'Java.Jmeter. SSL unexpected server Message "server_hello"
I try to use Jmeter with plugin "DI-fakfa meter" to load my kafka using SSL.
I got the following certificates from VAULT system: -CA -Issuing CA -Private key In PEM format.
For Jmeter i import it with keytool: 1.merged files Issuing CA and private key, import it with keytool in JKS format next command:"keytool -import -trustcacerts -alias root -file "name_file" -keystore privatekey.jks"
- Add privatekey.jks as keystore in Jmeter
- import file CA.pem in Jks and add it to truststore in Jmeter.
Start Jmeter with -Djavax.net.debug = SSL,handshake.
in console i got error: "Fatal (UNEXPECTED_MESSAGE): Unexpected handshake message: server hello".
In python code this certificates works normaly in pem format.
Solution 1:[1]
Given you're able to successfully run the request in Python code you should be able to do this in JMeter, enable tracing of the SSL handshake for both Python and JMeter and compare the packets and especially the certificate chain - they need to be the same.
Also I don't know what "DI-fakfa meter" is, I recall using Pepper-Box - Kafka Load Generator for load testing the system where SSL-enabled Kafka was used as the transport chain between microservices without any issues.
The relevant setup would be something like:
More information:
Solution 2:[2]
You need libs kafka-clients 2.8.1, bouncycastle and java.
Something like this:
import java.security.Security;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
String private_key = "certs as string" //pem format
String certificate = "certs as string" //pem format
String issuing_ca = "certs as string" //pem format
String common = "mla-bla"
String kafka_topic = "LOAD.TESTING" //topic
Properties props = new Properties();
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
props.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SSL");
props.put(SslConfigs.SSL_KEYSTORE_KEY_CONFIG, private_key);
props.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, "PEM");
props.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "PEM");
props.put(SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG, certificate);
props.put(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG, issuing_ca);
props.put(ProducerConfig.CLIENT_ID_CONFIG, common);
props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, "kafka-supapupa-1:9093");
props.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, "org.apache.kafka.common.serialization.StringSerializer");
props.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, "org.apache.kafka.common.serialization.StringSerializer");
Producer<String, String> producer = new KafkaProducer<String, String>(props);
ProducerRecord<String, String> record = new ProducerRecord<String, String>("${kafka_topic}", "${kkey}", "load_test_jmeter-" + "${rand}");
try{
producer.send(record);
producer.flush();
producer.close()
}catch (Exception e){
e.printStackTrace();
log.info("Exception =" + e);
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Dmitri T |
| Solution 2 | ???? ???????? |