60733 – javax.net.ssl.SSLHandshakeException: server certificate change is restricted during renegotiation

Bug 60733 - javax.net.ssl.SSLHandshakeException: server certificate change is restricted during renegotiation

Summary: javax.net.ssl.SSLHandshakeException: server certificate change is restricted ...

Status:	RESOLVED INVALID

Alias:	None

Product:	JMeter - Now in Github
Classification:	Unclassified
Component:	HTTP (show other bugs)
Version:	2.13
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	JMeter issues mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-02-14 16:52 UTC by Maverick
Modified:	2017-02-14 20:33 UTC (History)
CC List:	1 user (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Maverick 2017-02-14 16:52:24 UTC

I am trying to run test usnign JMeter 2.13 on windows machine and getting  below error intemittenly.

I am running test for 1 hour. Total 10000 Request to server and out of that only 100 odd requests are failing with this error.

Java JDK version = 1.8 
Request Details:
https GET 

I have added KERBOS BASIC DIGEST AUTHENTICATION with option of clear authentication on each iteration

Error:

javax.net.ssl.SSLHandshakeException: server certificate change is restricted during renegotiation
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
	at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:107)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
	at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:517)
	at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:331)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1135)
	at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:434)
	at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:261)
	at java.lang.Thread.run(Unknown Source)

Comment 1 Maverick 2017-02-14 16:55:38 UTC

Application uses
The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a strong cipher (AES_128_GCM).



And my JMeter Property file settings is

#---------------------------------------------------------------------------
# SSL configuration
#---------------------------------------------------------------------------

## SSL System properties are now in system.properties

# JMeter no longer converts javax.xxx property entries in this file into System properties.
# These must now be defined in the system.properties file or on the command-line.
# The system.properties file gives more flexibility.

# By default, SSL session contexts are now created per-thread, rather than being shared.
# The original behaviour can be enabled by setting the JMeter property:
#https.sessioncontext.shared=true

# Default HTTPS protocol level:
#https.default.protocol=TLS
# This may need to be changed here (or in user.properties) to:
#https.default.protocol=SSLv3

# List of protocols to enable. You may have to select only a subset if you find issues with target server.
# This is needed when server does not support Socket version negotiation, this can lead to:
# javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
# java.net.SocketException: Connection reset
# see https://issues.apache.org/bugzilla/show_bug.cgi?id=54759
#https.socket.protocols=SSLv2Hello SSLv3 TLSv1

# Control if we allow reuse of cached SSL context between iterations
# set the value to 'false' to reset the SSL context each iteration
#https.use.cached.ssl.context=true

Comment 2 Philippe Mouawad 2017-02-14 20:33:39 UTC

Bugzilla is not a support forum.
Please use user mailing list and have a look at:
http://stackoverflow.com/questions/27105004/what-means-javax-net-ssl-sslhandshakeexception-server-certificate-change-is-re

Comment 3 The ASF infrastructure team 2022-09-24 20:38:07 UTC

This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/4282