Product Support > SPECvirt_sc2013
SPECvirt WEB workload errors with cipher
bcarson:
Hello,
Please advise on next steps.
We are actually still having issues with the cipher stuff. Per the earlier email the expected cipher supported by the system under test is: SSLv3, cipher SSL_RSA_WITH_RC4_128_MD5.
From the client I am able to connect to the system under test successfully using openssl and the specific cipher and ssl version:
[root@g1llloadgen002 logs]# openssl s_client -cipher 'RC4-MD5' -ssl3 -connect webserver:443
CONNECTED(00000003)
depth=0 /C=XX/L=Default City/O=Default Company Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=XX/L=Default City/O=Default Company Ltd
verify return:1
---
Certificate chain
0 s:/C=XX/L=Default City/O=Default Company Ltd
i:/C=XX/L=Default City/O=Default Company Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICUjCCAbugAwIBAgIJAMkb2SaLrBaSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQwHhcNMTUwNTA1MjM1NzQxWhcNMTUwNjA0MjM1NzQxWjBCMQsw
CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc2IEI
AYoHHhPB/MD93DeDcLC7OuPxXR73WrcIiyRt7NSe6R+cWiiGxuex4XJzSDsWEvQv
RsspkG02eZ/NJ0pmHxDBd8rq8DkuA7krjxJHY/qDt0zfoKXf54bzbVgxD6xhf+CB
ETjCSrqLPSFyqf4nJ5XBNNPGJuwI9jtBMe8GoQIDAQABo1AwTjAdBgNVHQ4EFgQU
CGOdUUYcl5h5LzVE3CMbOL808zIwHwYDVR0jBBgwFoAUCGOdUUYcl5h5LzVE3CMb
OL808zIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQB72EfZlKbDVe0I
jubFCIWa9/mdTPJpHXIHURrO2Y0M0ligbHcIr0Pmrt3b1uRrmzTkVdoqT2q0e7mq
PN95b25dX7xuczZ5KUyc0LYVQ+cP/AEg/2zmt2DmvBihUGhO73f85QnzPrtiUrzw
HvV8OmvjAsO6x5uBZhBE+fiAumbHVA==
-----END CERTIFICATE-----
subject=/C=XX/L=Default City/O=Default Company Ltd
issuer=/C=XX/L=Default City/O=Default Company Ltd
---
No client certificate CA names sent
---
SSL handshake has read 775 bytes and written 257 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
Session-ID: 8133AB1093A222C27E5DA858AB63E6B8C824726A856EFD3EE853FDDD5F1B4BE3
Session-ID-ctx:
Master-Key: 5F6D3B9DA87AAC674428C0DBD4BD21F36EF3B4DC223F407B110ECB9BD38B221AF0477062D248F7744841E715973D390C
Key-Arg : None
Krb5 Principal: None
Start Time: 1431366168
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
GET /Support/ HTTP/1.1
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<meta name="viewport" content="width=device-width"><script type='text/javascript'>try{document.cookie = 'fjccheck=1';}catch(exception){}</script></head><frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
<frame src="http://www.http.com/?ga=HmqeklKbLYewQfbEUM3m4JBMgfoAUvPF6Pdoi9NYMx8s23%2BRSrUdOHY3NX81rwnY%2BR1J5pyFO%2BgQKZmdH4g%2BXA%3D%3D&gerf=eJPijblwIkatK9bXiAJRpxMn0f6XrOFY3YJlen9yveo%3D&guro=dX1cp6tjohVsltOURHeF6SD%2FmLRonwh4JCcCbfgHiiD%2BcEExziCASIQuB8Ry2PEt&">
</frameset>
<noframes>
<body bgcolor="#ffffff" text="#000000">
<a href="http://www.http.com/rg-erdr.php?_rpo=t n8S7Htr&_rdm=9f1NJXWBsNf93a5.JvV&p=5f95%7C%40%7C5f95%7C%40%7Ciii.0rr+.JvV%7C%40%7CfB%7C%40%7C%7C%40%7CZzbHzEZHE%7C%40%7Czbb%7C%40%7C39%7C%40%7C%7C%40%7Ct+nh8llbj%7C%40%7Ct+7zFZKFH&ga=HmqeklKbLYewQfbEUM3m4JBMgfoAUvPF6Pdoi9NYMx8s23%2BRSrUdOHY3NX81rwnY%2BR1J5pyFO%2BgQKZmdH4g%2BXA%3D%3D&t=nfrm">Click here to proceed</a>.
