From Fedora Project Wiki

No edit summary
No edit summary
Line 6: Line 6:
#:<pre>
#:<pre>
#::update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"
#::update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"
#::wget -q -O /dev/null https://rc4.badssl.com/ || echo "FAIL wget rc4"
#::wget -q -O /dev/null https://rc4.badssl.com/ || echo "FAIL wget LEGACY rc4"
#::(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null || echo "FAIL s_client LEGACY rc4
#::curl -s https://rc4.badssl.com/ >/dev/null|| echo "FAIL curl LEGACY rc4"</pre>
#::curl -s https://rc4.badssl.com/ >/dev/null|| echo "FAIL curl LEGACY rc4"</pre>
# Check DEFAULT profile
# Check DEFAULT profile
Line 13: Line 14:
#::wget -q -O /dev/null https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
#::wget -q -O /dev/null https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
#::wget -q -O /dev/null https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
#::wget -q -O /dev/null https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
#::(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null && echo "FAIL s_client DEFAULT rc4
#::(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null || echo "FAIL s_client DEFAULT 3des
#::curl -s https://rc4.badssl.com/ >/dev/null && echo "FAIL curl DEFAULT rc4"
#::curl -s https://rc4.badssl.com/ >/dev/null && echo "FAIL curl DEFAULT rc4"
#::curl -s https://3des.badssl.com/ >/dev/null || echo "FAIL curl DEFAULT 3des"</pre>
#::curl -s https://3des.badssl.com/ >/dev/null || echo "FAIL curl DEFAULT 3des"</pre>
Line 20: Line 23:
#::wget -q -O /dev/null https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
#::wget -q -O /dev/null https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
#::wget -q -O /dev/null https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
#::wget -q -O /dev/null https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
#::(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null && echo "FAIL s_client FUTURE 3des
#::(sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect mozilla-modern.badssl.com:443 -servername mozilla-modern.badssl.com &>/dev/null || echo "FAIL s_client FUTURE modern
#::curl -s https://3des.badssl.com/ >/dev/null && echo "FAIL curl FUTURE 3des"
#::curl -s https://3des.badssl.com/ >/dev/null && echo "FAIL curl FUTURE 3des"
#::curl -s https://mozilla-modern.badssl.com/ >/dev/null || echo "FAIL curl FUTURE modern"</pre>
#::curl -s https://mozilla-modern.badssl.com/ >/dev/null || echo "FAIL curl FUTURE modern"</pre>

Revision as of 18:11, 29 March 2017

Description

Sanity of crypto-policies


How to test

We will test if system actually pays attention to crypto policy setting

  1. Check LEGACY profile 
    update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"
    

    wget -q -O /dev/null https://rc4.badssl.com/ || echo "FAIL wget LEGACY rc4"
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null || echo "FAIL s_client LEGACY rc4
    

    curl -s https://rc4.badssl.com/ >/dev/null|| echo "FAIL curl LEGACY rc4"
  2. Check DEFAULT profile 
    update-crypto-policies --set DEFAULT || echo "FAIL update DEFAULT"
    

    wget -q -O /dev/null https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
    

    wget -q -O /dev/null https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com &>/dev/null && echo "FAIL s_client DEFAULT rc4
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null || echo "FAIL s_client DEFAULT 3des
    

    curl -s https://rc4.badssl.com/ >/dev/null && echo "FAIL curl DEFAULT rc4"
    

    curl -s https://3des.badssl.com/ >/dev/null || echo "FAIL curl DEFAULT 3des"
  3. Check FUTURE profile 
    update-crypto-policies --set FUTURE || echo "FAIL update FUTURE"
    

    wget -q -O /dev/null https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
    

    wget -q -O /dev/null https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect 3des.badssl.com:443 -servername 3des.badssl.com &>/dev/null && echo "FAIL s_client FUTURE 3des
    

    (sleep 5; echo -e "GET / HTTP/1.1\n\n") |openssl s_client -connect mozilla-modern.badssl.com:443 -servername mozilla-modern.badssl.com &>/dev/null || echo "FAIL s_client FUTURE modern
    

    curl -s https://3des.badssl.com/ >/dev/null && echo "FAIL curl FUTURE 3des"
    

    curl -s https://mozilla-modern.badssl.com/ >/dev/null || echo "FAIL curl FUTURE modern"

Expected Results

  1. commands complete without FAIL being printed



Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_CryptoPolicies_Sanity&oldid=489398"