1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
'use strict';
const common = require('../common');
// This test ensures that ecdhCurve option of TLS server supports colon
// separated ECDH curve names as value.
if (!common.hasCrypto)
common.skip('missing crypto');
if (!common.opensslCli)
common.skip('missing openssl-cli');
const assert = require('assert');
const tls = require('tls');
const spawn = require('child_process').spawn;
const fixtures = require('../common/fixtures');
function loadPEM(n) {
return fixtures.readKey(`${n}.pem`);
}
const options = {
key: loadPEM('agent2-key'),
cert: loadPEM('agent2-cert'),
ciphers: '-ALL:ECDHE-RSA-AES128-SHA256',
ecdhCurve: 'secp256k1:prime256v1:secp521r1'
};
const reply = 'I AM THE WALRUS'; // something recognizable
const server = tls.createServer(options, function(conn) {
conn.end(reply);
});
let gotReply = false;
server.listen(0, function() {
const args = ['s_client',
'-cipher', `${options.ciphers}`,
'-connect', `127.0.0.1:${this.address().port}`];
// for the performance and stability issue in s_client on Windows
if (common.isWindows)
args.push('-no_rand_screen');
const client = spawn(common.opensslCli, args);
client.stdout.on('data', function(data) {
const message = data.toString();
if (message.includes(reply))
gotReply = true;
});
client.on('exit', function(code) {
assert.strictEqual(0, code);
server.close();
});
client.on('error', assert.ifError);
});
process.on('exit', function() {
assert.ok(gotReply);
// Some of unsupported curves
const unsupportedCurves = [
'wap-wsg-idm-ecid-wtls1',
'c2pnb163v1',
'prime192v3'
];
// Brainpool is not supported in FIPS mode
if (common.hasFipsCrypto)
unsupportedCurves.push('brainpoolP256r1');
unsupportedCurves.forEach((ecdhCurve) => {
assert.throws(() => tls.createServer({ ecdhCurve }),
/Error: Failed to set ECDH curve/);
});
});
|
