Author Topic: Errors on workload SPECvirt WEB with cipher.  (Read 1898 times)

Ali874

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
Errors on workload SPECvirt WEB with cipher.
« on: June 15, 2021, 03:01:50 AM »
Hello,

Please advise on next steps.
We are actually still having issues with the cipher stuff.  Per the earlier email the expected cipher supported by the system under test is: SSLv3, cipher SSL_RSA_WITH_RC4_128_MD5.

From the client I am able to connect to the system under test successfully using openssl and the specific cipher and ssl version:

[root@g1llloadgen002 logs]# openssl s_client -cipher 'RC4-MD5' -ssl3 -connect webserver:443
CONNECTED(00000003)
depth=0 /C=XX/L=Default City/O=Default Company Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=XX/L=Default City/O=Default Company Ltd
verify return:1
---
Certificate chain
 0 s:/C=XX/L=Default City/O=Default Company Ltd
   i:/C=XX/L=Default City/O=Default Company Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICUjCCAbugAwIBAgIJAMkb2SaLrBaSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQwHhcNMTUwNTA1MjM1NzQxWhcNMTUwNjA0MjM1NzQxWjBCMQsw
CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc2IEI
AYoHHhPB/MD93DeDcLC7OuPxXR73WrcIiyRt7NSe6R+cWiiGxuex4XJzSDsWEvQv
RsspkG02eZ/NJ0pmHxDBd8rq8DkuA7krjxJHY/qDt0zfoKXf54bzbVgxD6xhf+CB
ETjCSrqLPSFyqf4nJ5XBNNPGJuwI9jtBMe8GoQIDAQABo1AwTjAdBgNVHQ4EFgQU
CGOdUUYcl5h5LzVE3CMbOL808zIwHwYDVR0jBBgwFoAUCGOdUUYcl5h5LzVE3CMb
OL808zIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQB72EfZlKbDVe0I
jubFCIWa9/mdTPJpHXIHURrO2Y0M0ligbHcIr0Pmrt3b1uRrmzTkVdoqT2q0e7mq
PN95b25dX7xuczZ5KUyc0LYVQ+cP/AEg/2zmt2DmvBihUGhO73f85QnzPrtiUrzw
HvV8OmvjAsO6x5uBZhBE+fiAumbHVA==
-----END CERTIFICATE-----
subject=/C=XX/L=Default City/O=Default Company Ltd
issuer=/C=XX/L=Default City/O=Default Company Ltd
---
No client certificate CA names sent
---
SSL handshake has read 775 bytes and written 257 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-MD5
    Session-ID: 8133AB1093A222C27E5DA858AB63E6B8C824726A856EFD3EE853FDDD5F1B4BE3
    Session-ID-ctx:
    Master-Key: 5F6D3B9DA87AAC674428C0DBD4BD21F36EF3B4DC223F407B110ECB9BD38B221AF0477062D248F7744841E715973D390C
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1431366168
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
GET /Support/ HTTP/1.1
<html><head>
              <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
              <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
              <meta name="viewport" content="width=device-width"><script type='text/javascript'>try{document.cookie = 'fjccheck=1';}catch(exception){}</script></head><frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
   <frame src="http://www.http.com/?ga=HmqeklKbLYewQfbEUM3m4JBMgfoAUvPF6Pdoi9NYMx8s23%2BRSrUdOHY3NX81rwnY%2BR1J5pyFO%2BgQKZmdH4g%2BXA%3D%3D&gerf=eJPijblwIkatK9bXiAJRpxMn0f6XrOFY3YJlen9yveo%3D&guro=dX1cp6tjohVsltOURHeF6SD%2FmLRonwh4JCcCbfgHiiD%2BcEExziCASIQuB8Ry2PEt&">
</frameset>
<noframes>
   <body bgcolor="#ffffff" text="#000000">
   <a href="http://www.http.com/rg-erdr.php?_rpo=t n8S7Htr&_rdm=9f1NJXWBsNf93a5.JvV&p=5f95%7C%40%7C5f95%7C%40%7Ciii.0rr+.JvV%7C%40%7CfB%7C%40%7C%7C%40%7CZzbHzEZHE%7C%40%7Czbb%7C%40%7C39%7C%40%7C%7C%40%7Ct+nh8llbj%7C%40%7Ct+7zFZKFH&ga=HmqeklKbLYewQfbEUM3m4JBMgfoAUvPF6Pdoi9NYMx8s23%2BRSrUdOHY3NX81rwnY%2BR1J5pyFO%2BgQKZmdH4g%2BXA%3D%3D&t=nfrm">Click here to proceed</a>.
   </body>
</noframes></html>

