Revision as of 14:18, 27 March 2017

Description

Sanity of crypto-policies

We will test if system actually pays attention to crypto policy setting

Prepare test directory for simple https server

dir=$(mktemp -d) && cd $dir && echo CONNECTED >index.html

Switch to LEGACY policy

update-crypto-policies --set LEGACY || echo FAIL

Setup server using only LEGACY ciphers

openssl s_server -WWW -cert TODO -key TODO -CAfile TODO -cipher TODO &

Check that OpenSSL software can connect

wget -O - localhost:4433 |grep CONNECTED || echo FAIL

Check that NSS software can connect

curl localhost:4433 |grep CONNECTED || echo FAIL

Switch to policy NORMAL

update-crypto-policies --set NORMAL || echo FAIL

Check OpenSSL software can NOT connect

wget -O - localhost:4433 |grep CONNECTED && echo FAIL

Check NSS software can NOT connect

curl localhost:4433 |grep CONNECTED && echo FAIL

Switch to policy FUTURE

update-crypto-policies --set FUTURE || echo FAIL

Check OpenSSL software can NOT connect

wget -O - localhost:4433 |grep CONNECTED && echo FAIL

Check NSS software can NOT connect

curl localhost:4433 |grep CONNECTED && echo FAIL

@@ Line 3: / Line 3: @@
 |actions=
 We will test if system actually pays attention to crypto policy setting
-# Prepare test directory for simplw https server
+# Prepare test directory for simple https server
 #:<pre>
 #::dir=$(mktemp -d) && cd $dir && echo CONNECTED >index.html</pre>
@@ Line 12: / Line 12: @@
 #:<pre>
 #::openssl s_server -WWW -cert TODO -key TODO -CAfile TODO -cipher TODO &</pre>
-# Check OpenSSL software can connect
+# Check that OpenSSL software can connect
 #: <pre>
 #:: wget -O - localhost:4433 |grep CONNECTED || echo FAIL</pre>
-# Check NSS software can connect
+# Check that NSS software can connect
 #:<pre>
 #::curl localhost:4433 |grep CONNECTED || echo FAIL</pre>