Unable to run TCPProxy with user defined Java keystore

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Unable to run TCPProxy with user defined Java keystore

alfinhaji
We have hit an issue while attempting to take a recording with TCPProxy for a new application we are testing.  Using the default certs (built-in) with TCPProxy, we are presenting with the warning dialog from the browser.  However, after adding the security exception we get a blank page returned with the browser URL line in red with Certificate error highlighted.  When we turn off the proxy, we can hit this page fine and it renders with no issue.

So we went down the path of exporting the certificate for the page from both IE and Firefox, using the keytool.exe utility to generate a keystore, and then specifying this keystore before launching the TCPProxy.  Below are the steps we follow:

1.  Exported the certificate as type X.509 Certificate (PEM) (*.crt) in Firefox
2.  Run the keytool.exe (JRE 1.7.0.45):
"C:\Program Files\Java\jre7\bin\keytool.exe" -import -keystore mapsKeystore -file appCert.crt -alias mapClient

NOTE:  We also tried these steps with JRE 1.6.0.45, same results.

3.  When launching TCPProxy, we specify the above keystore:
java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore mapsKeystore -keyStorePassword ****** -console

NOTE:  We also looked at this article but didn't feel it was applicable since we are a client, not a server, with a valid certificate from the website exported from Firefox:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html


Following error is output to the console when launching TCPProxy and attempting to launch the page in a browser pointing to the Proxy port:

14:52:41.987 [main] INFO : Initialising as an HTTP/HTTPS proxy with the parameters:
   Request filters:    EchoFilter
   Response filters:   EchoFilter
   Local address:      localhost:8001
   Key store:          C:\Development\Scripts\certs\mapsKeystore
   Key store password: ******
14:52:42.540 [main] INFO : Engine initialised, listening on port 8001
14:53:02.721 [Filter thread for 127.0.0.1:60610->maps.qa.companyName.com:443] ERROR: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
14:53:02.750 [Filter thread for 127.0.0.1:60613->maps.qa.companyName.com:443] ERROR: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
14:53:02.801 [Filter thread for 127.0.0.1:60616->maps.qa.companyName.com:443] ERROR: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
14:53:02.842 [Filter thread for 127.0.0.1:60619->maps.qa.companyName.com:443] ERROR: Remote host closed connection during handshake
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
        ... 7 common frames omitted
14:53:02.947 [Filter thread for 127.0.0.1:60622->maps.qa.companyName.com:443] ERROR: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
14:53:02.977 [Filter thread for 127.0.0.1:60625->maps.qa.companyName.com:443] ERROR: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
14:53:03.003 [Filter thread for 127.0.0.1:60628->maps.qa.companyName.com:443] ERROR: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
14:53:03.021 [Filter thread for 127.0.0.1:60631->maps.qa.companyName.com:443] ERROR: Remote host closed connection during handshake
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
        ... 7 common frames omitted



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to run TCPProxy with user defined Java keystore

Philip Aston-2
You seem to have a pretty clear trace there:

    "javax.net.ssl.SSLHandshakeException: no cipher suites in common "

Your JDK and maps.qa.companyName.com do not have a common cipher suite.

The Grinder enables all cipher suites available to the JDK. You may be
able to reconfigure maps.qa.companyName.com to support other cipher suites.

- Phil

On 09/05/14 19:40, alfinhaji wrote:

> We have hit an issue while attempting to take a recording with TCPProxy for a
> new application we are testing.  Using the default certs (built-in) with
> TCPProxy, we are presenting with the warning dialog from the browser.
> However, after adding the security exception we get a blank page returned
> with the browser URL line in red with Certificate error highlighted.  When
> we turn off the proxy, we can hit this page fine and it renders with no
> issue.
>
> So we went down the path of exporting the certificate for the page from both
> IE and Firefox, using the keytool.exe utility to generate a keystore, and
> then specifying this keystore before launching the TCPProxy.  Below are the
> steps we follow:
>
> 1.  Exported the certificate as type X.509 Certificate (PEM) (*.crt) in
> Firefox
> 2.  Run the keytool.exe (JRE 1.7.0.45):
> "C:\Program Files\Java\jre7\bin\keytool.exe" -import -keystore mapsKeystore
> -file appCert.crt -alias mapClient
>
> NOTE:  We also tried these steps with JRE 1.6.0.45, same results.
>
> 3.  When launching TCPProxy, we specify the above keystore:
> java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore mapsKeystore
> -keyStorePassword ****** -console
>
> NOTE:  We also looked at this article but didn't feel it was applicable
> since we are a client, not a server, with a valid certificate from the
> website exported from Firefox:
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html
>
>
> Following error is output to the console when launching TCPProxy and
> attempting to launch the page in a browser pointing to the Proxy port:
>
> 14:52:41.987 [main] INFO : Initialising as an HTTP/HTTPS proxy with the
> parameters:
>    Request filters:    EchoFilter
>    Response filters:   EchoFilter
>    Local address:      localhost:8001
>    Key store:          C:\Development\Scripts\certs\mapsKeystore
>    Key store password: ******
> 14:52:42.540 [main] INFO : Engine initialised, listening on port 8001
> 14:53:02.721 [Filter thread for
> 127.0.0.1:60610->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.750 [Filter thread for
> 127.0.0.1:60613->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.801 [Filter thread for
> 127.0.0.1:60616->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.842 [Filter thread for
> 127.0.0.1:60619->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
> 14:53:02.947 [Filter thread for
> 127.0.0.1:60622->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.977 [Filter thread for
> 127.0.0.1:60625->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.003 [Filter thread for
> 127.0.0.1:60628->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.021 [Filter thread for
> 127.0.0.1:60631->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
>
>
>
>


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to run TCPProxy with user defined Java keystore

alfinhaji
Thanks for the response Phil.  Maybe I should take it a step back.  When we turn on TCPProxy without using a keystore (using the default Grinder certificates) this is the error we get back from the browser (see screenshot attached).

The error thrown in the CLI where TCPProxy is running is as follows:


10:16:58.049 [Filter thread for 127.0.0.1:55367->maps.qa.mycompany.ca:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:19:49.527 [Filter thread for 127.0.0.1:55433->aus3.mozilla.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:21:49.446 [Filter thread for 127.0.0.1:55474->easylist-downloads.adblockplus.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]


On Tue, May 13, 2014 at 2:35 AM, Philip Aston <[hidden email]> wrote:
You seem to have a pretty clear trace there:

    "javax.net.ssl.SSLHandshakeException: no cipher suites in common "

Your JDK and maps.qa.companyName.com do not have a common cipher suite.

The Grinder enables all cipher suites available to the JDK. You may be
able to reconfigure maps.qa.companyName.com to support other cipher suites.

- Phil

On 09/05/14 19:40, alfinhaji wrote:
> We have hit an issue while attempting to take a recording with TCPProxy for a
> new application we are testing.  Using the default certs (built-in) with
> TCPProxy, we are presenting with the warning dialog from the browser.
> However, after adding the security exception we get a blank page returned
> with the browser URL line in red with Certificate error highlighted.  When
> we turn off the proxy, we can hit this page fine and it renders with no
> issue.
>
> So we went down the path of exporting the certificate for the page from both
> IE and Firefox, using the keytool.exe utility to generate a keystore, and
> then specifying this keystore before launching the TCPProxy.  Below are the
> steps we follow:
>
> 1.  Exported the certificate as type X.509 Certificate (PEM) (*.crt) in
> Firefox
> 2.  Run the keytool.exe (JRE 1.7.0.45):
> "C:\Program Files\Java\jre7\bin\keytool.exe" -import -keystore mapsKeystore
> -file appCert.crt -alias mapClient
>
> NOTE:  We also tried these steps with JRE 1.6.0.45, same results.
>
> 3.  When launching TCPProxy, we specify the above keystore:
> java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore mapsKeystore
> -keyStorePassword ****** -console
>
> NOTE:  We also looked at this article but didn't feel it was applicable
> since we are a client, not a server, with a valid certificate from the
> website exported from Firefox:
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html
>
>
> Following error is output to the console when launching TCPProxy and
> attempting to launch the page in a browser pointing to the Proxy port:
>
> 14:52:41.987 [main] INFO : Initialising as an HTTP/HTTPS proxy with the
> parameters:
>    Request filters:    EchoFilter
>    Response filters:   EchoFilter
>    Local address:      localhost:8001
>    Key store:          C:\Development\Scripts\certs\mapsKeystore
>    Key store password: ******
> 14:52:42.540 [main] INFO : Engine initialised, listening on port 8001
> 14:53:02.721 [Filter thread for
> 127.0.0.1:60610->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.750 [Filter thread for
> 127.0.0.1:60613->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.801 [Filter thread for
> 127.0.0.1:60616->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.842 [Filter thread for
> 127.0.0.1:60619->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
> 14:53:02.947 [Filter thread for
> 127.0.0.1:60622->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.977 [Filter thread for
> 127.0.0.1:60625->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.003 [Filter thread for
> 127.0.0.1:60628->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.021 [Filter thread for
> 127.0.0.1:60631->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
>
>
>
>


