1'use strict'; 2const common = require('../common'); 3if (!common.hasCrypto) 4 common.skip('missing crypto'); 5const fixtures = require('../common/fixtures'); 6 7const assert = require('assert'); 8const tls = require('tls'); 9 10const key = fixtures.readKey('agent2-key.pem'); 11const cert = fixtures.readKey('agent2-cert.pem'); 12 13// TODO(@sam-github) test works with TLS1.3, rework test to add 14// 'ECDH' with 'TLS_AES_128_GCM_SHA256', 15 16function loadDHParam(n) { 17 return fixtures.readKey(`dh${n}.pem`); 18} 19 20function test(size, type, name, cipher) { 21 assert(cipher); 22 23 const options = { 24 key: key, 25 cert: cert, 26 ciphers: cipher 27 }; 28 29 if (name) options.ecdhCurve = name; 30 31 if (type === 'DH') options.dhparam = loadDHParam(size); 32 33 const server = tls.createServer(options, common.mustCall((conn) => { 34 assert.strictEqual(conn.getEphemeralKeyInfo(), null); 35 conn.end(); 36 })); 37 38 server.on('close', common.mustSucceed()); 39 40 server.listen(0, '127.0.0.1', common.mustCall(() => { 41 const client = tls.connect({ 42 port: server.address().port, 43 rejectUnauthorized: false 44 }, common.mustCall(function() { 45 const ekeyinfo = client.getEphemeralKeyInfo(); 46 assert.strictEqual(ekeyinfo.type, type); 47 assert.strictEqual(ekeyinfo.size, size); 48 assert.strictEqual(ekeyinfo.name, name); 49 server.close(); 50 })); 51 client.on('secureConnect', common.mustCall()); 52 })); 53} 54 55test(undefined, undefined, undefined, 'AES128-SHA256'); 56test(1024, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); 57test(2048, 'DH', undefined, 'DHE-RSA-AES128-GCM-SHA256'); 58test(256, 'ECDH', 'prime256v1', 'ECDHE-RSA-AES128-GCM-SHA256'); 59test(521, 'ECDH', 'secp521r1', 'ECDHE-RSA-AES128-GCM-SHA256'); 60test(253, 'ECDH', 'X25519', 'ECDHE-RSA-AES128-GCM-SHA256'); 61test(448, 'ECDH', 'X448', 'ECDHE-RSA-AES128-GCM-SHA256'); 62