diff options
author | Ingela Anderton Andin <[email protected]> | 2014-04-22 09:21:24 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2014-04-22 09:21:24 +0200 |
commit | 2b5f4b793f9ee8a8176429dea86e0a6b4915dcf9 (patch) | |
tree | e498b8bc745f582ee0546503e44a5c2b5e7beb64 /lib/ssl/test | |
parent | 5e97d7cdb359b500fa0268679b343f0258707f28 (diff) | |
parent | 7f0e683bc483b70f05fa806539bd5c540943dfd0 (diff) | |
download | otp-2b5f4b793f9ee8a8176429dea86e0a6b4915dcf9.tar.gz otp-2b5f4b793f9ee8a8176429dea86e0a6b4915dcf9.tar.bz2 otp-2b5f4b793f9ee8a8176429dea86e0a6b4915dcf9.zip |
Merge branch 'ia/ssl/suites-match-negotiated-version/OTP-11875' into maint
* ia/ssl/suites-match-negotiated-version/OTP-11875:
ssl: Select supported cipher suites for the negotiated SSL/TLS-version
Diffstat (limited to 'lib/ssl/test')
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 8e3d2e4b80..a8fbb144c4 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -115,7 +115,8 @@ options_tests() -> reuseaddr, tcp_reuseaddr, honor_server_cipher_order, - honor_client_cipher_order + honor_client_cipher_order, + ciphersuite_vs_version ]. api_tests() -> @@ -2559,6 +2560,38 @@ honor_cipher_order(Config, Honor, ServerCiphers, ClientCiphers, Expected) -> ssl_test_lib:close(Client). %%-------------------------------------------------------------------- +ciphersuite_vs_version(Config) when is_list(Config) -> + + {_ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + ServerOpts = ?config(server_opts, Config), + + Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, + {from, self()}, + {options, ServerOpts}]), + Port = ssl_test_lib:inet_port(Server), + + {ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {active, false}]), + ok = gen_tcp:send(Socket, + <<22, 3,0, 49:16, % handshake, SSL 3.0, length + 1, 45:24, % client_hello, length + 3,0, % SSL 3.0 + 16#deadbeef:256, % 32 'random' bytes = 256 bits + 0, % no session ID + %% three cipher suites -- null, one with sha256 hash and one with sha hash + 6:16, 0,255, 0,61, 0,57, + 1, 0 % no compression + >>), + {ok, <<22, RecMajor:8, RecMinor:8, _RecLen:16, 2, HelloLen:24>>} = gen_tcp:recv(Socket, 9, 10000), + {ok, <<HelloBin:HelloLen/binary>>} = gen_tcp:recv(Socket, HelloLen, 5000), + ServerHello = tls_handshake:decode_handshake({RecMajor, RecMinor}, 2, HelloBin), + case ServerHello of + #server_hello{server_version = {3,0}, cipher_suite = <<0,57>>} -> + ok; + _ -> + ct:fail({unexpected_server_hello, ServerHello}) + end. + +%%-------------------------------------------------------------------- hibernate() -> [{doc,"Check that an SSL connection that is started with option " |