1'use strict'; 2const common = require('../common'); 3 4// This test ensures that ecdhCurve option of TLS server supports colon 5// separated ECDH curve names as value. 6 7if (!common.hasCrypto) 8 common.skip('missing crypto'); 9 10if (!common.opensslCli) 11 common.skip('missing openssl-cli'); 12 13const assert = require('assert'); 14const tls = require('tls'); 15const spawn = require('child_process').spawn; 16const fixtures = require('../common/fixtures'); 17 18function loadPEM(n) { 19 return fixtures.readKey(`${n}.pem`); 20} 21 22const options = { 23 key: loadPEM('agent2-key'), 24 cert: loadPEM('agent2-cert'), 25 ciphers: '-ALL:ECDHE-RSA-AES128-SHA256', 26 ecdhCurve: 'secp256k1:prime256v1:secp521r1' 27}; 28 29const reply = 'I AM THE WALRUS'; // Something recognizable 30 31const server = tls.createServer(options, function(conn) { 32 conn.end(reply); 33}); 34 35let gotReply = false; 36 37server.listen(0, function() { 38 const args = ['s_client', 39 '-cipher', `${options.ciphers}`, 40 '-connect', `127.0.0.1:${this.address().port}`]; 41 42 const client = spawn(common.opensslCli, args); 43 44 client.stdout.on('data', function(data) { 45 const message = data.toString(); 46 if (message.includes(reply)) 47 gotReply = true; 48 }); 49 50 client.on('exit', function(code) { 51 assert.strictEqual(code, 0); 52 server.close(); 53 }); 54 55 client.on('error', assert.ifError); 56}); 57 58process.on('exit', function() { 59 assert.ok(gotReply); 60 61 // Some of unsupported curves 62 const unsupportedCurves = [ 63 'wap-wsg-idm-ecid-wtls1', 64 'c2pnb163v1', 65 'prime192v3', 66 ]; 67 68 // Brainpool is not supported in FIPS mode 69 if (common.hasFipsCrypto) 70 unsupportedCurves.push('brainpoolP256r1'); 71 72 unsupportedCurves.forEach((ecdhCurve) => { 73 assert.throws(() => tls.createServer({ ecdhCurve }), 74 /Error: Failed to set ECDH curve/); 75 }); 76}); 77