Adds tls1.3 support in ssl resource.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
Vasu1105 2021-12-10 14:43:40 +05:30
parent 81a4516890
commit b4ccc15121
2 changed files with 10 additions and 2 deletions

View file

@ -38,6 +38,7 @@ module Inspec::Resources
"tls1.0", "tls1.0",
"tls1.1", "tls1.1",
"tls1.2", "tls1.2",
"tls1.3",
].freeze ].freeze
attr_reader :host, :port, :timeout, :retries attr_reader :host, :port, :timeout, :retries
@ -89,6 +90,7 @@ module Inspec::Resources
{ "protocol" => "tls1.0", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys }, { "protocol" => "tls1.0", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
{ "protocol" => "tls1.1", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys }, { "protocol" => "tls1.1", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
{ "protocol" => "tls1.2", "ciphers" => SSLShake::TLS::TLS_CIPHERS.keys }, { "protocol" => "tls1.2", "ciphers" => SSLShake::TLS::TLS_CIPHERS.keys },
{ "protocol" => "tls1.3", "ciphers" => SSLShake::TLS::TLS13_CIPHERS.keys },
].map do |line| ].map do |line|
line["ciphers"].map do |cipher| line["ciphers"].map do |cipher|
{ "protocol" => line["protocol"], "cipher" => cipher } { "protocol" => line["protocol"], "cipher" => cipher }

View file

@ -21,6 +21,12 @@ describe "Inspec::Resources::SSL" do
_(resource.enabled?).must_equal true _(resource.enabled?).must_equal true
end end
it "verify protocol enabled" do
SSLShake.expects(:hello).at_least_once.returns({ "version" => "tls1.3", "success" => true })
resource = load_resource("ssl", host: "localhost").protocols("tls1.3")
_(resource.enabled?).must_equal true
end
it "verify protocol disabled" do it "verify protocol disabled" do
SSLShake.expects(:hello).at_least_once.returns({ "error" => "Failed to parse response. Cannot handle SSLv2 responses" }) SSLShake.expects(:hello).at_least_once.returns({ "error" => "Failed to parse response. Cannot handle SSLv2 responses" })
resource = load_resource("ssl", host: "localhost").protocols("ssl2") resource = load_resource("ssl", host: "localhost").protocols("ssl2")
@ -47,8 +53,8 @@ describe "Inspec::Resources::SSL" do
it "verify sslshake resources" do it "verify sslshake resources" do
resource = load_resource("ssl", host: "localhost") resource = load_resource("ssl", host: "localhost")
_(resource.protocols.uniq).must_equal ["ssl2", "ssl3", "tls1.0", "tls1.1", "tls1.2"] _(resource.protocols.uniq).must_equal ["ssl2", "ssl3", "tls1.0", "tls1.1", "tls1.2", "tls1.3"]
_(resource.ciphers.include?("TLS_RSA_WITH_AES_128_CBC_SHA256")).must_equal true _(resource.ciphers.include?("TLS_RSA_WITH_AES_128_CBC_SHA256")).must_equal true
_([681, 993, 1003]).must_include(resource.ciphers.count) _([681, 993, 1003, 1008]).must_include(resource.ciphers.count)
end end
end end