File: 40ssl-cipher-suite.t

package info (click to toggle)
h2o 2.2.5+dfsg2-3~bpo9+1
  • links: PTS, VCS
  • area: main
  • in suites: stretch-backports
  • size: 56,568 kB
  • sloc: ansic: 130,776; cpp: 35,914; ruby: 19,541; sh: 11,844; yacc: 5,964; perl: 3,732; python: 2,658; asm: 2,259; makefile: 525; objc: 385; pascal: 382; php: 13
file content (38 lines) | stat: -rw-r--r-- 966 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
use strict;
use warnings;
use File::Temp qw(tempfile);
use Net::EmptyPort qw(check_port empty_port);
use Scope::Guard qw(scope_guard);
use Test::More;
use t::Util;

my $port = empty_port();

# spawn server that only accepts AES128-SHA
my ($conffh, $conffn) = tempfile(UNLINK => 1);
print $conffh <<"EOT";
listen:
  host: 127.0.0.1
  port: $port
  ssl:
    key-file: examples/h2o/server.key
    certificate-file: examples/h2o/server.crt
    cipher-suite: AES128-SHA
hosts:
  default:
    paths:
      /:
        file.dir: @{[ DOC_ROOT ]}
EOT
my ($guard, $pid) = spawn_server(
    argv     => [ bindir() . "/h2o", "-c", $conffn ],
    is_ready => sub {
        check_port($port);
    },
);

# connect to the server with AES256-SHA as the first choice, and check that AES128-SHA was selected
my $log = `openssl s_client -tls1_2 -cipher AES256-SHA:AES128-SHA -host 127.0.0.1 -port $port < /dev/null 2>&1`;
like $log, qr/^\s*Cipher\s*:\s*AES128-SHA\s*$/m;

done_testing;