mirror
/
mongo
mirror of https://github.com/mongodb/mongo
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mongo/jstests/ssl/openssl_ciphersuites.js

58 lines
2.0 KiB
JavaScript
Raw Blame History

// Test setParameter sslCipherSuitesConfig for TLS 1.3
// sslCipherSuitesConfig allows the user to set the list of cipher suites for just TLS 1.3
import {detectDefaultTLSProtocol, determineSSLProvider} from "jstests/ssl/libs/ssl_helpers.js";
// Short circuits for system configurations that do not support this setParameter, (i.e. OpenSSL
// that don't support TLS 1.3)
if (determineSSLProvider() !== "openssl") {
jsTestLog("SSL provider is not OpenSSL; skipping test.");
quit();
} else if (detectDefaultTLSProtocol() !== "TLS1_3") {
jsTestLog("Platform does not support TLS 1.3; skipping test.");
quit();
}
const baseParams = {
tlsMode: "requireTLS",
tlsCertificateKeyFile: "jstests/libs/server.pem",
tlsCAFile: "jstests/ssl/x509/root-and-trusted-ca.pem",
waitForConnect: false,
};
function testConn() {
const mongo = runMongoProgram(
"mongo",
"--host",
"localhost",
"--port",
mongod.port,
"--tls",
"--tlsCAFile",
"jstests/libs/ca.pem",
"--tlsCertificateKeyFile",
"jstests/libs/trusted-client.pem",
"--eval",
";",
);
return mongo === 0;
}
// test a successful connection when setting cipher suites
jsTestLog("Testing for successful connection with valid cipher suite config");
let mongod = MongoRunner.runMongod(
Object.merge(baseParams, {setParameter: {opensslCipherSuiteConfig: "TLS_AES_256_GCM_SHA384"}}),
);
assert.soon(testConn, "Client could not connect to server with valid ciphersuite config.");
MongoRunner.stopMongod(mongod);
// test an unsuccessful connection when mandating a cipher suite which OpenSSL disables by default
jsTestLog("Testing for unsuccessful connection with cipher suite config which OpenSSL disables by default.");
mongod = MongoRunner.runMongod(
Object.merge(baseParams, {setParameter: {opensslCipherSuiteConfig: "TLS_AES_128_CCM_8_SHA256"}}),
);
sleep(30000);
assert.eq(false, testConn(), "Client successfully connected to server with invalid ciphersuite config.");
MongoRunner.stopMongod(mongod);
Reference in New Issue View Git Blame Copy Permalink