Thursday, October 17, 2019

Firefox and Jmeter TLS 1.4

I was using Jmeter 5.1.1 and the latest firefox (linux 69.02 at this writing) and the jmeter generated root cert was breaking firefox.  Firefox was failing with

An error occurred during a connection to [domain].com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

This turned out to be answered by:


DanL on stackoverflow


Jmeter is using TLS 1.4 and this firefox version doesn't like that.  The fix, (copied here although I doubt SO will actually go away, props to DanL for the perfect answer):
  • Go to about:config in Firefox
  •  Set security.tls.version.fallback-limit and security.tls.version.max to 3.

I had a separate issue and I may as well record that here.  Before I found this solution I had a separate issue.   I'd remove the ApacheJMeterTemporaryRootCA.crt and would expect it to be regenerated when starting the jmeter https test script recorder.  I'd get the dialog box indicating it had been generated, but the file wouldn't actually be on the disk.

This is answered by:

Gizit on Stack Overflow

If I want to force actual creation of the crt file I also need to remove proxyserver.jks.  Once that's been removed, starting the https test script recorder generates both proxyserver.jks and the jmeter temporary root crt.

No comments: