Bug 54759

Summary: SSLPeerUnverifiedException using HTTPS , property documented
Product: JMeter Reporter: Carlos Barragan <tractomula>
Component: HTTPAssignee: JMeter issues mailing list <issues>
Severity: normal CC: p.mouawad, tractomula
Priority: P2    
Version: 2.9   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Includes console output showing the handshake and the java.net.SocketException
Test showing failure with HttpClient
Test showing failure with Java API

Description Carlos Barragan 2013-03-28 04:27:32 UTC
Created attachment 30109 [details]
Includes console output showing the handshake and the java.net.SocketException

JMeter: 2.9r1437961
OS: Windows 7 64 bits
Java version: jdk1.7.0_17
Attach: Full debug information from java console (output.txt)

Already consulted https://issues.apache.org/bugzilla/show_bug.cgi?id=53922 but it says that it should not happen with Java 7. 

I created an HTTP request to https://clui.xstratacoal.com.au and found the following exception (worked with other secure sites): 

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
	at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
	at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:286)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:62)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1088)
	at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1077)
	at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:428)
	at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:256)
	at java.lang.Thread.run(Unknown Source)
Comment 1 Philippe Mouawad 2013-04-01 20:34:02 UTC
Created attachment 30132 [details]
Test showing failure with HttpClient
Comment 2 Philippe Mouawad 2013-04-01 20:34:22 UTC
Created attachment 30133 [details]
Test showing failure with Java API
Comment 3 Philippe Mouawad 2013-04-01 20:35:27 UTC
This is very strange, this website URL fails with :
- Java core API
- HTTPClient4 core API

with last jdk6 and last jdk7.
Comment 4 Philippe Mouawad 2013-04-14 15:08:57 UTC
For Java Impl add this to system.properties:

It will fix issue for Java Implementation.

So it seems the server only supports SSLv3, attempt to negotiate upwards from v2 to v3 seems not to be supported by server.

To fix it for HC family it seems we need to call this on SSL Socket:
- socket.setEnabledProtocols(new String[] { "SSLv3" });

We need to find a way to make this configurable.
Comment 5 Philippe Mouawad 2013-04-14 20:03:22 UTC
After further analysis, in fact property in jmeter.properties already exists and is named:
#https.socket.protocols=SSLv2Hello SSLv3 TLSv1

Setting it to this fixes issue

I will document this property.
Comment 6 Philippe Mouawad 2013-04-14 20:05:30 UTC
Date: Sun Apr 14 20:04:49 2013
New Revision: 1467823

URL: http://svn.apache.org/r1467823
Bug 54759 - SSLPeerUnverifiedException using HTTPS , property documented
Bugzilla Id: 54759