| // Flags: --no-warnings |
| // Copyright Joyent, Inc. and other Node contributors. |
| // |
| // Permission is hereby granted, free of charge, to any person obtaining a |
| // copy of this software and associated documentation files (the |
| // "Software"), to deal in the Software without restriction, including |
| // without limitation the rights to use, copy, modify, merge, publish, |
| // distribute, sublicense, and/or sell copies of the Software, and to permit |
| // persons to whom the Software is furnished to do so, subject to the |
| // following conditions: |
| // |
| // The above copyright notice and this permission notice shall be included |
| // in all copies or substantial portions of the Software. |
| // |
| // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
| // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN |
| // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, |
| // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR |
| // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE |
| // USE OR OTHER DEALINGS IN THE SOFTWARE. |
| |
| 'use strict'; |
| const common = require('../common'); |
| if (!common.hasCrypto) |
| common.skip('missing crypto'); |
| |
| if (!common.opensslCli) |
| common.skip('missing openssl-cli'); |
| |
| const assert = require('assert'); |
| const tls = require('tls'); |
| const spawn = require('child_process').spawn; |
| const fixtures = require('../common/fixtures'); |
| |
| const key = fixtures.readKey('agent2-key.pem'); |
| const cert = fixtures.readKey('agent2-cert.pem'); |
| let nsuccess = 0; |
| let ntests = 0; |
| const ciphers = 'DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; |
| |
| // Test will emit a warning because the DH parameter size is < 2048 bits |
| common.expectWarning('SecurityWarning', |
| 'DH parameter is less than 2048 bits'); |
| |
| function loadDHParam(n) { |
| const params = [`dh${n}.pem`]; |
| if (n !== 'error') |
| params.unshift('keys'); |
| return fixtures.readSync(params); |
| } |
| |
| function test(keylen, expectedCipher, cb) { |
| const options = { |
| key: key, |
| cert: cert, |
| ciphers: ciphers, |
| dhparam: loadDHParam(keylen) |
| }; |
| |
| const server = tls.createServer(options, function(conn) { |
| conn.end(); |
| }); |
| |
| server.on('close', function(err) { |
| assert.ifError(err); |
| if (cb) cb(); |
| }); |
| |
| server.listen(0, '127.0.0.1', function() { |
| const args = ['s_client', '-connect', `127.0.0.1:${this.address().port}`, |
| '-cipher', ciphers]; |
| |
| const client = spawn(common.opensslCli, args); |
| let out = ''; |
| client.stdout.setEncoding('utf8'); |
| client.stdout.on('data', function(d) { |
| out += d; |
| }); |
| client.stdout.on('end', function() { |
| // DHE key length can be checked -brief option in s_client but it |
| // is only supported in openssl 1.0.2 so we cannot check it. |
| const reg = new RegExp(`Cipher : ${expectedCipher}`); |
| if (reg.test(out)) { |
| nsuccess++; |
| server.close(); |
| } |
| }); |
| }); |
| } |
| |
| function test512() { |
| assert.throws(function() { |
| test(512, 'DHE-RSA-AES128-SHA256', null); |
| }, /DH parameter is less than 1024 bits/); |
| } |
| |
| function test1024() { |
| test(1024, 'DHE-RSA-AES128-SHA256', test2048); |
| ntests++; |
| } |
| |
| function test2048() { |
| test(2048, 'DHE-RSA-AES128-SHA256', testError); |
| ntests++; |
| } |
| |
| function testError() { |
| test('error', 'ECDHE-RSA-AES128-SHA256', test512); |
| ntests++; |
| } |
| |
| test1024(); |
| |
| process.on('exit', function() { |
| assert.strictEqual(ntests, nsuccess); |
| assert.strictEqual(ntests, 3); |
| }); |