rabbitmq / rabbitmq-perf-test

A load testing tool
https://www.rabbitmq.com/java-tools.html
Other
366 stars 110 forks source link

Make it possible to configure Elliptic Curve cipher suites for TLS connections #748

Open jonasbadstuebner opened 1 month ago

jonasbadstuebner commented 1 month ago

Is your feature request related to a problem? Please describe.

We ran into an issue when using perf-test with a RabbitMQ-Cluster that uses ECDSA TLS certificates. As far as we found out, only RSA is supported by perf-test, not ECDSA, even though the Java lib in use has support for it somehow.

Describe the solution you'd like

Support any of these cipher suites: https://www.rabbitmq.com/docs/ssl#evaluation-of-a-tls-12-setup-with-restricted-cipher-suites

I didn't look in the code and did not find the default values for the ciphers, maybe they can all be added explicitly or something?

Describe alternatives you've considered

Changing to RSA works.

Additional context

No response

jonasbadstuebner commented 1 month ago

The error message was no_suitable_signature_algorithm

michaelklishin commented 1 month ago

Unfortunately, it is comically difficult to find definitive documentation on how to enable ECC cipher suites.

Once that is figured out, doing it on the PerfTest side should not take much effort and anyone (well, anyone willing to work in Java I guess) should be able to contribute it.

michaelklishin commented 1 month ago

This relatively old article can still be quite relevant.

acogoluegnes commented 1 month ago

You should be able to set TLS-related system properties from the command line. This configures the default SSLContext and PerfTest should use it automatically because it detects TLS system properties have been set.

If there is no way to configure this from the command line with system properties, we can consider a PR that adds a new PertTest command line argument and uses it to programmatically configure the SSLContext.