulL:!eNulL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Versions: TLSv1, TLSv1.1, TLSv1.2
RSA key size: 2048
DH Parameter size: 2048 (see DHE and Java for details)
Elliptic curves: secp256r1, secp384r1, secp521r1 (at a minimum)
Certificate signature: SHA-256
… 和别的
谢谢大家的参与。
我正在编写一个JMeter测试计划以连接到SSL端口(tomcat连接器)。使用JDK8(1.8.0_51)上的三个JMeter
SSL客户端实现(httpClient4,httpClient3.1,Java)中的任何一个连接到SSL端口时,我收到SSLHandshakeException(handshake_failure)。如果我使用JDK7(1.7.0_75)-一切正常。
Client JDK: HotSpot 1.8.0_51
Client OS: Mac OSX 10.10.2
JMeter version: 2.13
Server: Tomcat 7.0.63 (latest)
Server SSL CipherSuite: RC4-SHA
Server SSL Protocol: all
Server Java: OpenJDK 1.7.0_79
这是我已经尝试过的一些方法:
(1)我尝试替换JCE无限强度JAR,如关于类似问题的建议:
连接到https站点时SSLHandshakeException
错误消息或日志文件中没有任何更改,JDK8客户端将无法连接到SSL服务器。
(2)我按如下所述打开调试:https : //blogs.Oracle.com/java-platform-
group/entry/diagnosing_tls_ssl_and_https。将JMeter
JVM_ARGS设置为来启动-Djavax.net.debug=ssl:handshake:verbose。日志文件(如下所示)没有提示问题的任何原因。
(3)我尝试指定httpS procotol,例如-Dhttps.protocols=SSLv3。没运气。 SSLv3 已禁用或密码不匹配:
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is
disabled or cipher suites are inappropriatE)
(4)我尝试禁用 SNI ,例如-Djsse.enableSNIExtension=false。也没有运气。
因此,我现在不得不使用 JDK7 ,直到我可以将JMeter与 JDK8 一起运行 为止 ,并且我想修复它。
因此,问题在于JDK8与JDK7的处理方式不同。另外,服务器(tomcat连接器)将需要支持适当的密码和协议,但这暂时不在我的控制范围之内。
以下是相关日志:
X509Keymanager passed to SSLContext.init(): need an X509ExtendedKeymanager for SSLENGIne use
trigger seeding of SecureRandom
done seeding SecureRandom
Agents (clients) 1-2,setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy Hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy Hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
%% No cached client session
*** ClientHello,TLSv1.2
RandomCookie: *** ClientHello,TLSv1.2
GMT: 1422637724 bytes = { RandomCookie: GMT: 1422637724 bytes = { 71,27,101,246,26,99,64,213,53,66,156,118,137,247113,226,86,121,189,207,175,98,46,242,48,19,30,251,120,125,249,63,114,254,5,168,17,190,214,228,90,165128 }
Session ID:,113,{}
157,211,230,144,Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
145,Compression Methods: { 238,0178 }
Session ID: {}
}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves,curve names: {secp256r1,sect163k1,sect163r2,secp192r1,secp224r1,sect233k1,sect233r1,sect283k1,sect283r1,secp384r1,sect409k1,sect409r1,secp521r1,sect571k1,sect571r1,secp160k1,secp160r1,secp160r2,sect163r1,secp192k1,sect193r1,sect193r2,secp224k1,sect239k1,secp256k1}
Extension ec_point_formats,formats: [uncompressed]
Extension signature_algorithms,signature_algorithms: SHA512withECDSA,SHA512withRSA,SHA384withECDSA,SHA384withRSA,SHA256withECDSA,SHA256withRSA,SHA224withECDSA,SHA224withRSA,SHA1withECDSA,SHA1withRSA,SHA1withDSA,MD5withRSA
***
Extension elliptic_curves,MD5withRSA
***
Agents (clients) 1-2,WRITE: TLSv1.2 Handshake,length = 237
Agents (clients) 1-1,length = 237
Agents (clients) 1-2,READ: TLSv1.2 Alert,length = 2
Agents (clients) 1-2,RECV TLSv1.2 ALERT: fatal,handshake_failure
Agents (clients) 1-2,called closeSocket()
Agents (clients) 1-2,handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Agents (clients) 1-2,called close()
Agents (clients) 1-2,called closeInternal(true)
Agents (clients) 1-1,length = 2
Agents (clients) 1-1,handshake_failure
Agents (clients) 1-1,called closeSocket()
Agents (clients) 1-1,handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Agents (clients) 1-1,called close()
Agents (clients) 1-1,called closeInternal(true)
这是我在JMeter日志文件中获得的stacktrace:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.httpsClient.afterConnect(httpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegatehttpsURLConnection.connect(AbstractDelegatehttpsURLConnection.java:185)
at sun.net.www.protocol.https.httpsURLConnectionImpl.connect(httpsURLConnectionImpl.java:153)
at org.apache.jmeter.protocol.http.sampler.httpJavaImpl.sample(httpJavaImpl.java:483)
at org.apache.jmeter.protocol.http.sampler.httpSamplerProxy.sample(httpSamplerProxy.java:74)
at org.apache.jmeter.protocol.http.sampler.httpSamplerBase.sample(httpSamplerBase.java:1146)
at org.apache.jmeter.protocol.http.sampler.httpSamplerBase.sample(httpSamplerBase.java:1135)
at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:434)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:261)
at java.lang.Thread.run(Thread.java:745)
因此,如何使用服务器允许的协议和密码,使JMeter中的JDK8客户端与SSL端口通信。
谢谢!
编辑:添加了SSL Labs测试结果
Protocols
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No
Cipher Suites (sorted by strength as the server has no preference; deprecated and SSL 2 suites at the end)
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
Clients
Java 6u45 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS RC4 128
Java 7u25 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS RC4 128
Java 8u31 TLS 1.2 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS RC4 128
以上是大佬教程为你收集整理的javax.net.ssl.SSLHandshakeException:将JMeter与SSL(JDK8)一起使用时,握手失败全部内容,希望文章能够帮你解决javax.net.ssl.SSLHandshakeException:将JMeter与SSL(JDK8)一起使用时,握手失败所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。