SSLHandshakeException occurs when requesting HTTPS POST

[sileeee]

1. Describe the bug 🐞

SSLHandshakeException occurred when requesting HTTPS POST. Even after updating ngrinder to the latest version, the error status remained. Our server does not support below TLS1.2, but request packet from HTTP Client exported from ngrinder seems to send a request to TLSv1 first. I would like to send a request by fixing the TLS version of HTTP Client to 1.2.

2. Reproduction steps

1. Prepare a server that supports only TLS1.2 or higher
2. Create a HTTPS POST test script.
3. Add java.lang.System.setProperty("https.protocols", "TLSv1.2"); to the script.
4. Run the test.
5. See error.

   2022-10-11 11:43:42,083 ERROR java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
   javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
       at org.apache.hc.core5.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:278)
       at org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:338)
       at org.apache.hc.core5.reactor.ssl.SSLIOSession.access$300(SSLIOSession.java:71)
       at org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:175)
       at org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:124)
       at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51)
       at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:179)
       at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:128)
       at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:85)
       at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)

3. Environment

• Controller
  • OS: ubuntu-18.04
  • Browser: Chrome 106.0.5249.119
  • JDK version: 11.0.16
  • Controller version: 3.5.6
• Agent
  • OS: ubuntu-18.04
  • JDK version: 11.0.16
  • Agent version: 3.5.6

4. Screenshots

[donggyu04]

@imbyungjun

How about support testing option for TLS version? It will be applied to ngrinder http client as below. https://www.baeldung.com/apache-httpclient-tls

Or .. make ngrinder httpclient only use TLS 1.2, 1.3

[imbyungjun]

If the protocol is HTTP/1.1, HTTP client will handle TLS with BasicClientTlsStrategy, and if the protocol is HTTP/2.0, HTTP client will handle TLS with H2ClientTlsStrategy. Both of them filters weak TLS protocol version TLSv1 and TLSv1.1 by using TLS.excludeWeak().

I don't understand that nGrinder HTTP client sends a request with TLSv1

[Newbie-HG]

same exception as this, how to fix it , please

[junoyoon]

@imbyungjun plz, check this.

[imbyungjun]

This error is not a bug or malfunction of nGrinder.

To handle this error, check this question for details. And also see these links.

• https://www.baeldung.com/java-ssl-handshake-failures#1-missing-server-certificate
• https://stackoverflow.com/questions/33048172/ssl-handshake-failed-java-1-8

Simply, the first thing you can do is upgrade your JDK. And the next thing is add your server's cert to client's trust store.