Unanswered question

Code erreur : NL-RUNTIME-01

I have this issue with a https website.

2019/05/14 21:28:48 INFO - neoload.LG_INFO: Starting LoadGenerator Version 6.9.0 ;build=20190307-5
2019/05/14 21:28:48 INFO - neoload.LG_INFO: OS Version: amd64 - Windows 10 - 10.0
2019/05/14 21:28:48 INFO - neoload.LG_INFO: JVM Version: Oracle Corporation - 1.8.0_112 - Java HotSpot(TM) 64-Bit Server VM - Xmx= 3803185152 bytes
2019/05/14 21:28:48 INFO - neoload.LG_INFO: Sockets Tuning information: MaxUserPort registry key not found;TcpTimedWaitDelay registry key not found;
2019/05/14 21:28:48 INFO - neoload.LG_INFO: ALPN boot status: present
2019/05/14 21:28:48 INFO - neoload.LG: Registered to Agent. Port 58450
2019/05/14 21:28:48 INFO - neoload.LG: Launching inbound connection listener on port:58524
2019/05/14 21:28:48 INFO - neoload.LG: Connection established with the Controller localhost:7100:58524
2019/05/14 21:28:48 INFO - neoload.LG_INFO: WAN Emulation: enabled
2019/05/14 21:28:49 INFO - neoload.LG: Connection established with the Controller localhost:7100:58524
2019/05/14 21:28:49 INFO - neoload.LG_INFO: Jetty ThreadPool configuration: MinThread=20; MaxThread=20000; IdleTimeoutMs=10000; QueueSize=6000
2019/05/14 21:28:50 ERROR - neoload.HttpClient: Exception during the send java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:526)
at org.eclipse.jetty.io.NegotiatingClientConnection.fill(NegotiatingClientConnection.java:103)
at org.eclipse.jetty.io.NegotiatingClientConnection.onFillable(NegotiatingClientConnection.java:83)
at com.neotys.neoload.network.httpclient.jetty.alpn.NlALPNClientConnectionFactory$MyALPNClientConnection.onFillable(NlALPNClientConnectionFactory.java:97)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:265)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:197)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:265)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:142)
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:114)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:761)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:272)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:630)
... 14 more
Caused by: java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 4096 is not supported
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:128)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:128)
... 23 more

Bruno J.
Bruno J.

Bruno J.

Level
0
1 / 100
point

Answers

Nouredine A.
Nouredine A.

Nouredine A.

Level
4
5000 / 5000
points
Team

This issue occurs due to a size key of 4096 that is not supported by the current JAVA version of NeoLoad. It is supported starting from 1.8.0_172 and NeoLoad uses the _112 version. But we can't upgrade to that version because of regressions that may be introduced and it won't work as is.

Something that you could try is to force NeoLoad to negotiate a different cipher. I do not know if it will be enough but it's worth a try. This a procedure that you could try:

  1. Stop NeoLoad
  2. Edit <install_dir>\conf\controller.properties file
  3. Go to the [General] section and put that key in comment "https.ciphers.whitelist" by using a # character at the beginning of the line. Then add again on a new line that same option "https.ciphers.whitelist=" without anything after the equal sign.
  4. Save
  5. Start NeoLoad and try again.
Fousseyni B.
Fousseyni B.

Fousseyni B.

Level
2
1014 / 2000
points

Hello Bruno,

Opening a secure connection to a webserver via https requires the use of SSL Certificates with DH-Keys which has a prime size bigger than 2048.
I suggest that you either rearrange ssl's cipher list, or you can use custom DH parameters related to the web server you have in your environement.

Best Regards,
Fousseyni B.