tsung icon indicating copy to clipboard operation
tsung copied to clipboard

Published 20 hours ago verified publisher icon processone

Tsung fails when proxying through SSL-interception proxy

Open paulsery opened this issue 6 years ago • 6 comments

Running tsung 1.7 on an Ubuntu 18.04 system Internet access through explicit proxy that does MitM for SSL sites Non-SSL connections work but SSL fails with "error_unknown"

I've tried every variation I can think of for the following example (with/without certs, proxy with ssl and tcp type option). Any suggestions?

tsung@controller... excerpt: =INFO REPORT==== 15-May-2019::14:38:46 === ts_client:(5:<0.128.0>) Stop in state think, reason= {badarg, [{erlang, atom_to_list, [{options, {keyfile, "./xyz.key", {error, enoent}}}], []}, {ts_client, reconnect,

paulsery avatar May 15 '19 20:05 paulsery

This error states, that the file you've specified does not exist (./xyz.key).

tisba avatar May 16 '19 09:05 tisba

Yes, thank you, After correcting and trying several different certificate configurations it still can't make the connection. I've searched for but haven't found any examples of ssl-enabled proxies. Are there that I might use?

paulsery avatar May 16 '19 18:05 paulsery

First it would be useful if you could share your tsung version and configuration.

Second: I'm not sure if I understood your setup.

Normally tsung does not really care about "invalid" TLS certificates etc. If you are hitting a target with tsung and there is a (transparent) proxy that does stuff with TLS that should not really affect tsung at all.

But again, it would be good if you could share your configuration and more details on your setup.

tisba avatar May 19 '19 10:05 tisba

tsung 1.7 running on an Ubuntu 18.04 server (config below).

It sits behind an explicit proxy doing SSL interception that requires valid TLS certificates for MitM. I hope to use tsung to measure latency with and without the proxy.

test.xml =>

<?xml version="1.0"?><tsung loglevel="notice" version="1.0">
  <clients>
    <client host="localhost" use_controller_vm="true"/>
  </clients>
  <servers>
    <server host="myproxy.xyz.com" port="3129" type="ssl"/>
  </servers>
  <load>
   <arrivalphase phase="1" duration="40" unit="second">
    <users arrivalrate="1" unit="second"/>
   </arrivalphase>
  </load>
  <options>
    <option name="ssl_reuse_sessions" value="false"/>
    <option name="ssl_versions" value="'tlsv1.2'"/>
    <option type="ts_http" name="http_use_server_as_proxy" value="true">
    <user_agent probability="80">Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Galeon/1.3.21</user_agent>
    <user_agent probability="20">Mozilla/5.0 (Windows; U; Windows NT 5.2; fr-FR; rv:1.7.8) Gecko/20050511 Firefox/1.0.4</user_agent>
   </option>
  </options>
  <sessions>
    <session name="Example.com test" probability="100" type="ts_http">
      <set_option name="certificate">
        <certificate keyfile="./xyz.key" certfile="xyz.cer"/>
      </set_option>
      <request> <http url="https://www.example.com" method="GET" version="1.1"/> </request>
    </session>
  </sessions>
</tsung>

paulsery avatar May 19 '19 14:05 paulsery

hmm, okay. I'm not familiar with the http_use_server_as_proxy option at all :-( Maybe @nniclausse can take a look?

tisba avatar May 31 '19 14:05 tisba

I've read all the posts and information that I could find about using tsung with a proxy and http_use_server_as_proxy_ appears to be the recommended method. I'll try another one if available.

paulsery avatar May 31 '19 15:05 paulsery