Author Topic: SSL_PROTOCOL value is: TLSv1.2; should be SSLv3, TLS1, TLS1.1, or TLS1.2  (Read 9114 times)

andchri

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
I'm currently upgrading form specvirt_1 to specvirt_1.1, for the purpose of using TlSv1.2 ciphers for the specweb workload.
I am getting the following validation error, which appears to be a false validation error.

0,0,2016-11-22 14:10:04:517,206582,206576,0,6,95682880343,976249536,206562,14,0,281,391541,0

0,0,2016-11-22 14:10:14:517,208280,208274,0,6,96554000936,985114669,208260,14,0,281,391541,0

0,0,2016-11-22 14:10:24:517,210128,210122,0,6,97337568539,993114585,210108,14,0,281,391541,0

0,0,2016-11-22 14:10:34:517,211860,211854,0,6,98139738304,1001295437,211840,14,0,281,391541,0

2016-11-22 14:10:44:513 PrimeControl: stopping result polling.
2016-11-22 14:10:44:513 PrimeControl: waiting for all workloads to stop...
2016-11-22 14:10:54:513 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:11:09:513 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:11:24:514 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:11:39:514 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:11:54:515 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:12:09:515 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:12:24:515 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:12:39:516 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:12:54:516 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:13:09:517 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:13:24:517 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:13:39:517 PrimeControl: waiting for 1 masters to finish
2016-11-22 14:13:53:894 PrimeControl: all workloads stopped
2016-11-22 14:13:53:896 Workload validation errors reported!:
0-0-0 = SSL_PROTOCOL value is: TLSv1.2; should be SSLv3, TLS1, TLS1.1, or TLS1.2
0-0-1 = RAMPUP_SECONDS value is: 150; should be >=180
0-0-2 = THREAD_RAMPUP_SECONDS value is: 150; should be >=180
2016-11-22 14:13:53:898 PrimeControl: aggregate audit...
2016-11-22 14:13:53:898 PrimeControl: validating aggregate audit...
2016-11-22 14:13:55:920 PrimeControl: stopping clients.
2016-11-22 14:13:55:920 PrimeControl: stopping remote client processes
2016-11-22 14:13:57:923 PrimeControl: stopping local client threads
  > Loading Raw Result File..

2016-11-22 14:13:57:960 PrimeControl: terminating run. Please wait...
2016-11-22 14:13:58:962 specvirt: Done!

Both the Test.config & Testbed.config files for specweb and spevirt refer to TLSv1.2 as follows:
-----------------------------------------------------------------------------------------------------------------------
Testbed.config:
---------------------
WEB.JVM_VERSION[0] = "vSonic JumpinJVM 1.2.3"

# The encryption protocol used for client and webserver communications.
# The protocol MUST be one of the following: SSLv3, TLSv1, TLSv1.1, TLSv1.2
# This field must match SSL_PROTOCOL in /opt/SPECweb2005/Test.config
#
#WEB.ENCRYPT_PROTOCOL = "SSLv3"
WEB.ENCRYPT_PROTOCOL = "TLSv1.2"

Test.config:
--------------
# The SSL protocol to use for secure (encrypted) connections
# The protocol MUST be one of the following: SSLv3, TLSv1, TLSv1.1, or TLSv1.2
# This field must match WEB.ENCRYPT_PROTOCOL in /opt/SPECvirt/Testbed.config
#SSL_PROTOCOL = "SSLv3"
SSL_PROTOCOL = "TLSv1.2"


If I change the SSL_PROTOCOL to TLS1.2 the run fails early on:
------------------------------------------------------------------------------------------------------
2016-11-22 15:18:39:265 Creating specwebclient using RMI Registry port 1010
2016-11-22 15:18:39:342 oaf783-kz-1:1010 ready...
2016-11-22 15:19:15:327 LoadGenerator: Setting sleep delay.
2016-11-22 15:19:20:621 specwebclient: setting tile ID to 0
2016-11-22 15:19:20:783 Looking up polling host: webserver:8001
2016-11-22 15:19:21:814 LoadGenerator: Ramping up for 150 seconds.
2016-11-22 15:19:21:814 LoadGenerator: Starting 2500 threads.
2016-11-22 15:19:22:145 SslConnection: [ERROR] IllegalArgumentException: java.lang.IllegalArgumentException: TLS1.2
2016-11-22 15:19:22:156 SslConnection: [ERROR] IllegalArgumentException: java.lang.IllegalArgumentException: TLS1.2

Ideally I would like to avoid getting this validation error.
Is there a way to filter it out of the final report, other than using sed?

thanks,

Andrew

lroderic

  • Moderator
  • Full Member
  • *****
  • Posts: 167
  • Karma: +6/-0
Re: SSL_PROTOCOL value is: TLSv1.2; should be SSLv3, TLS1, TLS1.1, or TLS1.2
« Reply #1 on: November 23, 2016, 02:56:22 PM »
Andrew, thanks for bringing this to our attention. We're working on a fix. In the meantime, sed works. If you find another way around it, please let us know. We'll keep you updated.

ChrisFloyd

  • Moderator
  • Jr. Member
  • *****
  • Posts: 52
  • Karma: +2/-0
Re: SSL_PROTOCOL value is: TLSv1.2; should be SSLv3, TLS1, TLS1.1, or TLS1.2
« Reply #2 on: November 30, 2016, 08:34:30 PM »
Andrew,

We've located the bug and are in the process of retesting and revalidating the updated SPECweb code.  We expect to have a patch available for licensees in January.  We will notify you once the TLS patch is available, and the mechanism for applying the update.

Thanks,

Chris Floyd

andchri

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
Re: SSL_PROTOCOL value is: TLSv1.2; should be SSLv3, TLS1, TLS1.1, or TLS1.2
« Reply #3 on: December 01, 2016, 09:07:57 AM »
Great, thanks for the update Chris.

Andrew