lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

test: change tls tests not to use LOW cipher 

DES-CBC-SHA is LOW cipher and disabled by default and it is used in
tests of hornorcipherorder. They are changed as to

- use RC4-SHA instead of DES-CBC-SHA.
- add AES128-SHA to entries to keep the number of ciphers.
- remove tests for non-default cipher because only SEED and IDEA are
available in !RC4:!HIGH:ALL.

Fixes: https://github.com/nodejs/LTS/issues/85
PR-URL: https://github.com/nodejs/node/pull/5712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v0.10
Shigeki Ohtsu 9 years ago
parent
0847954331
commit
6bb86e727a
3 changed files with 21 additions and 21 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      deps/openssl/config/opensslconf.h
  2. 22
      test/simple/test-tls-honorcipherorder-secureOptions.js
  3. 14
      test/simple/test-tls-honorcipherorder.js

4
deps/openssl/config/opensslconf.h
View File

@ -44,9 +44,9 @@
# ifndef OPENSSL_NO_STORE # ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE # define OPENSSL_NO_STORE
# endif # endif
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
# define OPENSSL_NO_WEAK_SSL_CIPHERS # define OPENSSL_NO_WEAK_SSL_CIPHERS
#endif # endif
#endif /* OPENSSL_DOING_MAKEDEPEND */ #endif /* OPENSSL_DOING_MAKEDEPEND */
#ifndef OPENSSL_THREADS #ifndef OPENSSL_THREADS

22
test/simple/test-tls-honorcipherorder-secureOptions.js
View File

@ -49,7 +49,7 @@ function test(honorCipherOrder, clientCipher, expectedCipher, secureOptions, cb)
secureProtocol: SSL_Method, secureProtocol: SSL_Method,
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
ciphers: 'AES256-SHA:RC4-SHA:DES-CBC-SHA', ciphers: 'AES256-SHA:RC4-SHA:AES128-SHA',
secureOptions: secureOptions, secureOptions: secureOptions,
honorCipherOrder: !!honorCipherOrder honorCipherOrder: !!honorCipherOrder
}; };
@ -95,37 +95,37 @@ test1();
function test1() { function test1() {
// Client has the preference of cipher suites by default // Client has the preference of cipher suites by default
test(false, 'DES-CBC-SHA:RC4-SHA:AES256-SHA','DES-CBC-SHA', 0, test2); test(false, 'RC4-SHA:AES256-SHA:AES128-SHA','RC4-SHA', 0, test2);
} }
function test2() { function test2() {
// Server has the preference of cipher suites where AES256-SHA is in // Server has the preference of cipher suites where AES256-SHA is in
// the first. // the first.
test(true, 'DES-CBC-SHA:RC4-SHA:AES256-SHA', 'AES256-SHA', 0, test3); test(true, 'RC4-SHA:AES256-SHA:AES128-SHA', 'AES256-SHA', 0, test3);
} }
function test3() { function test3() {
// Server has the preference of cipher suites. RC4-SHA is given // Server has the preference of cipher suites. AES256-SHA is given
// higher priority over DES-CBC-SHA among client cipher suites. // higher priority over RC4-SHA among client cipher suites.
test(true, 'DES-CBC-SHA:RC4-SHA', 'RC4-SHA', 0, test4); test(true, 'RC4-SHA:AES256-SHA', 'AES256-SHA', 0, test4);
} }
function test4() { function test4() {
// As client has only one cipher, server has no choice in regardless // As client has only one cipher, server has no choice in regardless
// of honorCipherOrder. // of honorCipherOrder.
test(true, 'DES-CBC-SHA', 'DES-CBC-SHA', 0, test5); test(true, 'AES128-SHA', 'AES128-SHA', 0, test5);
} }
function test5() { function test5() {
test(false, test(false,
'DES-CBC-SHA', 'RC4-SHA',
'DES-CBC-SHA', 'RC4-SHA',
process.binding('constants').SSL_OP_SINGLE_DH_USE, test6); process.binding('constants').SSL_OP_SINGLE_DH_USE, test6);
} }
function test6() { function test6() {
test(true, test(true,
'DES-CBC-SHA', 'RC4-SHA',
'DES-CBC-SHA', 'RC4-SHA',
process.binding('constants').SSL_OP_SINGLE_DH_USE); process.binding('constants').SSL_OP_SINGLE_DH_USE);
} }

14
test/simple/test-tls-honorcipherorder.js
View File

@ -38,7 +38,7 @@ function test(honorCipherOrder, clientCipher, expectedCipher, cb) {
secureProtocol: SSL_Method, secureProtocol: SSL_Method,
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
ciphers: 'AES256-SHA:RC4-SHA:DES-CBC-SHA', ciphers: 'AES256-SHA:RC4-SHA:AES128-SHA',
honorCipherOrder: !!honorCipherOrder honorCipherOrder: !!honorCipherOrder
}; };
@ -67,23 +67,23 @@ test1();
function test1() { function test1() {
// Client has the preference of cipher suites by default // Client has the preference of cipher suites by default
test(false, 'DES-CBC-SHA:RC4-SHA:AES256-SHA','DES-CBC-SHA', test2); test(false, 'RC4-SHA:AES256-SHA:AES128-SHA','RC4-SHA', test2);
} }
function test2() { function test2() {
// Server has the preference of cipher suites where AES256-SHA is in // Server has the preference of cipher suites where AES256-SHA is in
// the first. // the first.
test(true, 'DES-CBC-SHA:RC4-SHA:AES256-SHA', 'AES256-SHA', test3); test(true, 'RC4-SHA:AES256-SHA:AES128-SHA', 'AES256-SHA', test3);
} }
function test3() { function test3() {
// Server has the preference of cipher suites. RC4-SHA is given // Server has the preference of cipher suites. AES256-SHA is given
// higher priority over DES-CBC-SHA among client cipher suites. // higher priority over AES128-SHA among client cipher suites.
test(true, 'DES-CBC-SHA:RC4-SHA', 'RC4-SHA', test4); test(true, 'RC4-SHA:AES256-SHA', 'AES256-SHA', test4);
} }
function test4() { function test4() {
// As client has only one cipher, server has no choice in regardless // As client has only one cipher, server has no choice in regardless
// of honorCipherOrder. // of honorCipherOrder.
test(true, 'DES-CBC-SHA', 'DES-CBC-SHA'); test(true, 'AES128-SHA', 'AES128-SHA');
} }

Write Preview
Loading…
Cancel
Save