1{ 2 "comment": "Tests for SSL configuration", 3 "configs": { 4 "1": { 5 "proto": { 6 "proto": "ssl", 7 "tcp_nodelay": "yes", 8 "ip_ttl": "15", 9 "connect_timeout": "1000", 10 "read_timeout": "50", 11 "write_timeout": "50", 12 "verify_peer": "no", 13 "cipher_list": "HIGH", 14 "no_ssl2": "yes", 15 "no_ssl3": "yes", 16 "no_tls10": "yes", 17 "no_tls11": "yes", 18 "no_tls12": "yes", 19 "no_tls13": "yes", 20 "min_proto_version": "ssl3", 21 "max_proto_version": "tls13", 22 "ecdhcurve": "prime256v1", 23 "use_sni": "no", 24 "verify_hostname": "no", 25 "compression": "no" 26 }, 27 "client": { 28 "ip": "127.0.0.1", 29 "port": "8443", 30 "crt": "server.crt", 31 "key": "server.key", 32 "use_sni": "yes", 33 "sni_servername": "example.com", 34 "verify_hostname": "yes", 35 "no_tls10": "no", 36 "max_proto_version": "tls11" 37 }, 38 "server": { 39 "ip": "127.0.0.1", 40 "port": "9443", 41 "crt": "server.crt", 42 "key": "server.key", 43 "no_tls12": "no", 44 "min_proto_version": "tls12", 45 "compression": "yes" 46 } 47 } 48 }, 49 "tests": { 50 "1": { 51 "comment": "Configures ssl cert, proto, cipher_list correctly", 52 "states": { 53 "1": { 54 "testend": "client", 55 "cmd": "send", 56 "payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n", 57 "assert": { 58 "current_cipher_name": { 59 "match": [ 60 "^ECDHE-[A-Z0-9]+-[A-Z0-9]+", 61 "[A-Z0-9]+-AES256-[A-Z0-9]", 62 "[A-Z0-9]+-[A-Z0-9]+-SHA\\d*$" 63 ], 64 "!match": [ 65 "^(DHE|IDEA)-\\w+-\\w+", 66 "\\w+-(SEED|CBC)-\\w+" 67 ] 68 }, 69 "current_cipher_version": { 70 "==": [ 71 "SSLv3", 72 "TLSv1", 73 "TLSv1.0" 74 ], 75 "!match": [ 76 "^TLSv1\\.[1-3]?$" 77 ] 78 }, 79 "ssl_proto_version": { 80 "==": [ 81 "TLSv1" 82 ], 83 "!=": [ 84 "SSLv3" 85 ], 86 "!match": [ 87 "^TLSv1\\.[1-3]?$" 88 ] 89 }, 90 "ssl_state": { 91 "==": [ 92 "SSLOK " 93 ] 94 }, 95 "peer_certificate": { 96 "==": [ 97 "TR, Antalya, Serik, ComixWall, SSLproxy, comixwall.org, sonertari@gmail.com" 98 ] 99 }, 100 "peer_certificate_not_before": { 101 ">=": [ 102 "-2" 103 ], 104 "<=": [ 105 "0" 106 ] 107 }, 108 "peer_certificate_not_after": { 109 ">=": [ 110 "363" 111 ], 112 "<=": [ 113 "365" 114 ] 115 } 116 } 117 }, 118 "2": { 119 "testend": "server", 120 "cmd": "recv", 121 "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n", 122 "assert": { 123 "current_cipher_name": { 124 "match": [ 125 "ECDHE-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+", 126 "[A-Z0-9]+-[A-Z0-9]+-AES256-[A-Z0-9]+-[A-Z0-9]+", 127 "[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-SHA384" 128 ], 129 "!match": [ 130 "^DHE-\\w+-\\w+-\\w+", 131 "\\w+-\\w+-SEED-\\w+", 132 "\\w+-\\w+-\\w+-SHA$" 133 ] 134 }, 135 "current_cipher_version": { 136 "==": [ 137 "TLSv1.2" 138 ], 139 "!match": [ 140 "^(SSLv3|TLSv1|TLSv1\\.[13]?)$" 141 ] 142 }, 143 "ssl_proto_version": { 144 "==": [ 145 "TLSv1.2" 146 ], 147 "!match": [ 148 "^(SSLv3|TLSv1|TLSv1\\.[13]?)$" 149 ] 150 }, 151 "ssl_state": { 152 "==": [ 153 "SSLOK " 154 ] 155 }, 156 "sni_servername": { 157 "==": [ 158 "example.com" 159 ] 160 } 161 } 162 } 163 } 164 } 165 } 166}