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use

cert_error_mapping.jpg (40K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to run TCPProxy with user defined Java keystore

Philip Aston-2
OK - that's expected. See http://grinder.sourceforge.net/g3/tcpproxy.html#ssl

Most users simply tell the browser to ignore the error, but it doesn't look like FF is presenting the option. I don't understand why the warning dialog is missing its "I understand the risks / Add exception" option. In the past, I'm sure I've also seen this missing. Anyone know why FF and Chrome have the "Add exception" option for some sites, but not others?

- Phil

On 13/05/14 15:29, alfinhaji . wrote:
Thanks for the response Phil.  Maybe I should take it a step back.  When we turn on TCPProxy without using a keystore (using the default Grinder certificates) this is the error we get back from the browser (see screenshot attached).

The error thrown in the CLI where TCPProxy is running is as follows:


10:16:58.049 [Filter thread for 127.0.0.1:55367->maps.qa.mycompany.ca:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:19:49.527 [Filter thread for 127.0.0.1:55433->aus3.mozilla.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:21:49.446 [Filter thread for 127.0.0.1:55474->easylist-downloads.adblockplus.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]


On Tue, May 13, 2014 at 2:35 AM, Philip Aston <[hidden email]> wrote:
You seem to have a pretty clear trace there:

    "javax.net.ssl.SSLHandshakeException: no cipher suites in common "

Your JDK and maps.qa.companyName.com do not have a common cipher suite.

The Grinder enables all cipher suites available to the JDK. You may be
able to reconfigure maps.qa.companyName.com to support other cipher suites.

- Phil

On 09/05/14 19:40, alfinhaji wrote:
> We have hit an issue while attempting to take a recording with TCPProxy for a
> new application we are testing.  Using the default certs (built-in) with
> TCPProxy, we are presenting with the warning dialog from the browser.
> However, after adding the security exception we get a blank page returned
> with the browser URL line in red with Certificate error highlighted.  When
> we turn off the proxy, we can hit this page fine and it renders with no
> issue.
>
> So we went down the path of exporting the certificate for the page from both
> IE and Firefox, using the keytool.exe utility to generate a keystore, and
> then specifying this keystore before launching the TCPProxy.  Below are the
> steps we follow:
>
> 1.  Exported the certificate as type X.509 Certificate (PEM) (*.crt) in
> Firefox
> 2.  Run the keytool.exe (JRE 1.7.0.45):
> "C:\Program Files\Java\jre7\bin\keytool.exe" -import -keystore mapsKeystore
> -file appCert.crt -alias mapClient
>
> NOTE:  We also tried these steps with JRE 1.6.0.45, same results.
>
> 3.  When launching TCPProxy, we specify the above keystore:
> java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore mapsKeystore
> -keyStorePassword ****** -console
>
> NOTE:  We also looked at this article but didn't feel it was applicable
> since we are a client, not a server, with a valid certificate from the
> website exported from Firefox:
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html
>
>
> Following error is output to the console when launching TCPProxy and
> attempting to launch the page in a browser pointing to the Proxy port:
>
> 14:52:41.987 [main] INFO : Initialising as an HTTP/HTTPS proxy with the
> parameters:
>    Request filters:    EchoFilter
>    Response filters:   EchoFilter
>    Local address:      localhost:8001
>    Key store:          C:\Development\Scripts\certs\mapsKeystore
>    Key store password: ******
> 14:52:42.540 [main] INFO : Engine initialised, listening on port 8001
> 14:53:02.721 [Filter thread for
> 127.0.0.1:60610->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.750 [Filter thread for
> 127.0.0.1:60613->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.801 [Filter thread for
> 127.0.0.1:60616->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.842 [Filter thread for
> 127.0.0.1:60619->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
> 14:53:02.947 [Filter thread for
> 127.0.0.1:60622->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.977 [Filter thread for
> 127.0.0.1:60625->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.003 [Filter thread for
> 127.0.0.1:60628->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.021 [Filter thread for
> 127.0.0.1:60631->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
>
>
>
>


