jstests/noPassthrough/ssl_cipher_default.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

// validate default for opensslCipherConfig

(function() {
'use strict';

function getparam(mongod, field) {
    var q = {getParameter: 1};
    q[field] = 1;

    var ret = mongod.getDB("admin").runCommand(q);
    return ret[field];
}

function assertCorrectConfig(mongodArgs, expectedConfig) {
    let m = MongoRunner.runMongod(mongodArgs);
    assert.eq(getparam(m, "opensslCipherConfig"), expectedConfig);
    MongoRunner.stopMongod(m);
}

const defaultConfig = "HIGH:!EXPORT:!aNULL@STRENGTH";

// if sslMode is disabled, cipher config should be set to default
assertCorrectConfig({sslMode: 'disabled'}, defaultConfig);

// if sslMode is enabled, cipher config should have default
assertCorrectConfig({
    sslMode: 'allowSSL',
    sslPEMKeyFile: "jstests/libs/server.pem",
    sslCAFile: "jstests/libs/ca.pem"
},
                    defaultConfig);

// setting through setParameter or tlsCipherConfig should override default
assertCorrectConfig({
    sslMode: 'allowSSL',
    sslPEMKeyFile: "jstests/libs/server.pem",
    sslCAFile: "jstests/libs/ca.pem",
    setParameter: "opensslCipherConfig=HIGH"
},
                    "HIGH");

assertCorrectConfig({
    sslMode: 'allowSSL',
    sslPEMKeyFile: "jstests/libs/server.pem",
    sslCAFile: "jstests/libs/ca.pem",
    tlsCipherConfig: "HIGH"
},
                    "HIGH");
})();