Fix JMeter SNI Issue

Fix JMeter SNI Issue

SNI is the acronym for Server Name Indication:

Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.

SNI extension may not work with legacy web-servers who doesn’t support it. Fortunately, SNI extension can be disabled in JMeter. JMeter is a Java program. Java has enabled SNI support in Java 7. The issue is typically displayed in JMeter as an SSLHandshakeException, with message like handshake_failure or handshake alert: unrecognized_name.

JMeter uses HTTPClient to perform Http Requests. HttpClient uses the Java JDK SSL support mechanism. Therefore, disabling SNI support in the Java Virtual Machine will disable SNI in HttpClient.

Disable SNI via JSR223

Put a JSR223 Sampler at the beginning of the Thread group, and set the following script:

System.setProperty("jsse.enableSNIExtension", "false");

It must be defined before any HTTP Sampler, otherwise the setting won’t be taken into account. See JSR223 Samples for more sample JSR223 scripts.

As shown in the screenshot above, the script is placed before any HTTP Sampler. It simply sets the system property.

JMeter JSR223 Disable SNI

Disable SNI via JVM Args

Another way is to export JVM_ARGS before executing JMeter:

export JVM_ARGS="-Djsse.enableSNIExtension=false"

Restart JMeter, and it should take into account the JVM setting. Of course, remember to do the same tweak on every load generator in case you run distributed load tests.

By - CTO.
Tags: Design Http Ssl Http Jsr223