• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1'use strict';
2const common = require('../common');
3if (!common.hasCrypto)
4  common.skip('missing crypto');
5
6const fixtures = require('../common/fixtures');
7const { inspect } = require('util');
8
9// Test cipher: option for TLS.
10
11const {
12  assert, connect, keys
13} = require(fixtures.path('tls-connect'));
14
15
16function test(cciphers, sciphers, cipher, cerr, serr) {
17  assert(cipher || cerr || serr, 'test missing any expectations');
18  const where = inspect(new Error()).split('\n')[2].replace(/[^(]*/, '');
19  connect({
20    client: {
21      checkServerIdentity: (servername, cert) => { },
22      ca: `${keys.agent1.cert}\n${keys.agent6.ca}`,
23      ciphers: cciphers,
24    },
25    server: {
26      cert: keys.agent6.cert,
27      key: keys.agent6.key,
28      ciphers: sciphers,
29    },
30  }, common.mustCall((err, pair, cleanup) => {
31    function u(_) { return _ === undefined ? 'U' : _; }
32    console.log('test:', u(cciphers), u(sciphers),
33                'expect', u(cipher), u(cerr), u(serr));
34    console.log('  ', where);
35    if (!cipher) {
36      console.log('client', pair.client.err ? pair.client.err.code : undefined);
37      console.log('server', pair.server.err ? pair.server.err.code : undefined);
38      if (cerr) {
39        assert(pair.client.err);
40        assert.strictEqual(pair.client.err.code, cerr);
41      }
42      if (serr) {
43        assert(pair.server.err);
44        assert.strictEqual(pair.server.err.code, serr);
45      }
46      return cleanup();
47    }
48
49    const reply = 'So long and thanks for all the fish.';
50
51    assert.ifError(err);
52    assert.ifError(pair.server.err);
53    assert.ifError(pair.client.err);
54    assert(pair.server.conn);
55    assert(pair.client.conn);
56    assert.strictEqual(pair.client.conn.getCipher().name, cipher);
57    assert.strictEqual(pair.server.conn.getCipher().name, cipher);
58
59    pair.server.conn.write(reply);
60
61    pair.client.conn.on('data', common.mustCall((data) => {
62      assert.strictEqual(data.toString(), reply);
63      return cleanup();
64    }));
65  }));
66}
67
68const U = undefined;
69
70// Have shared ciphers.
71test(U, 'AES256-SHA', 'AES256-SHA');
72test('AES256-SHA', U, 'AES256-SHA');
73
74test(U, 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
75test('TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
76
77// Do not have shared ciphers.
78test('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256',
79     U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
80
81test('AES128-SHA', 'AES256-SHA', U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
82test('AES128-SHA:TLS_AES_256_GCM_SHA384',
83     'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA',
84     U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
85
86// Cipher order ignored, TLS1.3 chosen before TLS1.2.
87test('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384');
88test(U, 'AES256-SHA:TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
89
90// TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by
91// default, but work.
92test('TLS_AES_128_CCM_8_SHA256', U,
93     U, 'ECONNRESET', 'ERR_SSL_NO_SHARED_CIPHER');
94
95test('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256',
96     'TLS_AES_128_CCM_8_SHA256');
97
98// Invalid cipher values
99test(9, 'AES256-SHA', U, 'ERR_INVALID_ARG_TYPE', U);
100test('AES256-SHA', 9, U, U, 'ERR_INVALID_ARG_TYPE');
101test(':', 'AES256-SHA', U, 'ERR_INVALID_OPT_VALUE', U);
102test('AES256-SHA', ':', U, U, 'ERR_INVALID_OPT_VALUE');
103
104// Using '' is synonymous for "use default ciphers"
105test('TLS_AES_256_GCM_SHA384', '', 'TLS_AES_256_GCM_SHA384');
106test('', 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384');
107