Skip to content

Commit

Permalink
test: change tls tests not to use LOW cipher
Browse files Browse the repository at this point in the history
DES-CBC-SHA is LOW cipher and disabled by default and it is used in
tests of hornorcipherorder. They are changed as to

- use RC4-SHA instead of DES-CBC-SHA.
- add ECDHE-RSA-AES256-SHA to entries to keep the number of ciphers.
- remove tests for non-default cipher because only SEED and IDEA are
available in !RC4:!HIGH:ALL.

Fixes: nodejs/Release#85
PR-URL: nodejs#5712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information
Shigeki Ohtsu committed Mar 15, 2016
1 parent 5141bf4 commit 40cc131
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 21 deletions.
6 changes: 3 additions & 3 deletions deps/openssl/config/opensslconf.h
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,9 @@
# ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
# endif
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
# define OPENSSL_NO_WEAK_SSL_CIPHERS
#endif
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
# define OPENSSL_NO_WEAK_SSL_CIPHERS
# endif
#endif /* OPENSSL_DOING_MAKEDEPEND */

#ifndef OPENSSL_THREADS
Expand Down
22 changes: 11 additions & 11 deletions test/simple/test-tls-honorcipherorder-secureOptions.js
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ function test(honorCipherOrder, clientCipher, expectedCipher, secureOptions, cb)
secureProtocol: SSL_Method,
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
ciphers: 'AES256-SHA:RC4-SHA:DES-CBC-SHA',
ciphers: 'AES256-SHA:RC4-SHA:ECDHE-RSA-AES256-SHA',
secureOptions: secureOptions,
honorCipherOrder: !!honorCipherOrder
};
Expand Down Expand Up @@ -95,37 +95,37 @@ test1();

function test1() {
// Client has the preference of cipher suites by default
test(false, 'DES-CBC-SHA:RC4-SHA:AES256-SHA','DES-CBC-SHA', 0, test2);
test(false, 'RC4-SHA:AES256-SHA:ECDHE-RSA-AES256-SHA','RC4-SHA', 0, test2);
}

function test2() {
// Server has the preference of cipher suites where AES256-SHA is in
// the first.
test(true, 'DES-CBC-SHA:RC4-SHA:AES256-SHA', 'AES256-SHA', 0, test3);
test(true, 'RC4-SHA:AES256-SHA:ECDHE-RSA-AES256-SHA', 'AES256-SHA', 0, test3);
}

function test3() {
// Server has the preference of cipher suites. RC4-SHA is given
// higher priority over DES-CBC-SHA among client cipher suites.
test(true, 'DES-CBC-SHA:RC4-SHA', 'RC4-SHA', 0, test4);
// Server has the preference of cipher suites. AES256-SHA is given
// higher priority over RC4-SHA among client cipher suites.
test(true, 'RC4-SHA:AES256-SHA', 'AES256-SHA', 0, test4);
}

function test4() {
// As client has only one cipher, server has no choice in regardless
// of honorCipherOrder.
test(true, 'DES-CBC-SHA', 'DES-CBC-SHA', 0, test5);
test(true, 'ECDHE-RSA-AES256-SHA', 'ECDHE-RSA-AES256-SHA', 0, test5);
}

function test5() {
test(false,
'DES-CBC-SHA',
'DES-CBC-SHA',
'RC4-SHA',
'RC4-SHA',
process.binding('constants').SSL_OP_SINGLE_DH_USE, test6);
}

function test6() {
test(true,
'DES-CBC-SHA',
'DES-CBC-SHA',
'RC4-SHA',
'RC4-SHA',
process.binding('constants').SSL_OP_SINGLE_DH_USE);
}
14 changes: 7 additions & 7 deletions test/simple/test-tls-honorcipherorder.js
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ function test(honorCipherOrder, clientCipher, expectedCipher, cb) {
secureProtocol: SSL_Method,
key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'),
ciphers: 'AES256-SHA:RC4-SHA:DES-CBC-SHA',
ciphers: 'AES256-SHA:RC4-SHA:ECDHE-RSA-AES256-SHA',
honorCipherOrder: !!honorCipherOrder
};

Expand Down Expand Up @@ -67,23 +67,23 @@ test1();

function test1() {
// Client has the preference of cipher suites by default
test(false, 'DES-CBC-SHA:RC4-SHA:AES256-SHA','DES-CBC-SHA', test2);
test(false, 'RC4-SHA:AES256-SHA:ECDHE-RSA-AES256-SHA','RC4-SHA', test2);
}

function test2() {
// Server has the preference of cipher suites where AES256-SHA is in
// the first.
test(true, 'DES-CBC-SHA:RC4-SHA:AES256-SHA', 'AES256-SHA', test3);
test(true, 'RC4-SHA:AES256-SHA:ECDHE-RSA-AES256-SHA', 'AES256-SHA', test3);
}

function test3() {
// Server has the preference of cipher suites. RC4-SHA is given
// higher priority over DES-CBC-SHA among client cipher suites.
test(true, 'DES-CBC-SHA:RC4-SHA', 'RC4-SHA', test4);
// Server has the preference of cipher suites. AES256-SHA is given
// higher priority over ECDHE-RSA-AES256-SHA among client cipher suites.
test(true, 'RC4-SHA:AES256-SHA', 'AES256-SHA', test4);
}

function test4() {
// As client has only one cipher, server has no choice in regardless
// of honorCipherOrder.
test(true, 'DES-CBC-SHA', 'DES-CBC-SHA');
test(true, 'ECDHE-RSA-AES256-SHA', 'ECDHE-RSA-AES256-SHA');
}

0 comments on commit 40cc131

Please sign in to comment.