(size, err, next, minDHSizeOverride)
| 26 | } |
| 27 | |
| 28 | function test(size, err, next, minDHSizeOverride) { |
| 29 | const options = { |
| 30 | key: key, |
| 31 | cert: cert, |
| 32 | dhparam: loadDHParam(size), |
| 33 | ciphers: 'DHE-RSA-AES128-GCM-SHA256' |
| 34 | }; |
| 35 | |
| 36 | const server = tls.createServer(options, function(conn) { |
| 37 | conn.end(); |
| 38 | }); |
| 39 | |
| 40 | server.on('close', common.mustCall(function(isException) { |
| 41 | assert(!isException); |
| 42 | if (next) next(); |
| 43 | })); |
| 44 | |
| 45 | server.listen(0, common.mustCall(function() { |
| 46 | // Client set minimum DH parameter size to 2048 or 3072 bits |
| 47 | // so that it fails when it makes a connection to the tls |
| 48 | // server where is too small. This depends on the openssl |
| 49 | // security level |
| 50 | const minDHSize = minDHSizeOverride ?? ((secLevel > 1) ? 3072 : 2048); |
| 51 | const client = tls.connect({ |
| 52 | minDHSize: minDHSize, |
| 53 | port: this.address().port, |
| 54 | rejectUnauthorized: false, |
| 55 | maxVersion: 'TLSv1.2', |
| 56 | }, function() { |
| 57 | nsuccess++; |
| 58 | server.close(); |
| 59 | }); |
| 60 | if (err) { |
| 61 | client.on('error', common.mustCall((e) => { |
| 62 | nerror++; |
| 63 | assert.strictEqual(e.code, 'ERR_TLS_DH_PARAM_SIZE'); |
| 64 | server.close(); |
| 65 | })); |
| 66 | } |
| 67 | })); |
| 68 | } |
| 69 | |
| 70 | // A client connection fails with an error when a client has an |
| 71 | // 2048 bits minDHSize option and a server has 1024 bits dhparam |
no test coverage detected
searching dependent graphs…