Author Topic: webserver error on sslv3  (Read 12435 times)

dongqing

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
webserver error on sslv3
« on: June 25, 2019, 05:33:07 AM »
Hi:
  I'm trying to run SPECvirt on arm64 server,
  some running infos:
   ISO : CentOS-7-aarch64-Everything-1810.iso
   kernel : 4.14.0-49.el7a.aarch64 aarch64 aarch64 aarch64 GNU/Linux
   java : 
      [root@webserver1 httpd]# java -version
      openjdk version "1.8.0_161"
      OpenJDK Runtime Environment (build 1.8.0_161-b14)
      OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode

and I got errors in Clientmgr1_1088.out as follows:

   -> 2019-06-25 14:18:51:978 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-25 14:18:51:978 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-25 14:18:51:979 Connection: [ERROR] createSocket() failed.
   -> 2019-06-25 14:18:51:979 Connection: [ERROR] createSocket() failed.
   -> 2019-06-25 14:18:51:991 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-25 14:18:51:991 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-25 14:18:51:992 Connection: [ERROR] createSocket() failed.
   -> 2019-06-25 14:18:51:992 Connection: [ERROR] createSocket() failed.
   -> 2019-06-25 14:18:51:992 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-25 14:18:51:992 Connection: [ERROR] createSocket() failed.
   .
   .
   .
   .
   -> 2019-06-25 14:20:04:345 SPECweb_Support: [ERROR] SocketTimeoutException encountered during run!
   -> 2019-06-25 14:20:04:355 Connection: SocketTimeoutException waiting for end-of-header
   -> 2019-06-25 14:20:04:355 SPECweb_Support: [ERROR] SocketTimeoutException encountered during run!
   -> 2019-06-25 14:20:04:391 Connection: [ERROR] Bad status: 500
   -> 2019-06-25 14:20:04:391 Connection: [ERROR] Bad status: 500
   -> 2019-06-25 14:20:04:391 Connection: bad status ======= buf_len=266 headerEnd=266 contentLen=0 chunkEnd-1========
   -> 2019-06-25 14:20:04:391 Connection: bad status ======= buf_len=266 headerEnd=266 contentLen=0 chunkEnd-1========
   -> 2019-06-25 14:20:04:392 Connection: HTTP/1.0 500 Internal Server Error
   -> Date: Tue, 25 Jun 2019 06:19:56 GMT
   -> Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
   -> X-Powered-By: PHP/5.4.16
   -> Content-Length: 0
   -> Cache-Control: no-cache
   -> Connection: close
   -> Content-Type: text/html; charset=UTF-8
   ->
   ->
   -> 2019-06-25 14:20:04:392 Connection: HTTP/1.0 500 Internal Server Error
   -> Date: Tue, 25 Jun 2019 06:19:58 GMT
   -> Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
   -> X-Powered-By: PHP/5.4.16
   -> Content-Length: 0
   -> Cache-Control: no-cache
   -> Connection: close
   -> Content-Type: text/html; charset=UTF-8
   ->
   ->
   -> 2019-06-25 14:20:04:392 HttpRequestSched: [ERROR] Bad response (-1). Request was GET /support/index.php HTTP/1.1
   
      
   [root@client1 SPECvirt]# openssl s_client -cipher 'RC4-MD5' -ssl3 -connect webserver:443
   CONNECTED(00000003)
   depth=0 C = XX, L = Default City, O = Default Company Ltd
   verify error:num=18:self signed certificate
   verify return:1
   depth=0 C = XX, L = Default City, O = Default Company Ltd
   verify return:1
   ---
   Certificate chain
    0 s:/C=XX/L=Default City/O=Default Company Ltd
      i:/C=XX/L=Default City/O=Default Company Ltd
   ---
   Server certificate
   -----BEGIN CERTIFICATE-----
   MIICUjCCAbugAwIBAgIJALoMBnoWyXsmMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
   BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
   Q29tcGFueSBMdGQwHhcNMTkwNjI0MDczNjU1WhcNMTkwNzI0MDczNjU1WjBCMQsw
   CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
   dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCm80xR
   TadEg78+fIun2q0VEEA+F+K8l6Kzkf6FMRMtGC3z/998/Tp6Q7AT/Ced71qEFNe/
   OQMTW4DiookZPhcUSrx0eOsfbw+grzseFwhLvNNSW2mjCrH8HrLezbyPY9YNxSmA
   jtyn6Z21tSaxrhAGxVEIGB1OmKbzZYqiSO777QIDAQABo1AwTjAdBgNVHQ4EFgQU
   cuOFjJWIb3sqtR/wwMQoZGZkkkkwHwYDVR0jBBgwFoAUcuOFjJWIb3sqtR/wwMQo
   ZGZkkkkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAG0hVKmFSlfb0q
   Jh76oTeb3JQYLvi/0Ix2F40HstPSkIf31dPbKTLlT6YxTIXOsmE8TpezbZbJfPbv
   pEGq8Fz+APPuvIigXGa+G0ox1WU02GAdZQlwf1RFLsHseWA5JvSAgJt0/c5OeHOK
   qqcZ3TO0HtIKsgdLZrfkY9KZ4otjbA==
   -----END CERTIFICATE-----
   subject=/C=XX/L=Default City/O=Default Company Ltd
   issuer=/C=XX/L=Default City/O=Default Company Ltd
   ---
   No client certificate CA names sent
   ---
   SSL handshake has read 775 bytes and written 256 bytes
   ---
   New, TLSv1/SSLv3, Cipher is RC4-MD5
   Server public key is 1024 bit
   Secure Renegotiation IS supported
   Compression: NONE
   Expansion: NONE
   No ALPN negotiated
   SSL-Session:
       Protocol  : SSLv3
       Cipher    : RC4-MD5
       Session-ID: B62C3D93C455DF0171971B7DEF912A4C26502F6334C3E2D8A933A37E478D19B3
       Session-ID-ctx:
       Master-Key: 47B46ADD7825AA6FA9C158CF9E05311490C2FC233EE5B9011A246F3052BFE58A54E0312F79C3305FB30A57D2C164B485
       Key-Arg   : None
       Krb5 Principal: None
       PSK identity: None
       PSK identity hint: None
       Start Time: 1561446475
       Timeout   : 7200 (sec)
       Verify return code: 18 (self signed certificate)
   ---
   
