SSL fatal, handshake

Vividh S V

unread,

Sep 24, 2014, 2:12:06 PM9/24/14

to gat...@googlegroups.com

Hi,

I am trying to setup HTTPS request using custom keys which area made available to Gatling through gatling.conf.

#type = "" # Type of SSLContext's KeyManagers store

#file = "C:\Users\user\Downloads\Keystore.p12" # Location of SSLContext's KeyManagers store

#password = "synth" # Password for SSLContext's KeyManagers store

#algorithm = "" # Algorithm used SSLContext's KeyManagers store

}

How ever when I run the test, it fails due to Handshake error.

Could some help and point me to the right direction. At first i though it might be TLS version, hence i tried using both TLSv1 and TLS v1.2, but still the same issue.

Does Gatling support different TLS and SSL versions.

Regards,

Vividh

*** ServerHelloDone

*** Certificate chain

***

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2

New I/O worker #3, WRITE: TLSv1.2 Handshake, length = 320

SESSION KEYGEN:

PreMaster Secret:

0000: 03 03 03 E0 F6 AD 21 21 1D 20 45 A9 5D 5E 71 5A ......!!. E.]^qZ

0010: E2 A8 E6 02 96 A7 8F 37 B5 48 81 D5 59 8A 30 59 .......7.H..Y.0Y

0020: 2F B5 B4 60 20 8A 81 87 35 02 D2 0E 70 4E 85 2C /..` ...5...pN.,

CONNECTION KEYGEN:

Client Nonce:

0000: 54 23 07 1E 9F 71 82 0E 29 03 15 0C F4 2A BF 69 T#...q..)....*.i

0010: C5 8D FC E6 C5 99 F8 A7 23 81 10 85 C4 33 E5 7D ........#....3..

Server Nonce:

0000: 1A B4 48 E5 B9 9C B7 09 D4 73 F7 92 91 26 31 3C ..H......s...&1<

0010: EC 12 1D BC 84 FE 4F F5 AC 2B 85 74 4D B0 71 0E ......O..+.tM.q.

Master Secret:

0000: 90 AB 53 BC D0 46 67 69 65 05 EC 07 3B A9 BE 84 ..S..Fgie...;...

0010: A4 83 3E C4 3F 6A C4 2D 4B E0 CF 4F A3 7A 03 D2 ..>.?j.-K..O.z..

0020: 9E 31 E8 71 73 9C 37 20 28 95 AC 35 4D 63 9A 4C .1.qs.7 (..5Mc.L

Client MAC write Secret:

0000: 29 35 9F 1C 5B F5 D6 80 5A 4C D0 EE F7 8A E9 84 )5..[...ZL......

0010: 51 96 B1 0B 93 94 2A AD 95 BC 80 C8 86 1C 74 DB Q.....*.......t.

Server MAC write Secret:

0000: 0B CA C6 7D A1 29 86 F6 03 06 80 A4 8C 97 B4 06 .....)..........

0010: 4A 67 90 02 90 73 24 42 1F 4C 8C 9B 58 48 F2 A2 Jg...s$B.L..XH..

Client write key:

0000: BB 8B 32 47 36 6F 3F 4F 19 F8 DE 49 70 94 EF 4F ..2G6o?O...Ip..O

Server write key:

0000: CD 53 A3 04 FE 1C B2 20 45 7A B6 52 39 F6 CB FC .S..... Ez.R9...

... no IV derived for this protocol

New I/O worker #3, WRITE: TLSv1.2 Change Cipher Spec, length = 64

*** Finished

verify_data: { 175, 60, 206, 106, 41, 179, 52, 209, 164, 31, 75, 104 }

***

New I/O worker #3, WRITE: TLSv1.2 Handshake, length = 80

New I/O worker #3, READ: TLSv1.2 Alert, length = 64

New I/O worker #3, RECV TLSv1.2 ALERT: fatal, handshake_failure

New I/O worker #3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: R

eceived fatal alert: handshake_failure

New I/O worker #3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: R

eceived fatal alert: handshake_failure

New I/O worker #3, called closeOutbound()

New I/O worker #3, closeOutboundInternal()

New I/O worker #3, SEND TLSv1.2 ALERT: warning, description = close_notify

New I/O worker #3, WRITE: TLSv1.2 Alert, length = 64

New I/O worker #3, called closeInbound()

New I/O worker #3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: I

nbound closed before receiving peer's close_notify: possible truncation attack?

