-
Notifications
You must be signed in to change notification settings - Fork 635
/
test_ssl_dhparam.rb
81 lines (58 loc) · 2.42 KB
/
test_ssl_dhparam.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# frozen_string_literal: true
require_relative 'em_test_helper'
class TestSSLDhParam < Test::Unit::TestCase
require_relative 'em_ssl_handlers'
include EMSSLHandlers
DH_PARAM_FILE = File.join(__dir__, 'dhparam.pem')
DH_1_2 = { cipher_list: "DHE,EDH", ssl_version: %w(TLSv1_2) }
CLIENT_1_2 = { client_unbind: true, ssl_version: %w(TLSv1_2) }
def test_dhparam_1_2_auto
omit_if(EM.library_type == :pure_ruby) # DH will work with defaults
omit_if(rbx?)
client_server client: CLIENT_1_2, server: DH_1_2
if EMSSLHandlers::IS_SSL_GE_1_1
assert Client.handshake_completed?
assert Server.handshake_completed?
else
refute Client.handshake_completed?
refute Server.handshake_completed?
end
end
def test_dhparam_1_2_supplied
omit_if(rbx?)
client_server client: CLIENT_1_2, server: DH_1_2.merge(dhparam: DH_PARAM_FILE)
assert Client.handshake_completed?
assert Server.handshake_completed?
assert Client.cipher_name.length > 0
assert_equal Client.cipher_name, Server.cipher_name
assert_match(/^(DHE|EDH)/, Client.cipher_name)
end
def test_dhparam_1_3_supplied
omit_if(rbx?)
omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
client = { client_unbind: true, ssl_version: %w(TLSv1_3) }
server = { dhparam: DH_PARAM_FILE, cipher_list: "DHE,EDH", ssl_version: %w(TLSv1_3) }
client_server client: client, server: server
assert Client.handshake_completed?
assert Server.handshake_completed?
assert Client.cipher_name.length > 0
assert_equal Client.cipher_name, Server.cipher_name
# see https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
# may depend on OpenSSL build options
assert_equal "TLS_AES_256_GCM_SHA384", Client.cipher_name
end
def test_dhparam_1_3_auto
omit_if(rbx?)
omit("TLSv1_3 is unavailable") unless EM.const_defined? :EM_PROTO_TLSv1_3
client = { client_unbind: true, ssl_version: %w(TLSv1_3) }
server = { cipher_list: "DHE,EDH", ssl_version: %w(TLSv1_3) }
client_server client: client, server: server
assert Client.handshake_completed?
assert Server.handshake_completed?
assert Client.cipher_name.length > 0
assert_equal Client.cipher_name, Server.cipher_name
# see https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
# may depend on OpenSSL build options
assert_equal "TLS_AES_256_GCM_SHA384", Client.cipher_name
end
end if EM.ssl?