   HTTP/1.1 400 Bad Request
   Date: Tue, 25 Jun 2019 07:07:55 GMT
   Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
   Content-Length: 226
   Connection: close
   Content-Type: text/html; charset=iso-8859-1
   
   <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>400 Bad Request</title>
   </head><body>
   <h1>Bad Request</h1>
   <p>Your browser sent a request that this server could not understand.<br />
   </p>
   </body></html>
   read:errno=0
   
   
   Here is my config file which I modified, these files are synced between webserver and client.
   
   ------------------------------------------------------------
   vim /etc/httpd/conf/httpd.conf
   
   ServerName webserver
   Timeout 20
   KeepAlive On
   MaxKeepAliveRequests 0
   KeepAliveTimeout 60
   
   <IfModule mpm_prefork_module>
       StartServers             8
       MinSpareServers          5
       MaxSpareServers         20
       ServerLimit     10240
       MaxClients      10240
       MaxRequestsPerChild  4000
   </IfModule>
   <IfModule mpm_worker_module>
       StartServers             2
       MaxClients         150
       MinSpareThreads         25
       MaxSpareThreads        75
       ThreadsPerChild         25
       MaxRequestsPerChild  0
   </IfModule>
   
   ------------------------------------------------------------
   vim /etc/httpd/conf.d/ssl.conf
   SSLEngine on
   SSLProtocol all
   SSLCipherSuite ALL:RC4+RSA:+SSLv2:+SSLv3
   ------------------------------------------------------------
   vim /usr/lib/jvm/java-openjdk/jre/lib/security/java.security
   jdk.jar.disabledAlgorithms=MD2
   jdk.tls.disabledAlgorithms=DH keySize < 1024
   jdk.tls.legacyAlgorithms= \
           SSL_RSA_WITH_RC4_128_MD5, \
           K_NULL, C_NULL, M_NULL, \
           DH_anon, ECDH_anon, \
           RC4_128, RC4_40, DES_CBC, DES40_CBC, \
           3DES_EDE_CBC
   
   ------------------------------------------------------------
   vim /opt/SPECweb2005/Test.config
      SSL_PROTOCOL = "SSLv3"
      SSL_CIPHER = "SSL_RSA_WITH_RC4_128_MD5"
      DEBUG_LEVEL = 1
      WARMUP_SECONDS = 1500

   ------------------------------------------------------------
   vim /opt/SPECvirt/Testbed.config
      WEB.ENCRYPT_PROTOCOL = "SSLv3"
      WEB.ENCRYPT_CIPHER = "SSL_RSA_WITH_RC4_128_MD5"      
   
   ------------------------------------------------------------
   vim /opt/SPECweb2005/SPECweb_Support.config
      USE_SSL = 1
      LG_BUF_SIZE = 102400

RamyaMeruva

  • Newbie
  • *
  • Posts: 23
  • Karma: +1/-0
Re: webserver error on sslv3
« Reply #1 on: June 25, 2019, 01:57:10 PM »
Hi Dongqing,

I see that you are using default protocol SSLv3 which is no longer supported by many webservers. Can u try using TLS?

Also, can u tell more about SUT hardware config? Are u using 10GbE or 1 GbE network ?