New I/O worker #3, called closeOutbound()

New I/O worker #3, closeOutboundInternal()

14:02:06.129 [DEBUG] i.g.h.a.AsyncHandler - Request 'AccountCreate' failed for user 839989

5679504266910-0

javax.net.ssl.SSLException: Received fatal alert: handshake_failure

at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.recvAlert(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:1.8.0_20]

at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:1.8.0_20]

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1285) ~[netty-3.9

.4.Final.jar:na]

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:917) ~[netty-3.9.

4.Final.jar:na]

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:4

25) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.j

ava:303) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChann

elUpstreamHandler.java:70) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipel

ine.java:564) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipel

ine.java:559) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [netty-

3.9.4.Final.jar:na]

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [netty-

3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [netty-3.9

.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.

java:108) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.

java:318) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java

:89) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [netty-3.9

.4.Final.jar:na]

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108

) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.jav

a:42) [netty-3.9.4.Final.jar:na]

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_20]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_20

]

at java.lang.Thread.run(Unknown Source) [na:1.8.0_20]

14:02:06.138 [WARN ] i.g.h.a.AsyncHandlerActor - Request 'AccountCreate' failed: javax.net

.ssl.SSLException: Received fatal alert: handshake_failure

14:02:06.143 [DEBUG] i.g.h.a.AsyncHandlerActor -

>>>>>>>>>>>>>>>>>>>>>>>>>>

Request:

AccountCreate: KO javax.net.ssl.SSLException: Received fatal alert: handshake_failure

Excilys

unread,

Sep 24, 2014, 2:19:57 PM9/24/14

to gat...@googlegroups.com

Did you properly remove the leading # in order to uncomment?

--
You received this message because you are subscribed to the Google Groups "Gatling User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Vividh S V

unread,

Sep 24, 2014, 3:14:05 PM9/24/14

to gat...@googlegroups.com

Thanks for the reply. Yes, that was uncommented.

Further down the log I could see

java.io.IOException: Invalid keystore format

at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)

at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)

at java.security.KeyStore.load(Unknown Source)

at io.gatling.http.util.SSLHelper$$anonfun$newKeyManagers$1.apply(SSLHelper.scala:53)

at io.gatling.http.util.SSLHelper$$anonfun$newKeyManagers$1.apply(SSLHelper.scala:50)

at io.gatling.core.util.IO$.withCloseable(IO.scala:154)

at io.gatling.http.util.SSLHelper$.newKeyManagers(SSLHelper.scala:50)

at io.gatling.http.ahc.HttpEngine$$anonfun$6.apply(HttpEngine.scala:180)

at scala.Option.map(Option.scala:145)

at io.gatling.http.ahc.HttpEngine.<init>(HttpEngine.scala:180)

at io.gatling.http.ahc.HttpEngine$.start(HttpEngine.scala:91)

at io.gatling.http.config.HttpProtocol.warmUp(HttpProtocol.scala:125)

at io.gatling.core.config.Protocols$$anonfun$warmUp$1.apply(Protocols.scala:43)

at scala.collection.Iterator$class.foreach(Iterator.scala:727)

at scala.collection.AbstractIterator.foreach(Iterator.scala:1157)

at scala.collection.MapLike$DefaultValuesIterable.foreach(MapLike.scala:206)

at io.gatling.core.config.Protocols.warmUp(Protocols.scala:43)

at io.gatling.core.structure.PopulatedScenarioBuilder.build(ScenarioBuilder.scala:86)

at io.gatling.core.scenario.Simulation$$anonfun$scenarios$3.apply(Simulation.scala:41)

at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:244)

at scala.collection.immutable.List.foreach(List.scala:318)

at scala.collection.TraversableLike$class.map(TraversableLike.scala:244)

at scala.collection.AbstractTraversable.map(Traversable.scala:105)

at io.gatling.core.scenario.Simulation.scenarios(Simulation.scala:41)

at io.gatling.core.controller.Controller$$anonfun$1.applyOrElse(Controller.scala:80)

at akka.actor.Actor$class.aroundReceive(Actor.scala:465)

at io.gatling.core.akka.BaseActor.aroundReceive(BaseActor.scala:23)

at akka.actor.ActorCell.receiveMessage(ActorCell.scala:516)

at akka.actor.ActorCell.invoke(ActorCell.scala:487)

at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:238)

at akka.dispatch.Mailbox.run(Mailbox.scala:220)

at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:393)

at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)

at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)

at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)

at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)

Hence I changed the Keystore type JKS for PKS12 and was able to resolve the above issue.

