1'use strict'; 2const common = require('../common'); 3if (!common.hasCrypto) 4 common.skip('missing crypto'); 5const fixtures = require('../common/fixtures'); 6 7const assert = require('assert'); 8const tls = require('tls'); 9 10const key = fixtures.readKey('agent2-key.pem'); 11const cert = fixtures.readKey('agent2-cert.pem'); 12 13// TODO(@sam-github) test works with TLS1.3, rework test to add 14// 'ECDH' with 'TLS_AES_128_GCM_SHA256', 15 16function loadDHParam(n) { 17 return fixtures.readKey(`dh${n}.pem`); 18} 19 20function test(size, type, name, cipher) { 21 assert(cipher); 22 23 const options = { 24 key: key, 25 cert: cert, 26 ciphers: cipher 27 }; 28 29 if (name) options.ecdhCurve = name; 30 31 if (type === 'DH') options.dhparam = loadDHParam(size); 32 33 const server = tls.createServer(options, common.mustCall((conn) => { 34 assert.strictEqual(conn.getEphemeralKeyInfo(), null); 35 conn.end(); 36 })); 37 38 server.on('close', common.mustCall((err) => { 39 assert.ifError(err); 40 })); 41 42 server.listen(0, '127.0.0.1', common.mustCall(() => { 43 const client = tls.connect({ 44 port: server.address().port, 45 rejectUnauthorized: false 46 }, common.mustCall(function() { 47 const ekeyinfo = client.getEphemeralKeyInfo(); 48 assert.strictEqual(ekeyinfo.type, type); 49 assert.strictEqual(ekeyinfo.size, size); 50 assert.strictEqual(ekeyinfo.name, name); 51 server.close(); 52 })); 53 client.on('secureConnect', common.mustCall()); 54 })); 55} 56 57test(undefined, undefined, undefined, 'AES128-SHA256'); 58test(1024, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); 59test(2048, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); 60test(256, 'ECDH', 'prime256v1', 'ECDHE-RSA-AES128-GCM-SHA256'); 61test(521, 'ECDH', 'secp521r1', 'ECDHE-RSA-AES128-GCM-SHA256'); 62test(253, 'ECDH', 'X25519', 'ECDHE-RSA-AES128-GCM-SHA256'); 63test(448, 'ECDH', 'X448', 'ECDHE-RSA-AES128-GCM-SHA256'); 64