Where per: https://www.openssl.org/docs/apps/ciphers.html under ssl v3.0: SSL_RSA_WITH_RC4_128_MD5  is  RC4-MD5

To be doubly sure I reconfigured apache to accept all ssl versions and all cipher suites.  Specvirt is still complaining of the exact same ssl connection error:

2015-05-06 09:25:51:414 SPECweb_Support: [ERROR] STATE 0; makeHttpRequest() failed.
2015-05-06 09:25:51:475 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
2015-05-06 09:25:51:475 Connection: [ERROR] createSocket() failed.
2015-05-06 09:25:51:476 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
2015-05-06 09:25:51:477 Connection: [ERROR] Write to socket failed! IOException was: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropiate)
2015-05-06 09:25:51:477 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)


My Balance Now
« Last Edit: June 16, 2021, 12:27:39 AM by Ali874 »

Watkins

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
Re: Errors on workload SPECvirt WEB with cipher.
« Reply #1 on: June 15, 2021, 04:21:07 AM »
SPECvirt sc2013 User'sGuide A JRE is needed by theSPECpoll code that runs on all the VMs.  A web workload based on SPECweb2005 Support (webserver and infraserver); An IMAP workload based on SPECmail (mailserver)  This prevents file formatting errors which are difficult totrack down.
« Last Edit: June 15, 2021, 09:58:25 AM by lroderic »

lroderic

  • Moderator
  • Full Member
  • *****
  • Posts: 163
  • Karma: +6/-0
Re: Errors on workload SPECvirt WEB with cipher.
« Reply #2 on: June 15, 2021, 09:58:35 AM »
Please see https://www.spec.org/virt_sc2013/docs/SPECvirt_TechnicalSupport.html#Webserver. Which version of Java do you use? Note that Java 8+ has disabled SSLv3 by default and needs to be enabled explicitly.

jacobhue

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-1
Re: Errors on workload SPECvirt WEB with cipher.
« Reply #3 on: January 20, 2022, 09:00:15 AM »
The SPECvirt_sc2013_User'sGuide.pdf is complete documentation for the benchmark. It has been generated from the source in DocBook XML format (using DITA, a technique that allows topic-oriented writing). It looks like a typical printed book and it provides much more information than you find in this document or in any of the other documents on this website. You can download it as a single large file or as separate chapters.

The website also contains a wide variety of other documents. The most important ones are:

About_SPECvirt_sc2013 : This document explains what SPECvirt is, who uses it, and how to get started using it.

Keywords : A list of all keywords used in all the documents so that you can search for them easily.

Benchmark_Configuration_Reference : A detailed description of all benchmark settings and results, including explanations of all fields in the benchmark submission form and their possible values.

Benchmark_Reference : An introduction to running and analyzing benchmark results; a guide for beginners if you will, but also useful for experts who want to know more about SPECvirt in general.
« Last Edit: January 26, 2022, 06:35:02 PM by DavidSchmidt »

Gamble69

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-4
Re: Errors on workload SPECvirt WEB with cipher.
« Reply #4 on: March 02, 2022, 05:20:22 AM »
[Add SSL_RSA_WITH_RC4_128_MD5 to the jdk.tls.legacyAlgorithms list in the $JDK_HOME/jre/lib/security/java.security file.
« Last Edit: March 07, 2022, 09:53:41 AM by DavidSchmidt »