Highlighted
Respected Contributor.
Respected Contributor.
1014 views

Setting SSL_CIPHER_LIST globally?

All,

We're using PC 12.20 and VuGen 12.01.

By default VuGen and PC send different cipher lists to the server.  Unfortunately PC's default list sticks us with some slow ciphers that noticeably impact performance and that are not the ciphers the app's production clients use.  I know I can use web_set_sockets_option() to set the list on a case-by-case basis, but I'd rather not have to change every single script.  Is there a way to set the default cipher list in PC?

thanks

john

Tags (1)
0 Likes
3 Replies
Highlighted
Honored Contributor.
Honored Contributor.

Re: Setting SSL_CIPHER_LIST globally?

Hi,

You can controll the ciphers using web_set_sockets_option as you mentioned.
There is no way to change the default cipher list.

Note that the differneces you are seeing between the default ciphers arise from the fact you are using differenet versions of Vugen and PC which is not recommanded.

Regards,
Eyal

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Re: Setting SSL_CIPHER_LIST globally?

Hi John,

Actually we are generally use web_set_sockets_option("SSL_VERSION", "TLS"); this we can setup Runtime settings ,Preferences of General Tab, But there is no default set up for SSL_CIPHER_LIST in the LoadRunner which inturn uses the same runtime settings while execution in PC.

 Recently we got issue when our performance testing environment is migrated from TLS1.1 to TLS1.2 we got environment issue our scripts got failed. But when we use the below combination of headers we got raid of issue successfully.

web_set_sockets_option("SSL_VERSION", "TLS1.2");

web_set_sockets_option("SSL_CIPHER_LIST", "ALL");

Also here all the corresponding third party servers and every request paasing should migrate to TLS1.2 then only above combination works if any mismatch it not work.

This might help you to for some extend .

Thanks and Regards,

Surya Kosuri

 

Highlighted
Respected Contributor.
Respected Contributor.

Re: Setting SSL_CIPHER_LIST globally?

Hi John,

Generally we use web_set_sockets_option("SSL_VERSION", "TLS1"); for most of the scripts of Vugen any Cipher will be handled case by case , as we have runtime settings options preferences and general tab we can set the required SSL version as per the requirement. But the Ciphers we cannot set in the runtime settings of the loadrunner in which PC uses the same runtime settings.

   

 But once we got the environment issue there the performance testing environment is migrated to TLS1.2 , So we have used the below combination of headers to solve the issue.

web_set_sockets_option("SSL_VERSION", "TLS1.2"); , web_set_sockets_option("SSL_CIPHER_LIST", "ALL");

Note: Here all the servers including third party servers using in the application should be properly migrate to TLS1.2 then only it works otherwise it will show error.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.