Bug 57935 - SSL SNI extension not supported by HttpClient 4.2.6
Summary: SSL SNI extension not supported by HttpClient 4.2.6
Status: RESOLVED FIXED
Alias: None
Product: JMeter - Now in Github
Classification: Unclassified
Component: HTTP (show other bugs)
Version: 2.13
Hardware: PC Linux
: P2 major with 1 vote (vote)
Target Milestone: ---
Assignee: JMeter issues mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-19 07:25 UTC by Jerome
Modified: 2016-02-23 18:46 UTC (History)
2 users (show)


Attachments
JMX to reproduce the issue (4.78 KB, application/xml)
2015-05-19 07:25 UTC, Jerome 		Details
Test plan to reproduce issue (4.75 KB, application/xml)
2015-12-23 13:31 UTC, Philippe Mouawad 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jerome 2015-05-19 07:25:23 UTC 
Created attachment 32743 [details]
JMX to reproduce the issue

I was undergoing tests on our AWS platform and JMeter was failing to query HTTPS CloudFront urls. The following exception happens when executing an HTTP Sampler with HC4 implementation:

> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2011)
>	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1113)
>	at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
...

After investigating more about this issue, i found out the bug is related to the Server Name Extension.

HTTPClient 4.2.x sends the following handshake:

> Thread Group 1-1, WRITE: TLSv1.2 Handshake, length = 207
> Thread Group 1-1, READ: TLSv1.2 Alert, length = 2
> Thread Group 1-1, RECV TLSv1.2 ALERT:  fatal, handshake_failure
> Thread Group 1-1, called closeSocket()
> Thread Group 1-1, handling exception: javax.net.ssl.SSLHandshakeException: > Received fatal alert: handshake_failure

HTTPClient 3.1 which works fine, it sends the following handshake:

> Extension server_name, server_name: [type=host_name (0), > value=d1lto7any9tcj3.cloudfront.net]
> ***
> Thread Group 1-1, WRITE: TLSv1.2 Handshake, length = 245
> Thread Group 1-1, READ: TLSv1.2 Handshake, length = 61
> *** ServerHello, TLSv1.2

The current version of JMeter's HttpClient (4.2.6) has a major SSL issue, it does not support SSL Server Name Extension (SNI):
https://issues.apache.org/jira/browse/HTTPCLIENT-1119

As HTTPClient 3.1 will be discontinued and usage is discouraged, we should upgrade HTTPClient to the latest version to benefit bug fixes and improvements.
Comment 1 William L 2015-06-12 05:23:25 UTC 
+1 for this issue.

This is also related to #57319.

When trying to verify SNI handling behaviours in a proxy it would be better to be able to use supported versions than something that is approaching EOL.
Comment 2 Philippe Mouawad 2015-12-23 13:31:04 UTC 
Created attachment 33372 [details]
Test plan to reproduce issue
Comment 3 Philippe Mouawad 2016-02-17 10:55:58 UTC 
Author: 	pmouawad
Date: 	Wed Feb 17 10:47:40 2016 UTC (4 minutes, 21 seconds ago)
New revision : 1730810

URL : http://svn.apache.org/viewvc?view=revision&revision=1730810
Changed paths: 	3
Log Message: 	

Bug 57935 - SSL SNI extension not supported by HttpClient 4.2.6
Bugzilla Id: 57935

Added:
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/sampler/JMeterClientConnectionOperator.java

Modified:
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/sampler/MeasuringConnectionManager.java
jmeter/trunk/xdocs/changes.xml
Comment 4 Philippe Mouawad 2016-02-17 10:58:28 UTC 
Hi reporter, commenters,
issue is fixed in nightly build (available tomorrow), your feedback is welcome.
Thanks
Comment 5 Jerome 2016-02-23 18:46:12 UTC 
Hi Philippe,

Thanks for the fix, i tested Build #4986 and it works fine.

Best regards,
Jerome Loisel
Comment 6 The ASF infrastructure team 2022-09-24 20:37:59 UTC 
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/3595