How to find the SSL Version and Cipher type used by a secure website

In order to find the SSL cipher being used by a particular HTTPS website, follow the steps specified below:

1. Launch a DOS Prompt.

2. Browse to the LoadRunner\bin folder.

3. Type in openssl and press ENTER. After this you would notice the prompt change toOPENSSL>.

4. Type in the following command

OPENSSL>s_client -connect http://www.<yourwebsite>.com:443

The above statement will make the initial SSL handshake and the display output after the handshake is completed. The information will look as follows:

—

New, TLSv1/SSLv3, Cipher is RC4-MD5

Server public key is 1024 bit

SSL-Session:

Protocol : TLSv1

Cipher : RC4-MD5

This indicates that the SSL Version is 3 and the SSL Cipher being used is “RC4-MD5.”

The SSL version and Cipher type can be set in Vuser script using the web_set_sockets_options() function.



labels : attempting to reuse saved session, HP LoadRunner, HTTPS application script replay failed, limit the max number

WorkArounds for "shut connection during attempt to negotiate SSL session "

1. This error might be caused due to an SSL session being reused. Information from previous handshakes is incorrectly put into the failing SSL handshake. To resolve this issue, you can reduce the amount of connections simultaneously opened to a Web server by using the following statement at the very beginning of the script:

web_set_sockets_option("MAX_connectionS_PER_HOST","1"); 

Try out other arguments of "web_set_sockets_option" such as - 

SSL_CIPHER_LIST

A list of colon–delimited SSL ciphers to use for SSL connections. The supported ciphers are "RSA–DES–CBC3–SHA", "EDH–DSS–DES–CBC3–SHA", "DES–CBC3–SHA", "DES–CBC3–MD5", "DHE–DSS–RC4–SHA", "IDEA–CBC–SHA", "RC4–SHA", "RC4–MD5", "IDEA–CBC–MD5", "RC2–CBC–MD5", "RC4–MD5", "RC4–64–MD5", "EXP1024–DHE–DSS–RC4–SHA", "EXP1024–RC4–SHA", "EXP1024–DHE–DSS–DES–CBC–SHA", "EXP1024–DES–CBC–SHA", "EXP1024–RC2–CBC–MD5", "EXP1024–RC4–MD5", "EDH–RSA–DES–CBC–SHA", "EDH–DSS–DES–CBC–SHA", "DES–CBC–SHA", "DES–CBC–MD5", "EXP–EDH–RSA–DES–CBC–SHA", "EXP–EDH–DSS–DES–CBC–SHA", "EXP–DES–CBC–SHA", "EXP–RC2–CBC–MD5", "EXP–RC4–MD5", "EXP–RC2–CBC–MD5", "EXP–RC4–MD5"

web_set_sockets_option("SSL_CIPHER_LIST","RC4–SHA"); (this one worked for me). 

2. Try to check winInet option under preferences tab... This may help!!!! - this might show you more response time.(this one worked for me, but did not use it as it was showing higher response time)

3. use web_set_socket_option("SSL-VERSION","TLS"); you can try other SSl versions as well- replace TLS with

"3" - denoting ssl 3.0 version

"2" - denoting ssl 2.0 version

4. can try this as well - web_set_socket_option("CLOSE_KEEPALIVE_CONNECTIONS","TRUE");





labels : attempting to reuse saved session, HP LoadRunner, HTTPS application script replay failed, limit the max number