Question & Answer
How do you enable strong encryption with key lengths greater than 128 bit in IBM Rational Performance Tester (RPT)?
During recording with Rational Performance Tester, the browser is unable to connect to a secure (HTTPS) site which requires a cipher suite with strong (greater than 128 bit) encryption.
Alternatively, when playing back a test in Rational Performance Tester, you might get a message similar to the following.
A connect exception occurred during a socket I/O connect to web-server '<server name>' attempting to retrieve URI '/'. Explanation message: 'java.lang.IllegalArgumentException: Cannot support SSL_RSA_WITH_AES_256_CBC_SHA with currently installed providers'.
By default, IBM Rational Performance Tester does not support strong encryption for recording or playback because of the policy files that are associated with its Java Runtime Environment (JRE).
To enable strong encryption in Rational Performance Test, you need to install certain Java policy files with the following steps.
- Open the Unrestricted SDK JCE policy files page.
You can enter this page after you type your ibm.com credentials.
- Select the following offering. Then, click Continue.
Java 5.0 SR16, Java 6 SR13, Java 6 SR5 (J9 VM2.6), Java 7 SR4, Java 8 GA, and all later releases
- Review your contact information and the license.
- Select I agree; then, click I confirm if you agree with the license.
- Click the Download now link to download the unrestricted.zip file.
- Extract the local_policy.jar and US_export_policy.jar files from the unrestricted.zip archive.
- Place those two files in the <Install_Directory>\jdk\jre\lib\security directory. Replace the existing files with the same names.
For a default Rational Performance Tester installation, the directory would be:
- If the IBM Rational Agent Controller is installed on the workbench, place those two files in the IBM Rational Agent Controller's JRE environment.
- If the Data Collection Infrastructure is installed on the workbench, check if it contains its own JRE in DCI\jre. If so, copy the local_policy.jar and US_export_policy.jar files to DCI\jre\lib\security.
- If the Load Generation agent is installed on the workbench, check if it contains its own JRE in Majordomo\jdk\jre. If so, copy the local_policy.jar and US_export_policy.jar files to Majordomo\jdk\jre\lib\security. Then, restart the MajordomoService service.
- Update the policy files on each IBM Rational Performance Tester Agent. On the agent the files will potentially be located in C:\Program Files\IBM\SDP\Majordomo\jdk\jre\lib\security, C:\Program Files\IBM\SDP\DCI\jre\lib\security, or C:\Program Files\IBM\SDP\AgentController\jdk\jre\lib\security.
The next Rational Performance Tester test will use the new policy files and be able to handle 256-bit ciphers.
- Due to US Export Laws, Rational Performance Tester does not supply policy files that enable strong encryption.
- The policy files work properly also with all supported releases of Rational Performance Tester 8 and 9.
16 June 2018