From e7792e5d46dc3c1e25915266d671070c945f1968 Mon Sep 17 00:00:00 2001 From: Shigeki Ohtsu Date: Sun, 25 Mar 2012 14:28:39 +0900 Subject: [PATCH] test: add test of tls.createServer(honorCipherOrder=true) --- test/simple/test-tls-honorcipherorder.js | 86 ++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 test/simple/test-tls-honorcipherorder.js diff --git a/test/simple/test-tls-honorcipherorder.js b/test/simple/test-tls-honorcipherorder.js new file mode 100644 index 0000000000..cc2584390a --- /dev/null +++ b/test/simple/test-tls-honorcipherorder.js @@ -0,0 +1,86 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +var common = require('../common'); +var assert = require('assert'); +var tls = require('tls'); +var fs = require('fs'); +var nconns = 0; +// test only in TLSv1 to use DES which is no longer supported TLSv1.2 +// to be safe when the default method is updated in the future +var SSL_Method = 'TLSv1_method'; +var localhost = '127.0.0.1'; + +process.on('exit', function() { + assert.equal(nconns, 4); +}); + +function test(honorCipherOrder, clientCipher, expectedCipher, cb) { + var soptions = { + secureProtocol: SSL_Method, + key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), + cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), + ciphers: 'AES256-SHA:RC4-SHA:DES-CBC-SHA', + honorCipherOrder: !!honorCipherOrder + }; + + var server = tls.createServer(soptions, function(cleartextStream) { + nconns++; + }); + server.listen(common.PORT, localhost, function() { + var coptions = {secureProtocol: SSL_Method}; + if (clientCipher) { + coptions.ciphers = clientCipher; + } + var client = tls.connect(common.PORT, localhost, coptions, function() { + var cipher = client.getCipher(); + client.end(); + server.close(); + assert.equal(cipher.name, expectedCipher); + if (cb) cb(); + }); + }); +} + +test1(); + +function test1() { + // Client has the preference of cipher suites by default + test(false, 'DES-CBC-SHA:RC4-SHA:AES256-SHA','DES-CBC-SHA', test2); +} + +function test2() { + // Server has the preference of cipher suites where AES256-SHA is in + // the first. + test(true, 'DES-CBC-SHA:RC4-SHA:AES256-SHA', 'AES256-SHA', test3); +} + +function test3() { + // Server has the preference of cipher suites. RC4-SHA is given + // higher priority over DES-CBC-SHA among client cipher suites. + test(true, 'DES-CBC-SHA:RC4-SHA', 'RC4-SHA', test4); +} + +function test4() { + // As client has only one cipher, server has no choice in regardless + // of honorCipherOrder. + test(true, 'DES-CBC-SHA', 'DES-CBC-SHA'); +}