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to run TCPProxy with user defined Java keystore

Ouray Viney
Hi Phil,

A very important piece of this problem is also that we tried downgrading Firefox to a version that would allow us to override this however when doing so and testing we noticed that when the browser was trying to get the certificate grinder was throwing exceptions about "unable to determine proxies destination"

When time permits I'll get you the stack trace sounds like we may have about there?

Ouray

On May 13, 2014, at 2:22 PM, Philip Aston <[hidden email]> wrote:

OK - that's expected. See http://grinder.sourceforge.net/g3/tcpproxy.html#ssl

Most users simply tell the browser to ignore the error, but it doesn't look like FF is presenting the option. I don't understand why the warning dialog is missing its "I understand the risks / Add exception" option. In the past, I'm sure I've also seen this missing. Anyone know why FF and Chrome have the "Add exception" option for some sites, but not others?

- Phil

On 13/05/14 15:29, alfinhaji . wrote:
Thanks for the response Phil.  Maybe I should take it a step back.  When we turn on TCPProxy without using a keystore (using the default Grinder certificates) this is the error we get back from the browser (see screenshot attached).

The error thrown in the CLI where TCPProxy is running is as follows:


10:16:58.049 [Filter thread for 127.0.0.1:55367->maps.qa.mycompany.ca:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:19:49.527 [Filter thread for 127.0.0.1:55433->aus3.mozilla.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:21:49.446 [Filter thread for 127.0.0.1:55474->easylist-downloads.adblockplus.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]


On Tue, May 13, 2014 at 2:35 AM, Philip Aston <[hidden email]> wrote:
You seem to have a pretty clear trace there:

    "javax.net.ssl.SSLHandshakeException: no cipher suites in common "

Your JDK and maps.qa.companyName.com do not have a common cipher suite.

The Grinder enables all cipher suites available to the JDK. You may be
able to reconfigure maps.qa.companyName.com to support other cipher suites.

- Phil

On 09/05/14 19:40, alfinhaji wrote:
> We have hit an issue while attempting to take a recording with TCPProxy for a
> new application we are testing.  Using the default certs (built-in) with
> TCPProxy, we are presenting with the warning dialog from the browser.
> However, after adding the security exception we get a blank page returned
> with the browser URL line in red with Certificate error highlighted.  When
> we turn off the proxy, we can hit this page fine and it renders with no
> issue.
>
> So we went down the path of exporting the certificate for the page from both
> IE and Firefox, using the keytool.exe utility to generate a keystore, and
> then specifying this keystore before launching the TCPProxy.  Below are the
> steps we follow:
>
> 1.  Exported the certificate as type X.509 Certificate (PEM) (*.crt) in
> Firefox
> 2.  Run the keytool.exe (JRE 1.7.0.45):
> "C:\Program Files\Java\jre7\bin\keytool.exe" -import -keystore mapsKeystore
> -file appCert.crt -alias mapClient
>
> NOTE:  We also tried these steps with JRE 1.6.0.45, same results.
>
> 3.  When launching TCPProxy, we specify the above keystore:
> java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore mapsKeystore
> -keyStorePassword ****** -console
>
> NOTE:  We also looked at this article but didn't feel it was applicable
> since we are a client, not a server, with a valid certificate from the
> website exported from Firefox:
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html
>
>
> Following error is output to the console when launching TCPProxy and
> attempting to launch the page in a browser pointing to the Proxy port:
>
> 14:52:41.987 [main] INFO : Initialising as an HTTP/HTTPS proxy with the
> parameters:
>    Request filters:    EchoFilter
>    Response filters:   EchoFilter
>    Local address:      localhost:8001
>    Key store:          C:\Development\Scripts\certs\mapsKeystore
>    Key store password: ******
> 14:52:42.540 [main] INFO : Engine initialised, listening on port 8001
> 14:53:02.721 [Filter thread for
> 127.0.0.1:60610->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.750 [Filter thread for
> 127.0.0.1:60613->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.801 [Filter thread for
> 127.0.0.1:60616->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.842 [Filter thread for
> 127.0.0.1:60619->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
> 14:53:02.947 [Filter thread for
> 127.0.0.1:60622->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.977 [Filter thread for
> 127.0.0.1:60625->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.003 [Filter thread for
> 127.0.0.1:60628->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.021 [Filter thread for
> 127.0.0.1:60631->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
>
>
>
>