</body>
</noframes></html>
Where per: https://www.openssl.org/docs/apps/ciphers.html under ssl v3.0: SSL_RSA_WITH_RC4_128_MD5 is RC4-MD5
To be doubly sure I reconfigured apache to accept all ssl versions and all cipher suites. Specvirt is still complaining of the exact same ssl connection error:
2015-05-06 09:25:51:414 SPECweb_Support: [ERROR] STATE 0; makeHttpRequest() failed.
2015-05-06 09:25:51:475 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
2015-05-06 09:25:51:475 Connection: [ERROR] createSocket() failed.
2015-05-06 09:25:51:476 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
2015-05-06 09:25:51:477 Connection: [ERROR] Write to socket failed! IOException was: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropiate)
2015-05-06 09:25:51:477 SslConnection: [ERROR] IOException during SSL handshake: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
AnoopGupta:
Could you please confirm that you do have the following set on your client(s)?
In SPECweb2005/Test.config:
# The SSL protocol and cipher to use for SSL connections
SSL_PROTOCOL = "SSLv3"
SSL_CIPHER = "SSL_RSA_WITH_RC4_128_MD5"
AnoopGupta:
If you still see this issue:
* Enable debugging in Test.config: DEBUG_LEVEL = 3
* Ensure firewall is disabled
* Attach complete client harness log file showing SSL exception
klindgren:
Hello,
Please see attached log file. Additionally, iptables is not running/enabled on any of the systems and no rules are loaded. Iptables-save on both the client and the SUT result in nothing being returned.
Additionaly, OpenSSL is able to make this request succesfully:
[root@g1llloadgen002 SPECvirt]# openssl s_client -cipher 'RC4-MD5' -ssl3 -connect webserver:443
CONNECTED(00000003)
depth=0 /C=XX/L=Default City/O=Default Company Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=XX/L=Default City/O=Default Company Ltd
verify return:1
---
Certificate chain
0 s:/C=XX/L=Default City/O=Default Company Ltd
i:/C=XX/L=Default City/O=Default Company Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICUjCCAbugAwIBAgIJAMkb2SaLrBaSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQwHhcNMTUwNTA1MjM1NzQxWhcNMTUwNjA0MjM1NzQxWjBCMQsw
CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh
dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc2IEI
AYoHHhPB/MD93DeDcLC7OuPxXR73WrcIiyRt7NSe6R+cWiiGxuex4XJzSDsWEvQv
RsspkG02eZ/NJ0pmHxDBd8rq8DkuA7krjxJHY/qDt0zfoKXf54bzbVgxD6xhf+CB
ETjCSrqLPSFyqf4nJ5XBNNPGJuwI9jtBMe8GoQIDAQABo1AwTjAdBgNVHQ4EFgQU
CGOdUUYcl5h5LzVE3CMbOL808zIwHwYDVR0jBBgwFoAUCGOdUUYcl5h5LzVE3CMb
OL808zIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQB72EfZlKbDVe0I
jubFCIWa9/mdTPJpHXIHURrO2Y0M0ligbHcIr0Pmrt3b1uRrmzTkVdoqT2q0e7mq
PN95b25dX7xuczZ5KUyc0LYVQ+cP/AEg/2zmt2DmvBihUGhO73f85QnzPrtiUrzw
HvV8OmvjAsO6x5uBZhBE+fiAumbHVA==
-----END CERTIFICATE-----
subject=/C=XX/L=Default City/O=Default Company Ltd
issuer=/C=XX/L=Default City/O=Default Company Ltd
---
No client certificate CA names sent
---
SSL handshake has read 775 bytes and written 257 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
Session-ID: 0261ABBDC5DDC6E8A53909D69F5327ECF725306407C122F4C274DF2343F267EB
Session-ID-ctx:
Master-Key: 880835E48A72B1F69A89ADA8A079DD91223DCF47144F316938F91AC79ACD60A207E70C99D5DD922E8BD69C11209DABEB
Key-Arg : None
Krb5 Principal: None
Start Time: 1431375330
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
GET /support/index.php HTTP/1.1
HTTP/1.1 408 Request Timeout
Date: Mon, 11 May 2015 20:15:33 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16
Content-Length: 221
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>408 Request Timeout</title>
</head><body>
<h1>Request Timeout</h1>
<p>Server timeout waiting for the HTTP request from the client.</p>
</body></html>
read:errno=0
[root@g1llloadgen002 SPECvirt]#
klindgren:
Bueller?
Navigation
[0] Message Index
[#] Next page
Go to full version