Author Topic: WEB workload errors with cipher in SPECvirt.  (Read 1772 times)

Edwards258

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-2
WEB workload errors with cipher in SPECvirt.
« on: June 03, 2021, 08:09:49 AM »
Hello,

Please advise on next steps.
We are actually still having issues with the cipher stuff.  Per the earlier email the expected cipher supported by the system under test is: SSLv3, cipher SSL_RSA_WITH_RC4_128_MD5.

From the client I am able to connect to the system under test successfully using openssl and the specific cipher and ssl version:

[root@g1llloadgen002 logs]# openssl s_client -cipher 'RC4-MD5' -ssl3 -connect webserver:443
CONNECTED(00000003)
depth=0 /C=XX/L=Default City/O=Default Company Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=XX/L=Default City/O=Default Company Ltd
verify return:1
---
Certificate chain
 0 s:/C=XX/L=Default City/O=Default Company Ltd
   i:/C=XX/L=Default City/O=Default Company Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICUjCCAbugAwIBAgIJAMkb2SaLrBaSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQwHhcNMTUwNTA1MjM1NzQxWhcNMTUwNjA0MjM1NzQxWjBCMQsw
CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc2IEI
AYoHHhPB/MD93DeDcLC7OuPxXR73WrcIiyRt7NSe6R+cWiiGxuex4XJzSDsWEvQv
RsspkG02eZ/NJ0pmHxDBd8rq8DkuA7krjxJHY/qDt0zfoKXf54bzbVgxD6xhf+CB
ETjCSrqLPSFyqf4nJ5XBNNPGJuwI9jtBMe8GoQIDAQABo1AwTjAdBgNVHQ4EFgQU
CGOdUUYcl5h5LzVE3CMbOL808zIwHwYDVR0jBBgwFoAUCGOdUUYcl5h5LzVE3CMb
OL808zIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQB72EfZlKbDVe0I
jubFCIWa9/mdTPJpHXIHURrO2Y0M0ligbHcIr0Pmrt3b1uRrmzTkVdoqT2q0e7mq
PN95b25dX7xuczZ5KUyc0LYVQ+cP/AEg/2zmt2DmvBihUGhO73f85QnzPrtiUrzw
HvV8OmvjAsO6x5uBZhBE+fiAumbHVA==
-----END CERTIFICATE-----
subject=/C=XX/L=Default City/O=Default Company Ltd
issuer=/C=XX/L=Default City/O=Default Company Ltd
---
No client certificate CA names sent
---
SSL handshake has read 775 bytes and written 257 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-MD5
    Session-ID: 8133AB1093A222C27E5DA858AB63E6B8C824726A856EFD3EE853FDDD5F1B4BE3
    Session-ID-ctx:
    Master-Key: 5F6D3B9DA87AAC674428C0DBD4BD21F36EF3B4DC223F407B110ECB9BD38B221AF0477062D248F7744841E715973D390C
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1431366168
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
GET /Support/ HTTP/1.1
<html><head>
              <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
              <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
              <meta name="viewport" content="width=device-width"><script type='text/javascript'>try{document.cookie = 'fjccheck=1';}catch(exception){}</script></head><frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
   <frame src="http://www.http.com/?ga=HmqeklKbLYewQfbEUM3m4JBMgfoAUvPF6Pdoi9NYMx8s23%2BRSrUdOHY3NX81rwnY%2BR1J5pyFO%2BgQKZmdH4g%2BXA%3D%3D&gerf=eJPijblwIkatK9bXiAJRpxMn0f6XrOFY3YJlen9yveo%3D&guro=dX1cp6tjohVsltOURHeF6SD%2FmLRonwh4JCcCbfgHiiD%2BcEExziCASIQuB8Ry2PEt&">
</frameset>
<noframes>
   <body bgcolor="#ffffff" text="#000000">
   <a href="http://www.http.com/rg-erdr.php?_rpo=t n8S7Htr&_rdm=9f1NJXWBsNf93a5.JvV&p=5f95%7C%40%7C5f95%7C%40%7Ciii.0rr+.JvV%7C%40%7CfB%7C%40%7C%7C%40%7CZzbHzEZHE%7C%40%7Czbb%7C%40%7C39%7C%40%7C%7C%40%7Ct+nh8llbj%7C%40%7Ct+7zFZKFH&ga=HmqeklKbLYewQfbEUM3m4JBMgfoAUvPF6Pdoi9NYMx8s23%2BRSrUdOHY3NX81rwnY%2BR1J5pyFO%2BgQKZmdH4g%2BXA%3D%3D&t=nfrm">Click here to proceed</a>.
   </body>
</noframes></html>

Where per: https://www.openssl.org/docs/apps/ciphers.html under ssl v3.0: SSL_RSA_WITH_RC4_128_MD5  is  RC4-MD5

To be doubly sure I reconfigured apache to accept all ssl versions and all cipher suites.  Specvirt is still complaining of the exact same ssl connection error:

2015-05-06 09:25:51:414 SPECweb_Support: [ERROR] STATE 0; makeHttpRequest() failed.
2015-05-06 09:25:51:475 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
2015-05-06 09:25:51:475 Connection: [ERROR] createSocket() failed.
2015-05-06 09:25:51:476 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
2015-05-06 09:25:51:477 Connection: [ERROR] Write to socket failed! IOException was: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropiate)
2015-05-06 09:25:51:477 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

« Last Edit: June 16, 2021, 11:01:40 AM by lroderic »

lroderic

  • Moderator
  • Full Member
  • *****
  • Posts: 163
  • Karma: +6/-0
Re: WEB workload errors with cipher in SPECvirt.
« Reply #1 on: June 03, 2021, 11:11:55 AM »
Please see https://www.spec.org/virt_sc2013/docs/SPECvirt_TechnicalSupport.html#Webserver. Which version of Java do you use? Note that Java 8+ has disabled SSLv3 by default and needs to be enabled explicitly.

haliasa

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-3
Re: WEB workload errors with cipher in SPECvirt.
« Reply #2 on: April 04, 2022, 03:20:08 AM »
Virtualization is already becoming ubiquitous in data centers for the consolidation of multiple workloads on a single platform. However, there are very few performance studies of server consolidation workloads in the literature. In this paper, our goal is to analyze the performance characteristics of a representative server consolidation workload. To address this goal, we have carried out extensive measurement and profiling experiments of a newly proposed consolidation workload