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to run TCPProxy with user defined Java keystore

alfinhaji
Hi all,

We found a resolution to this issue with the application we are testing.  We have been troubleshooting this for almost a week and did quite a few steps but I will try to summarize as much as I can to share with the community, in case someone else hits this issue.

The site we were testing had an embedded iframe that was making a call out to an HTTPS endpoint using an AJAX call via javascript.  This endpoint was further making a call out to another HTTPS endpoint.  The self-signed cert that Grinder was issuing was causing the following error to be thrown in developer tools of Chrome:  net::ERR_INSECURE_RESPONSE.  As a result, all the content in that iframe was blank and not being rendered (IE was throwing a content blocked error).  IE developer tools was also throwing an error in developer tools that indicated the content was in mixed security format (HTTP and HTTPS) - SEC7111 "HTTPS security is compromised by [name of resource]".

Now since all traffic needs to go through a local proxy (TCPProxy), and since some of that traffic was secured, TCPProxy had to do a MITM in order to decrypt the secure traffic. However, since TCPProxy had an untrusted cert with hostnames not matching those endpoints that our app was calling out to, the browser generated an error. 

Resolution: We created a self-signed cert using keytool.exe and we added the sites/endpoints we was testing in the Subject Alternative Name section of the certificate. We then added the new certificate to the browser’s trust store:

1.  Create certificate using keytool.exe and add the sites/endpoints you are testing that are blocking content from being shown in browser.  Example below:
 
keytool -genkeypair -keystore keystore -dname "CN=test, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -storepass password -keyalg RSA -alias self-signed-cert –ext SAN=dns:<domain1>,dns:<domain2>

 

You can add as many SANs as you want. Delimit them with “:” and if you are adding a DNS name, start with dns:

2.  Launch tcpproxy with the keystore generated above:
java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore <path to above keystore> -keyStorePassword password -console -http > script.py

3.  Point your browser to the proxy, you will get a certificate error.  IE for some reason didn't allow us to export the certificate, so we used Chrome.  Export in base64 format. 

4.  Then in IE, imported the certificate to the trust store:
Internet Options > Content > Certificates > Trusted Root Certification Authorities > Import
Browse to the exported certificate from step 3 above and import.

5.  Restart the browser and navigate to the app.  Your certificate should now be valid and content that was blocked should now be visible since the domains that were blocking the content are valid for the certificate provided (from step 1).

Hope this helps someone else in the community.

Alfin.







On Tue, May 13, 2014 at 3:13 PM, Ouray Viney <[hidden email]> wrote:
Hi Phil,

A very important piece of this problem is also that we tried downgrading Firefox to a version that would allow us to override this however when doing so and testing we noticed that when the browser was trying to get the certificate grinder was throwing exceptions about "unable to determine proxies destination"

When time permits I'll get you the stack trace sounds like we may have about there?

