mirror of
https://github.com/inspec/inspec
synced 2024-11-26 14:40:26 +00:00
Adds tls1.3 support in ssl resource.
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
parent
81a4516890
commit
b4ccc15121
2 changed files with 10 additions and 2 deletions
|
@ -38,6 +38,7 @@ module Inspec::Resources
|
||||||
"tls1.0",
|
"tls1.0",
|
||||||
"tls1.1",
|
"tls1.1",
|
||||||
"tls1.2",
|
"tls1.2",
|
||||||
|
"tls1.3",
|
||||||
].freeze
|
].freeze
|
||||||
|
|
||||||
attr_reader :host, :port, :timeout, :retries
|
attr_reader :host, :port, :timeout, :retries
|
||||||
|
@ -89,6 +90,7 @@ module Inspec::Resources
|
||||||
{ "protocol" => "tls1.0", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
|
{ "protocol" => "tls1.0", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
|
||||||
{ "protocol" => "tls1.1", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
|
{ "protocol" => "tls1.1", "ciphers" => SSLShake::TLS::TLS10_CIPHERS.keys },
|
||||||
{ "protocol" => "tls1.2", "ciphers" => SSLShake::TLS::TLS_CIPHERS.keys },
|
{ "protocol" => "tls1.2", "ciphers" => SSLShake::TLS::TLS_CIPHERS.keys },
|
||||||
|
{ "protocol" => "tls1.3", "ciphers" => SSLShake::TLS::TLS13_CIPHERS.keys },
|
||||||
].map do |line|
|
].map do |line|
|
||||||
line["ciphers"].map do |cipher|
|
line["ciphers"].map do |cipher|
|
||||||
{ "protocol" => line["protocol"], "cipher" => cipher }
|
{ "protocol" => line["protocol"], "cipher" => cipher }
|
||||||
|
|
|
@ -21,6 +21,12 @@ describe "Inspec::Resources::SSL" do
|
||||||
_(resource.enabled?).must_equal true
|
_(resource.enabled?).must_equal true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "verify protocol enabled" do
|
||||||
|
SSLShake.expects(:hello).at_least_once.returns({ "version" => "tls1.3", "success" => true })
|
||||||
|
resource = load_resource("ssl", host: "localhost").protocols("tls1.3")
|
||||||
|
_(resource.enabled?).must_equal true
|
||||||
|
end
|
||||||
|
|
||||||
it "verify protocol disabled" do
|
it "verify protocol disabled" do
|
||||||
SSLShake.expects(:hello).at_least_once.returns({ "error" => "Failed to parse response. Cannot handle SSLv2 responses" })
|
SSLShake.expects(:hello).at_least_once.returns({ "error" => "Failed to parse response. Cannot handle SSLv2 responses" })
|
||||||
resource = load_resource("ssl", host: "localhost").protocols("ssl2")
|
resource = load_resource("ssl", host: "localhost").protocols("ssl2")
|
||||||
|
@ -47,8 +53,8 @@ describe "Inspec::Resources::SSL" do
|
||||||
|
|
||||||
it "verify sslshake resources" do
|
it "verify sslshake resources" do
|
||||||
resource = load_resource("ssl", host: "localhost")
|
resource = load_resource("ssl", host: "localhost")
|
||||||
_(resource.protocols.uniq).must_equal ["ssl2", "ssl3", "tls1.0", "tls1.1", "tls1.2"]
|
_(resource.protocols.uniq).must_equal ["ssl2", "ssl3", "tls1.0", "tls1.1", "tls1.2", "tls1.3"]
|
||||||
_(resource.ciphers.include?("TLS_RSA_WITH_AES_128_CBC_SHA256")).must_equal true
|
_(resource.ciphers.include?("TLS_RSA_WITH_AES_128_CBC_SHA256")).must_equal true
|
||||||
_([681, 993, 1003]).must_include(resource.ciphers.count)
|
_([681, 993, 1003, 1008]).must_include(resource.ciphers.count)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue