Thursday, October 17, 2019

Firefox and Jmeter TLS 1.4

I was using Jmeter 5.1.1 and the latest firefox (linux 69.02 at this writing) and the jmeter generated root cert was breaking firefox.  Firefox was failing with

An error occurred during a connection to [domain].com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

This turned out to be answered by:


DanL on stackoverflow


Jmeter is using TLS 1.4 and this firefox version doesn't like that.  The fix, (copied here although I doubt SO will actually go away, props to DanL for the perfect answer):
  • Go to about:config in Firefox
  •  Set security.tls.version.fallback-limit and security.tls.version.max to 3.

I had a separate issue and I may as well record that here.  Before I found this solution I had a separate issue.   I'd remove the ApacheJMeterTemporaryRootCA.crt and would expect it to be regenerated when starting the jmeter https test script recorder.  I'd get the dialog box indicating it had been generated, but the file wouldn't actually be on the disk.

This is answered by:

Gizit on Stack Overflow

If I want to force actual creation of the crt file I also need to remove proxyserver.jks.  Once that's been removed, starting the https test script recorder generates both proxyserver.jks and the jmeter temporary root crt.
Posted by at No comments:

Wednesday, July 03, 2019

nm-applet on a headless computer

I have a bunch of tiny computers from odroid that run Ubuntu (lately, Bionic).  I don't usually connect them to a monitor at all, they're just servers and their GPUs are wasted.  I wish I could buy these things without GPUs for a little less money :-).

The problem at hand though is that (at least with Bionic, possibly with Xenial too), if I start a vnc server on the box and connect to it, nm-applet won't run in vnc, failing with "Not authorized to control networking".

Fortunately there is a workaround (and I agree with the OP, it's too bad this doesn't ship with at least templates to copy, or disabled configuration in place).

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643028#59

create (or edit, if already there) /etc/polkit-1/localauthority/50-local.d# cat org.freedesktop.NetworkManager.pkla to contain: 
[nm-applet]
Identity=unix-group:netdev
Action=org.freedesktop.NetworkManager.*
ResultAny=yes
ResultInactive=no
ResultActive=yes
Posted by at No comments:
Subscribe to: Posts (Atom)