However now I get a different error listed below.

New I/O worker #3, fatal error: 46: General SSLEngine problem

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA256]

New I/O worker #3, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown

New I/O worker #3, WRITE: TLSv1.2 Alert, length = 2

New I/O worker #3, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: General SSLEngine problem

New I/O worker #3, called closeOutbound()

New I/O worker #3, closeOutboundInternal()

15:11:23.189 [DEBUG] i.g.h.a.AsyncHandler - Request 'AccountCreate' failed for user 2141150877656040733-0

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) ~[na:1.8.0_20]

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.8.0_20]

at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.8.0_20]

... 34 common frames omitted

Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe

t

at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[na:1.8.0_20]

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[na:1.8.0_20]

at sun.security.validator.Validator.validate(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[na:1.8.0_20]

... 28 common frames omitted

Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_20]

at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_20]

at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[na:1.8.0_20]

at org.jboss.netty.handler.ssl.ImmediateExecutor.execute(ImmediateExecutor.java:31) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1453) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1326) ~[netty-3.9.4.Final.jar:na]

... 18 common frames omitted

Wrapped by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[na:1.8.0_20]

at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:1.8.0_20]

at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:1.8.0_20]

at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1285) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:917) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:310) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) ~[netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [netty-3.9.4.Final.jar:na]

at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [netty-3.9.4.Final.jar:na]

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_20]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_20]

at java.lang.Thread.run(Unknown Source) [na:1.8.0_20]

15:11:23.206 [WARN ] i.g.h.a.AsyncHandlerActor - Request 'AccountCreate' failed: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

15:11:23.212 [DEBUG] i.g.h.a.AsyncHandlerActor -

Regards,

Vividh

On Wednesday, September 24, 2014 2:19:57 PM UTC-4, Stéphane Landelle wrote:

Did you properly remove the leading # in order to uncomment?

Le 24 sept. 2014 à 20:12, Vividh S V <vivi...@gmail.com> a écrit :

Hi,

I am trying to setup HTTPS request using custom keys which area made available to Gatling through gatling.conf.
#type = "" # Type of SSLContext's KeyManagers store
#file = "C:\Users\user\Downloads\Keystore.p12" # Location of SSLContext's KeyManagers store
#password = "synth" # Password for SSLContext's KeyManagers store
#algorithm = "" # Algorithm used SSLContext's KeyManagers store
}

However when I run the test, it fails due to Handshake error.

Vividh S V

unread,

Sep 24, 2014, 3:42:00 PM9/24/14

to gat...@googlegroups.com

After searching a bit, I understand

Wrapped by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe

Error is because I use self signed certificate and I need to update the CACERT file in the my JRE_HOME/lib directory.

I know that I can import the certificate into the JRE's certificate authority store, and that will allow Java to accept it. That's not an approach I want to take; it seems very invasive to do on all of our test machines.

And I also know Jmeter accepts self signed certs( as I am trying to moving Perfomance Test suite from Jmeter to Gatling) without the above step.

Can this be achieved in Gatling as well, where I don't have to import the certificate into the JRE's certificate authority store for self signed Keystore's...?

Regards,

Vividh

Stéphane Landelle

unread,

Sep 25, 2014, 4:32:00 AM9/25/14

to gat...@googlegroups.com

Hi,

Is there any way you can send me your key store and your config, please?

I guess the solution is to provide an option for using a lenient TrustStore instead of Java's default one, but I'd like to properly test it (and I'm a bit pressed atm).

SSL fatal, handshake_failure

Vividh S V

Excilys

Vividh S V

Vividh S V

Stéphane Landelle