Ouray

On May 13, 2014, at 2:22 PM, Philip Aston <[hidden email]> wrote:

OK - that's expected. See http://grinder.sourceforge.net/g3/tcpproxy.html#ssl

Most users simply tell the browser to ignore the error, but it doesn't look like FF is presenting the option. I don't understand why the warning dialog is missing its "I understand the risks / Add exception" option. In the past, I'm sure I've also seen this missing. Anyone know why FF and Chrome have the "Add exception" option for some sites, but not others?

- Phil

On 13/05/14 15:29, alfinhaji . wrote:
Thanks for the response Phil.  Maybe I should take it a step back.  When we turn on TCPProxy without using a keystore (using the default Grinder certificates) this is the error we get back from the browser (see screenshot attached).

The error thrown in the CLI where TCPProxy is running is as follows:


10:16:58.049 [Filter thread for 127.0.0.1:55367->maps.qa.mycompany.ca:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:19:49.527 [Filter thread for 127.0.0.1:55433->aus3.mozilla.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:21:49.446 [Filter thread for 127.0.0.1:55474->easylist-downloads.adblockplus.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]


On Tue, May 13, 2014 at 2:35 AM, Philip Aston <[hidden email]> wrote:
You seem to have a pretty clear trace there:

    "javax.net.ssl.SSLHandshakeException: no cipher suites in common "

Your JDK and maps.qa.companyName.com do not have a common cipher suite.

The Grinder enables all cipher suites available to the JDK. You may be
able to reconfigure maps.qa.companyName.com to support other cipher suites.

- Phil

On 09/05/14 19:40, alfinhaji wrote:
> We have hit an issue while attempting to take a recording with TCPProxy for a
> new application we are testing.  Using the default certs (built-in) with
> TCPProxy, we are presenting with the warning dialog from the browser.
> However, after adding the security exception we get a blank page returned
> with the browser URL line in red with Certificate error highlighted.  When
> we turn off the proxy, we can hit this page fine and it renders with no
> issue.
>
> So we went down the path of exporting the certificate for the page from both
> IE and Firefox, using the keytool.exe utility to generate a keystore, and
> then specifying this keystore before launching the TCPProxy.  Below are the
> steps we follow:
>
> 1.  Exported the certificate as type X.509 Certificate (PEM) (*.crt) in
> Firefox
> 2.  Run the keytool.exe (JRE 1.7.0.45):
> "C:\Program Files\Java\jre7\bin\keytool.exe" -import -keystore mapsKeystore
> -file appCert.crt -alias mapClient
>
> NOTE:  We also tried these steps with JRE 1.6.0.45, same results.
>
> 3.  When launching TCPProxy, we specify the above keystore:
> java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore mapsKeystore
> -keyStorePassword ****** -console
>
> NOTE:  We also looked at this article but didn't feel it was applicable
> since we are a client, not a server, with a valid certificate from the
> website exported from Firefox:
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html
>
>
> Following error is output to the console when launching TCPProxy and
> attempting to launch the page in a browser pointing to the Proxy port:
>
> 14:52:41.987 [main] INFO : Initialising as an HTTP/HTTPS proxy with the
> parameters:
>    Request filters:    EchoFilter
>    Response filters:   EchoFilter
>    Local address:      localhost:8001
>    Key store:          C:\Development\Scripts\certs\mapsKeystore
>    Key store password: ******
> 14:52:42.540 [main] INFO : Engine initialised, listening on port 8001
> 14:53:02.721 [Filter thread for
> 127.0.0.1:60610->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.750 [Filter thread for
> 127.0.0.1:60613->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.801 [Filter thread for
> 127.0.0.1:60616->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.842 [Filter thread for
> 127.0.0.1:60619->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
> 14:53:02.947 [Filter thread for
> 127.0.0.1:60622->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.977 [Filter thread for
> 127.0.0.1:60625->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.003 [Filter thread for
> 127.0.0.1:60628->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.021 [Filter thread for
> 127.0.0.1:60631->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
>
>
>
>

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use



------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to run TCPProxy with user defined Java keystore

Philip Aston-2
Good work Alfin!

I'll add your notes to the docs.