Thanks,
Ramya

dongqing

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
Re: webserver error on sslv3
« Reply #2 on: June 26, 2019, 03:18:36 AM »
Hi,

the blow config file are synced between webserver and client.

vim /opt/SPECweb2005/Test.config
   SSL_PROTOCOL = "TLSv1.2"
   SSL_CIPHER = "TLS_RSA_WITH_AES_128_CBC_SHA"
   DEBUG_LEVEL = 1
   WARMUP_SECONDS = 1500
   
vim /opt/SPECweb2005/SPECweb_Support.config
   USE_SSL = 1
   LG_BUF_SIZE = 102400

vim /opt/SPECvirt/Testbed.config
   WEB.ENCRYPT_PROTOCOL = "TLSv1.2"
        WEB.ENCRYPT_CIPHER = "TLS_RSA_WITH_AES_128_CBC_SHA"


i got these errors

   Messages from: 192.168.221.208:1010
   -> 2019-06-26 10:32:44:455 LoadGenerator: Ramping up for 300 seconds.
   -> 2019-06-26 10:32:44:456 LoadGenerator: Starting 2500 threads.
   -> 2019-06-26 10:33:37:466 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:33:37:467 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:33:42:470 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:33:42:470 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:33:42:478 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:33:42:478 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:33:43:853 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:33:43:853 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:33:43:853 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:33:46:267 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:33:43:853 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:33:46:268 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:33:43:853 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:33:46:269 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:33:43:853 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:33:46:272 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:34:16:283 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:34:16:494 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:485 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:484 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:470 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:470 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:470 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:469 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:469 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:469 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:469 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:469 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:34:16:469 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:469 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
   -> 2019-06-26 10:34:16:296 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:296 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:295 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:295 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:294 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out
   -> 2019-06-26 10:34:16:544 Connection: [ERROR] createSocket() failed.
   -> 2019-06-26 10:34:16:544 Connection: [ERROR] createSocket() failed.
-> 2019-06-26 10:34:20:297 SslConnection: [ERROR] IOException during SSL handshake: java.net.SocketTimeoutException: Read timed out

RamyaMeruva

  • Newbie
  • *
  • Posts: 23
  • Karma: +1/-0
Re: webserver error on sslv3
« Reply #3 on: June 26, 2019, 01:02:46 PM »
Hi Dongqing,

SSL3 is disabled by default on Java 8. Can u retry SSLv3 using Java 7 (versions before 1.7.0_75)

Or

Using Java 8,  the protocol SSLv3 can be reactivated by removing "SSLv3" from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this Security property to "true" before JSSE is initialized.

Or

Java 1.8 seems to allow a larger range of TLS ciphersuites. Please review the documentation for your flavor of Java 1.8 and verify which ciphersuites are supported. (Note, some cipher suites must be explicitly enabled in the JRE settings). 

Thanks,
Ramya

dongqing

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
Re: webserver error on sslv3
« Reply #4 on: July 01, 2019, 06:53:26 AM »
Hi
is there a problem with the data generated by the wafgen? such as no enough long
is there anyway to verify?

dongqing

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
Re: webserver error on sslv3
« Reply #5 on: July 08, 2019, 08:29:15 AM »
Hi

it's slow to test each suite
Is there any way to debug Specweb2005?

i want to compile Specweb but seems missing some file

[root@webserver1 SPECweb2005]# ant
Buildfile: /opt/SPECweb2005/build.xml

BUILD FAILED
/opt/SPECweb2005/build.xml:7: Cannot find /opt/SPECweb2005/nbproject/build-impl.xml imported from /opt/SPECweb2005/build.xml

Total time: 0 seconds

ChrisFloyd

  • Moderator
  • Jr. Member
  • *****
  • Posts: 52
  • Karma: +2/-0
Re: webserver error on sslv3
« Reply #6 on: July 08, 2019, 07:49:06 PM »
To build the workloads for SPECvirt_sc2013, the recommended method is to use the "buildall.sh" or "build_worklds.sh" script under /opt/Scripts directory.

ChrisFloyd

  • Moderator
  • Jr. Member
  • *****
  • Posts: 52
  • Karma: +2/-0
Re: webserver error on sslv3
« Reply #7 on: July 08, 2019, 07:57:16 PM »
"Hi, is there a problem with the data generated by the wafgen? such as no enough long
is there anyway to verify?"

If you look at the head of each image generated by Wafgen, the first characters should represent which tile the image is built for.

It would be surprising if Wafgen was generating the incorrect data somehow.  It's more likely that there is some communication problem between the client and SUT that is causing the problem. 

Have you tried using Java7 instead of Java8 to avoid any potential SSLv3 configuration issues?

Also, in Test.config you can increase the DEBUG_LEVEL (default is 0 = off), to view more detail in the client output log.  Recompiling the code is not necessary to view the increased debug output.

What is the network link between your client and the SUT?  Traffic may exceed 1Gb for even a single tile at times, which is why 10Gb is the recommended minimum for SPECvirt_sc2013.
« Last Edit: July 08, 2019, 08:18:02 PM by ChrisFloyd »