From b4ccc15121df44b0fdcd797814d7aa7f93934d42 Mon Sep 17 00:00:00 2001
From: Vasu1105 <vasundhara.jagdale@chef.io>
Date: Fri, 10 Dec 2021 14:43:40 +0530
Subject: [PATCH] Adds tls1.3 support in ssl resource.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
---
 lib/inspec/resources/ssl.rb     |  2 ++
 test/unit/resources/ssl_test.rb | 10 ++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/inspec/resources/ssl.rb b/lib/inspec/resources/ssl.rb
index 39b97c951..122b529fe 100644
--- a/lib/inspec/resources/ssl.rb
+++ b/lib/inspec/resources/ssl.rb
@@ -38,6 +38,7 @@ module Inspec::Resources
       "tls1.0",
       "tls1.1",
       "tls1.2",
+      "tls1.3",
     ].freeze
 
     attr_reader :host, :port, :timeout, :retries
@@ -89,6 +90,7 @@ module Inspec::Resources
         { "protocol" => "tls1.0", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
         { "protocol" => "tls1.1", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
         { "protocol" => "tls1.2", "ciphers" => SSLShake::TLS::TLS_CIPHERS.keys },
+        { "protocol" => "tls1.3", "ciphers" => SSLShake::TLS::TLS13_CIPHERS.keys },
       ].map do |line|
         line["ciphers"].map do |cipher|
           { "protocol" => line["protocol"], "cipher" => cipher }
diff --git a/test/unit/resources/ssl_test.rb b/test/unit/resources/ssl_test.rb
index 219dd7197..ed2445b7a 100644
--- a/test/unit/resources/ssl_test.rb
+++ b/test/unit/resources/ssl_test.rb
@@ -21,6 +21,12 @@ describe "Inspec::Resources::SSL" do
     _(resource.enabled?).must_equal true
   end
 
+  it "verify protocol enabled" do
+    SSLShake.expects(:hello).at_least_once.returns({ "version" => "tls1.3", "success" => true })
+    resource = load_resource("ssl", host: "localhost").protocols("tls1.3")
+    _(resource.enabled?).must_equal true
+  end
+
   it "verify protocol disabled" do
     SSLShake.expects(:hello).at_least_once.returns({ "error" => "Failed to parse response. Cannot handle SSLv2 responses" })
     resource = load_resource("ssl", host: "localhost").protocols("ssl2")
@@ -47,8 +53,8 @@ describe "Inspec::Resources::SSL" do
 
   it "verify sslshake resources" do
     resource = load_resource("ssl", host: "localhost")
-    _(resource.protocols.uniq).must_equal ["ssl2", "ssl3", "tls1.0", "tls1.1", "tls1.2"]
+    _(resource.protocols.uniq).must_equal ["ssl2", "ssl3", "tls1.0", "tls1.1", "tls1.2", "tls1.3"]
     _(resource.ciphers.include?("TLS_RSA_WITH_AES_128_CBC_SHA256")).must_equal true
-    _([681, 993, 1003]).must_include(resource.ciphers.count)
+    _([681, 993, 1003, 1008]).must_include(resource.ciphers.count)
   end
 end