Bug 62595 - SMTPSampler does not allow configuring the SSL/TLS protocols to be used on handshake
Summary: SMTPSampler does not allow configuring the SSL/TLS protocols to be used on ha...
Status: RESOLVED FIXED
Alias: None
Product: JMeter
Classification: Unclassified
Component: Main (show other bugs)
Version: 4.0
Hardware: All All
: P2 enhancement (vote)
Target Milestone: JMETER_5.0
Assignee: JMeter issues mailing list
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2018-08-03 05:06 UTC by Felipe Cuozzo
Modified: 2018-08-09 09:21 UTC (History)
2 users (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felipe Cuozzo 2018-08-03 05:06:22 UTC
Currently the logic on SendMailCommand#prepareMessage method does the following:


 if (useStartTLS || useSSL) {
    try {
      String allProtocols = StringUtils.join(                  
 SSLContext.getDefault().getSupportedSSLParameters().getProtocols(), " ");
       logger.info("Use ssl/tls protocols for mail: {}", allProtocols);
       props.setProperty("mail." + protocol + ".ssl.protocols", allProtocols);


The default SSLContext will return a list of all supported protocols for the current JRE, typically "SSLv2Hello TLSv1 TLSv1.1 TLSv1.2"

If for some reason the server does not accept the deprecated SSLv3 protocol (see https://tools.ietf.org/html/rfc7568) the handshake will fail.

This article describes how to disable SSLv3 (and the SSLv2Hello pseudo-protocol) 

http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html

Which can be done by setting the system property "jdk.tls.client.protocols" at startup time.

The bug arises because the code is getting the supported not the enabled protocols.

Expected behavior on the SSL/TLS handshake would be that the SMTPSampler only used the enabled protocols.

Because the system property changes the settings for the default SSLContext, I suggest that a new configuration field is added on the GUI panel for the SMTPSampler that allows to override the list of protocols so one can specifically set which protocols to be used for the handshake.
Comment 1 Felipe Cuozzo 2018-08-03 05:30:03 UTC
I've a proposed patch on https://github.com/fcuozzo/jmeter/commit/f7c27b90beb3decacbfc9b19b755954892e829c0
Comment 2 Philippe Mouawad 2018-08-04 18:47:18 UTC
Author: pmouawad
Date: Sat Aug  4 18:46:53 2018
New Revision: 1837445

URL: http://svn.apache.org/viewvc?rev=1837445&view=rev
Log:
Bug 62595 - SMTPSampler does not allow configuring the SSL/TLS protocols to be used on handshake

Contributed by Felipe Cuozzo
Bugzilla Id: 62595

Modified:
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties
    jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/gui/SecuritySettingsPanel.java
    jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/SendMailCommand.java
    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/usermanual/component_reference.xml
Comment 3 Philippe Mouawad 2018-08-04 18:48:41 UTC
Thanks for contributing.

This will be available in next JMeter 5.0.

Meanwhile if you can test nightly build after today and give us feedback it would be nice.
http://jmeter.apache.org/nightly.html
Thanks
Regards
Comment 4 Felipe Cuozzo 2018-08-06 02:22:16 UTC
Hi Phillipe,

Thank you for the fast turn-around here.

After testing the nightly build I realized I forgot to push a one line change to the SmtpSampler I had on my local repository.

Please see extra commit on https://github.com/fcuozzo/jmeter/commit/680f16dd1013d2bc5f1da2b4f1cf5a609e47a9e3

Without that the custom protocols don't actually get set into the SendEmailCommand so the new behavior does not work.

Thanks for the refactoring and changing to use StringUtils.isEmpty to check if the String was empty (my bad there, I should have checked what was the common pattern in the codebase, my previous logic had a NullPointerException bug lurking in there).

Thanks,
Felipe
Comment 5 Felix Schumacher 2018-08-09 09:21:20 UTC
Thanks for the followup.

Could you try the next nightly, if thinks work for you then?

Date: Thu Aug  9 09:19:43 2018
New Revision: 1837704

URL: http://svn.apache.org/viewvc?rev=1837704&view=rev
Log:
Bug 62595 - SMTPSampler does not allow configuring the SSL/TLS protocols to be used on handshake
    
Followup to r1837445. Missing the line to actually use the settings for sending mails. 
Contributed by Felipe Cuozzo

Bugzilla Id: 62595

Modified:
    jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/SmtpSampler.java