From Fedora Project Wiki

No edit summary
No edit summary
Line 3: Line 3:
|actions=
|actions=
We will test if system actually pays attention to crypto policy setting
We will test if system actually pays attention to crypto policy setting
# Prepare test directory for simple https server
# Check LEGACY profile
#:<pre>
#:<pre>
#::dir=$(mktemp -d) && cd $dir && echo CONNECTED >index.html</pre>
#::update-crypto-policies --set LEGACY || echo FAIL
# Switch to LEGACY policy
#::wget -O - https://rc4.badssl.com/ || echo "FAIL wget rc4"
#::curl https://rc4.badssl.com/ || echo "FAIL curl LEGACY rc4"</pre>
# Check DEFAULT profile
#:<pre>
#:<pre>
#::update-crypto-policies --set LEGACY || echo FAIL</pre>
#::update-crypto-policies --set DEFAULT || echo FAIL
# Setup server using only LEGACY ciphers
#::wget -O - https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
#::wget -O - https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
#::curl https://rc4.badssl.com/ && echo "FAIL curl DEFAULT rc4"
#::curl https://3des.badssl.com/ || echo "FAIL curl DEFAULT 3des"</pre>
# Check FUTURE profile
#:<pre>
#:<pre>
#::openssl s_server -WWW -cert TODO -key TODO -CAfile TODO -cipher TODO &</pre>
#::update-crypto-policies --set FUTURE || echo FAIL
# Check that OpenSSL software can connect
#::wget -O - https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
#: <pre>
#::wget -O - https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
#:: wget -O - localhost:4433 |grep CONNECTED || echo FAIL</pre>
#::curl https://3des.badssl.com/ && echo "FAIL curl FUTURE 3des
# Check that NSS software can connect
#::curl https://mozilla-modern.badssl.com/ || echo "FAIL curl FUTURE modern"</pre>
#:<pre>
#::curl localhost:4433 |grep CONNECTED || echo FAIL</pre>
# Switch to policy NORMAL
#:<pre>
#::update-crypto-policies --set NORMAL || echo FAIL</pre>
# Check OpenSSL software can NOT connect
#:<pre>
#::wget -O - localhost:4433 |grep CONNECTED && echo FAIL</pre>
# Check NSS software can NOT connect
#:<pre>
#::curl localhost:4433 |grep CONNECTED && echo FAIL</pre>
# Switch to policy FUTURE
#:<pre>
#::update-crypto-policies --set FUTURE || echo FAIL</pre>
# Check OpenSSL software can NOT connect
#:<pre>
#::wget -O - localhost:4433 |grep CONNECTED && echo FAIL</pre>
# Check NSS software can NOT connect
#:<pre>
#::curl localhost:4433 |grep CONNECTED && echo FAIL</pre>
# Cleanup test directory
#:<pre>
#::rm -rf $dir</pre>
|results=
|results=
# Step #1 completes without error
# commands complete without <code>FAIL</code> being printed
# commands complete without <code>FAIL</code> being printed
}}
}}

Revision as of 17:02, 29 March 2017

Description

Sanity of crypto-policies


How to test

We will test if system actually pays attention to crypto policy setting

  1. Check LEGACY profile 
    update-crypto-policies --set LEGACY || echo FAIL
    

    wget -O - https://rc4.badssl.com/ || echo "FAIL wget rc4"
    

    curl https://rc4.badssl.com/ || echo "FAIL curl LEGACY rc4"
  2. Check DEFAULT profile 
    update-crypto-policies --set DEFAULT || echo FAIL
    

    wget -O - https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
    

    wget -O - https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
    

    curl https://rc4.badssl.com/ && echo "FAIL curl DEFAULT rc4"
    

    curl https://3des.badssl.com/ || echo "FAIL curl DEFAULT 3des"
  3. Check FUTURE profile 
    update-crypto-policies --set FUTURE || echo FAIL
    

    wget -O - https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
    

    wget -O - https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
    

    curl https://3des.badssl.com/ && echo "FAIL curl FUTURE 3des
    

    curl https://mozilla-modern.badssl.com/ || echo "FAIL curl FUTURE modern"

Expected Results

  1. commands complete without FAIL being printed



Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_CryptoPolicies_Sanity&oldid=489386"