Subject svn commit: r1818839 - in /jmeter/trunk: src/core/org/apache/jmeter/util/ xdocs/changes.xml xdocs/usermanual/properties_reference.xml
Date Wed, 20 Dec 2017 17:50:52 GMT
Author: pmouawad
Date: Wed Dec 20 17:50:52 2017
New Revision: 1818839

Bug 61901 - Support for https.cipherSuites property
Contributed by  Jeremy Arnold 
Bugzilla Id: 61901


Modified: jmeter/trunk/src/core/org/apache/jmeter/util/
--- jmeter/trunk/src/core/org/apache/jmeter/util/ (original)
+++ jmeter/trunk/src/core/org/apache/jmeter/util/ Wed Dec
20 17:50:52 2017
@@ -45,12 +45,17 @@ public class HttpSSLProtocolSocketFactor
     private static final String[] protocols = PROTOCOL_LIST.split(" "); // $NON-NLS-1$
+    private static final String CIPHER_LIST =
+            JMeterUtils.getPropDefault("https.cipherSuites", ""); // $NON-NLS-1$ $NON-NLS-2$
+    private static final String[] ciphers = CIPHER_LIST.split(", *"); // $NON-NLS-1$
     static {
         if (!PROTOCOL_LIST.isEmpty()) {
-  "Using protocol list: {}", PROTOCOL_LIST);
+  "Using protocol list:{} and cipher list: {}", PROTOCOL_LIST, CIPHER_LIST);
     private final JsseSSLManager sslManager;
     private final int CPS; // Characters per second to emulate
@@ -81,6 +86,17 @@ public class HttpSSLProtocolSocketFactor
+        if (!CIPHER_LIST.isEmpty()) {
+            try {
+                sock.setEnabledCipherSuites(ciphers);
+            } catch (IllegalArgumentException e) {
+                if (log.isWarnEnabled()) {
+                    log.warn("Could not set cipher list: {}.", CIPHER_LIST);
+                    log.warn("Valid ciphers are: {}", join(sock.getSupportedCipherSuites()));
+                }
+            }
+        }
     private String join(String[] strings) {

Modified: jmeter/trunk/xdocs/changes.xml
--- jmeter/trunk/xdocs/changes.xml [utf-8] (original)
+++ jmeter/trunk/xdocs/changes.xml [utf-8] Wed Dec 20 17:50:52 2017
@@ -100,6 +100,7 @@ Summary
     <li><bug>53957</bug>HTTP Request: In Parameters tab, allow pasting
of content coming from Firefox and Chrome (unparsed)</li>
     <li><bug>61587</bug>Drop properties <code>sampleresult.getbytes.headers_size</code>
and <code>sampleresult.getbytes.body_real_size</code></li>
     <li><bug>61843</bug>HTTP(S) Test Script Recorder: Add SAN to JMeter
generated CA Certificate. Contributed by Matthew Buckett</li>
+    <li><bug>61901</bug>Support for <code>https.cipherSuites</code>
System property. Contributed by Jeremy Arnold (jeremy at</li>
 <h3>Other samplers</h3>
@@ -290,6 +291,7 @@ Summary
     <li>Matthew Buckett (</li>
     <li>Helly Guo (</li>
     <li>Peter Doornbosch (</li>
+    <li>Jeremy Arnold (jeremy at</li>
 <p>We also thank bug reporters who helped us improve JMeter. <br/>
 For this release we want to give special thanks to the following reporters for the clear
reports and tests made after our fixes:</p>

Modified: jmeter/trunk/xdocs/usermanual/properties_reference.xml
--- jmeter/trunk/xdocs/usermanual/properties_reference.xml (original)
+++ jmeter/trunk/xdocs/usermanual/properties_reference.xml Wed Dec 20 17:50:52 2017
@@ -83,9 +83,10 @@ These properties are only taken into acc
 <section name="&sect-num;.3 SSL configuration" anchor="ssl_config">
 <note>SSL (Java) System properties are now in <code></code><br/>

-JMeter no longer converts <code>javax.<em>xxx</em></code> property
entries in this file into System properties.<br/>
-These must now be defined in the <code></code> file or on the
-The <code></code> file gives more flexibility.</note>
+JMeter no longer converts <code>javax.<em>xxx</em></code> property
entries in
+<code></code> into System properties. These must now be
+defined in the <code></code> file or on the command-line. The
+<code></code> file gives more flexibility.</note>
 <property name="https.sessioncontext.shared">
     By default, SSL session contexts are now created per-thread, rather than being shared.<br/>
@@ -105,6 +106,19 @@ The <code></code> file
     or <code> Connection reset</code>.<br/>
     See <bugzilla>54759</bugzilla>, example: <source>https.socket.protocols=SSLv2Hello
SSLv3 TLSv1</source>
+<property name="https.cipherSuites">
+    Comma-separated list of SSL cipher suites that may be used in HTTPS
+    connections.  It may be desirable to use a subset of cipher suites in order
+    to match expected client behavior or to reduce encryption overhead in
+    JMeter when running with large numbers of users. Errors may occur if the
+    JVM does not support the specified cipher suites, or if the cipher suites
+    supported by the HTTPS server do not overlap this list.  See the
+    <a href="">JSSE
+	    Reference Guide.</a><br/>
+    For example: <source>https.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256</source>
+    If not specified, JMeter will use the default list of cipher suites
+    supported by the JVM.
 <property name="https.use.cached.ssl.context">
     Control if we allow reuse of cached SSL context between iterations.<br/>
     Set the value to <code>false</code> to reset the SSL context each iteration.<br/>
@@ -606,8 +620,8 @@ JMETER-SERVER</source>
 <property name="">
     For use with Comma-separated value (CSV) files or other formats where the fields' values
     are separated by specified delimiters.<br/>
-    <note>For TAB, since JMeter version 2.3 one can use <code>\t</code></note>
     Defaults to: <code>,</code>
+    <note>For TAB, one can use <code>\t</code></note>
 <property name="">
     Only applies to CSV format files:<br/>

