mirror of https://github.com/lukechilds/node.git
Shigeki Ohtsu
13 years ago
committed by
Ben Noordhuis
1 changed files with 86 additions and 0 deletions
@ -0,0 +1,86 @@ |
|||
// Copyright Joyent, Inc. and other Node contributors.
|
|||
//
|
|||
// Permission is hereby granted, free of charge, to any person obtaining a
|
|||
// copy of this software and associated documentation files (the
|
|||
// "Software"), to deal in the Software without restriction, including
|
|||
// without limitation the rights to use, copy, modify, merge, publish,
|
|||
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
|||
// persons to whom the Software is furnished to do so, subject to the
|
|||
// following conditions:
|
|||
//
|
|||
// The above copyright notice and this permission notice shall be included
|
|||
// in all copies or substantial portions of the Software.
|
|||
//
|
|||
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|||
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|||
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
|||
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
|||
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|||
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|||
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
|
|||
var common = require('../common'); |
|||
var assert = require('assert'); |
|||
var tls = require('tls'); |
|||
var fs = require('fs'); |
|||
var nconns = 0; |
|||
// test only in TLSv1 to use DES which is no longer supported TLSv1.2
|
|||
// to be safe when the default method is updated in the future
|
|||
var SSL_Method = 'TLSv1_method'; |
|||
var localhost = '127.0.0.1'; |
|||
|
|||
process.on('exit', function() { |
|||
assert.equal(nconns, 4); |
|||
}); |
|||
|
|||
function test(honorCipherOrder, clientCipher, expectedCipher, cb) { |
|||
var soptions = { |
|||
secureProtocol: SSL_Method, |
|||
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'), |
|||
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'), |
|||
ciphers: 'AES256-SHA:RC4-SHA:DES-CBC-SHA', |
|||
honorCipherOrder: !!honorCipherOrder |
|||
}; |
|||
|
|||
var server = tls.createServer(soptions, function(cleartextStream) { |
|||
nconns++; |
|||
}); |
|||
server.listen(common.PORT, localhost, function() { |
|||
var coptions = {secureProtocol: SSL_Method}; |
|||
if (clientCipher) { |
|||
coptions.ciphers = clientCipher; |
|||
} |
|||
var client = tls.connect(common.PORT, localhost, coptions, function() { |
|||
var cipher = client.getCipher(); |
|||
client.end(); |
|||
server.close(); |
|||
assert.equal(cipher.name, expectedCipher); |
|||
if (cb) cb(); |
|||
}); |
|||
}); |
|||
} |
|||
|
|||
test1(); |
|||
|
|||
function test1() { |
|||
// Client has the preference of cipher suites by default
|
|||
test(false, 'DES-CBC-SHA:RC4-SHA:AES256-SHA','DES-CBC-SHA', test2); |
|||
} |
|||
|
|||
function test2() { |
|||
// Server has the preference of cipher suites where AES256-SHA is in
|
|||
// the first.
|
|||
test(true, 'DES-CBC-SHA:RC4-SHA:AES256-SHA', 'AES256-SHA', test3); |
|||
} |
|||
|
|||
function test3() { |
|||
// Server has the preference of cipher suites. RC4-SHA is given
|
|||
// higher priority over DES-CBC-SHA among client cipher suites.
|
|||
test(true, 'DES-CBC-SHA:RC4-SHA', 'RC4-SHA', test4); |
|||
} |
|||
|
|||
function test4() { |
|||
// As client has only one cipher, server has no choice in regardless
|
|||
// of honorCipherOrder.
|
|||
test(true, 'DES-CBC-SHA', 'DES-CBC-SHA'); |
|||
} |
Loading…
Reference in new issue