(honorCipherOrder, clientCipher, expectedCipher, defaultCiphers)
| 45 | }; |
| 46 | |
| 47 | function test(honorCipherOrder, clientCipher, expectedCipher, defaultCiphers) { |
| 48 | const soptions = { |
| 49 | secureProtocol: SSL_Method, |
| 50 | key: fixtures.readKey('agent2-key.pem'), |
| 51 | cert: fixtures.readKey('agent2-cert.pem'), |
| 52 | ciphers: config.serverCiphers, |
| 53 | honorCipherOrder: honorCipherOrder, |
| 54 | }; |
| 55 | |
| 56 | const server = tls.createServer(soptions, mustCall(function(clearTextStream) { |
| 57 | // End socket to send CLOSE_NOTIFY and TCP FIN packet, otherwise |
| 58 | // it may hang for ~30 seconds in FIN_WAIT_1 state (at least on macOS). |
| 59 | clearTextStream.end(); |
| 60 | })); |
| 61 | server.listen(0, localhost, mustCall(function() { |
| 62 | const coptions = { |
| 63 | rejectUnauthorized: false, |
| 64 | secureProtocol: SSL_Method |
| 65 | }; |
| 66 | if (clientCipher) { |
| 67 | coptions.ciphers = clientCipher; |
| 68 | } |
| 69 | const port = this.address().port; |
| 70 | const savedDefaults = tls.DEFAULT_CIPHERS; |
| 71 | tls.DEFAULT_CIPHERS = defaultCiphers || savedDefaults; |
| 72 | const client = tls.connect(port, localhost, coptions, mustCall(function() { |
| 73 | const cipher = client.getCipher(); |
| 74 | client.end(); |
| 75 | server.close(); |
| 76 | const msg = util.format( |
| 77 | 'honorCipherOrder=%j, clientCipher=%j, expect=%j, got=%j', |
| 78 | honorCipherOrder, clientCipher, expectedCipher, cipher.name); |
| 79 | assert.strictEqual(cipher.name, expectedCipher, msg); |
| 80 | })); |
| 81 | tls.DEFAULT_CIPHERS = savedDefaults; |
| 82 | })); |
| 83 | } |
| 84 | |
| 85 | // Client explicitly has the preference of cipher suites, not the default. |
| 86 | test(false, config.clientPreferenceCiphers, config.clientPreferredCipher); |
no test coverage detected
searching dependent graphs…