- Phil



On 14/05/14 16:24, alfinhaji . wrote:
Hi all,

We found a resolution to this issue with the application we are testing.  We have been troubleshooting this for almost a week and did quite a few steps but I will try to summarize as much as I can to share with the community, in case someone else hits this issue.

The site we were testing had an embedded iframe that was making a call out to an HTTPS endpoint using an AJAX call via javascript.  This endpoint was further making a call out to another HTTPS endpoint.  The self-signed cert that Grinder was issuing was causing the following error to be thrown in developer tools of Chrome:  <a class="moz-txt-link-freetext" href="net::ERR_INSECURE_RESPONSE">net::ERR_INSECURE_RESPONSE.  As a result, all the content in that iframe was blank and not being rendered (IE was throwing a content blocked error).  IE developer tools was also throwing an error in developer tools that indicated the content was in mixed security format (HTTP and HTTPS) - SEC7111 "HTTPS security is compromised by [name of resource]".

Now since all traffic needs to go through a local proxy (TCPProxy), and since some of that traffic was secured, TCPProxy had to do a MITM in order to decrypt the secure traffic. However, since TCPProxy had an untrusted cert with hostnames not matching those endpoints that our app was calling out to, the browser generated an error. 

Resolution: We created a self-signed cert using keytool.exe and we added the sites/endpoints we was testing in the Subject Alternative Name section of the certificate. We then added the new certificate to the browser’s trust store:

1.  Create certificate using keytool.exe and add the sites/endpoints you are testing that are blocking content from being shown in browser.  Example below:
 
keytool -genkeypair -keystore keystore -dname "CN=test, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -storepass password -keyalg RSA -alias self-signed-cert –ext SAN=dns:<domain1>,dns:<domain2>

 

You can add as many SANs as you want. Delimit them with “:” and if you are adding a DNS name, start with dns:

2.  Launch tcpproxy with the keystore generated above:
java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore <path to above keystore> -keyStorePassword password -console -http > script.py

3.  Point your browser to the proxy, you will get a certificate error.  IE for some reason didn't allow us to export the certificate, so we used Chrome.  Export in base64 format. 

4.  Then in IE, imported the certificate to the trust store:
Internet Options > Content > Certificates > Trusted Root Certification Authorities > Import
Browse to the exported certificate from step 3 above and import.

5.  Restart the browser and navigate to the app.  Your certificate should now be valid and content that was blocked should now be visible since the domains that were blocking the content are valid for the certificate provided (from step 1).

Hope this helps someone else in the community.

Alfin.







On Tue, May 13, 2014 at 3:13 PM, Ouray Viney <[hidden email]> wrote:
Hi Phil,

A very important piece of this problem is also that we tried downgrading Firefox to a version that would allow us to override this however when doing so and testing we noticed that when the browser was trying to get the certificate grinder was throwing exceptions about "unable to determine proxies destination"

When time permits I'll get you the stack trace sounds like we may have about there?

Ouray

On May 13, 2014, at 2:22 PM, Philip Aston <[hidden email]> wrote:

OK - that's expected. See http://grinder.sourceforge.net/g3/tcpproxy.html#ssl

Most users simply tell the browser to ignore the error, but it doesn't look like FF is presenting the option. I don't understand why the warning dialog is missing its "I understand the risks / Add exception" option. In the past, I'm sure I've also seen this missing. Anyone know why FF and Chrome have the "Add exception" option for some sites, but not others?

- Phil

On 13/05/14 15:29, alfinhaji . wrote:
Thanks for the response Phil.  Maybe I should take it a step back.  When we turn on TCPProxy without using a keystore (using the default Grinder certificates) this is the error we get back from the browser (see screenshot attached).

The error thrown in the CLI where TCPProxy is running is as follows:


10:16:58.049 [Filter thread for 127.0.0.1:55367->maps.qa.mycompany.ca:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:19:49.527 [Filter thread for 127.0.0.1:55433->aus3.mozilla.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]
        at net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431) ~[grinder-http-3.11.jar:na]
        at net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58) [grinder-core-3.11.jar:na]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
10:21:49.446 [Filter thread for 127.0.0.1:55474->easylist-downloads.adblockplus.org:443] ERROR: Received fatal alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) ~[na:1.7.0_45]
        at sun.security.ssl.AppInputStream.read(Unknown Source) ~[na:1.7.0_45]


On Tue, May 13, 2014 at 2:35 AM, Philip Aston <[hidden email]> wrote:
You seem to have a pretty clear trace there:

    "javax.net.ssl.SSLHandshakeException: no cipher suites in common "

Your JDK and maps.qa.companyName.com do not have a common cipher suite.

The Grinder enables all cipher suites available to the JDK. You may be
able to reconfigure maps.qa.companyName.com to support other cipher suites.

- Phil

On 09/05/14 19:40, alfinhaji wrote:
> We have hit an issue while attempting to take a recording with TCPProxy for a
> new application we are testing.  Using the default certs (built-in) with
> TCPProxy, we are presenting with the warning dialog from the browser.
> However, after adding the security exception we get a blank page returned
> with the browser URL line in red with Certificate error highlighted.  When
> we turn off the proxy, we can hit this page fine and it renders with no
> issue.
>
> So we went down the path of exporting the certificate for the page from both
> IE and Firefox, using the keytool.exe utility to generate a keystore, and
> then specifying this keystore before launching the TCPProxy.  Below are the
> steps we follow:
>
> 1.  Exported the certificate as type X.509 Certificate (PEM) (*.crt) in
> Firefox
> 2.  Run the keytool.exe (JRE 1.7.0.45):
> "C:\Program Files\Java\jre7\bin\keytool.exe" -import -keystore mapsKeystore
> -file appCert.crt -alias mapClient
>
> NOTE:  We also tried these steps with JRE 1.6.0.45, same results.
>
> 3.  When launching TCPProxy, we specify the above keystore:
> java -classpath %CLASSPATH% net.grinder.TCPProxy -keyStore mapsKeystore
> -keyStorePassword ****** -console
>
> NOTE:  We also looked at this article but didn't feel it was applicable
> since we are a client, not a server, with a valid certificate from the
> website exported from Firefox:
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html
>
>
> Following error is output to the console when launching TCPProxy and
> attempting to launch the page in a browser pointing to the Proxy port:
>
> 14:52:41.987 [main] INFO : Initialising as an HTTP/HTTPS proxy with the
> parameters:
>    Request filters:    EchoFilter
>    Response filters:   EchoFilter
>    Local address:      localhost:8001
>    Key store:          C:\Development\Scripts\certs\mapsKeystore
>    Key store password: ******
> 14:52:42.540 [main] INFO : Engine initialised, listening on port 8001
> 14:53:02.721 [Filter thread for
> 127.0.0.1:60610->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.750 [Filter thread for
> 127.0.0.1:60613->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.801 [Filter thread for
> 127.0.0.1:60616->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.842 [Filter thread for
> 127.0.0.1:60619->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
> 14:53:02.947 [Filter thread for
> 127.0.0.1:60622->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:02.977 [Filter thread for
> 127.0.0.1:60625->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.003 [Filter thread for
> 127.0.0.1:60628->maps.qa.companyName.com:443] ERROR: no cipher suites in
> common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>         at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.Handshaker.process_record(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> 14:53:03.021 [Filter thread for
> 127.0.0.1:60631->maps.qa.companyName.com:443] ERROR: Remote host closed
> connection during handshake
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
>         at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) ~[na:1.7.0_45]
>         at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> ~[na:1.7.0_45]
>         at sun.security.ssl.AppInputStream.read(Unknown Source)
> ~[na:1.7.0_45]
>         at
> net.grinder.tools.tcpproxy.AbstractTCPProxyEngine$FilteredStreamThread.interruptibleRun(AbstractTCPProxyEngine.java:431)
> ~[grinder-http-3.11.jar:na]
>         at
> net.grinder.util.thread.InterruptibleRunnableAdapter.run(InterruptibleRunnableAdapter.java:58)
> [grinder-core-3.11.jar:na]
>         at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>         at sun.security.ssl.InputRecord.read(Unknown Source) ~[na:1.7.0_45]
>         ... 7 common frames omitted
>
>
>
>


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
grinder-use mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/grinder-use
Loading...