From Fedora Project Wiki

No edit summary
No edit summary
 
Line 3: Line 3:
|actions=
|actions=
We will try some basic stuff with Firefox.
We will try some basic stuff with Firefox.
#'''Attention:''' You need updated [https://koji.fedoraproject.org/koji/buildinfo?buildID=873855 nss-3.29.3-1.3.fc2] (and also dependencies) because of [https://bugzilla.mozilla.org/show_bug.cgi?id=1328318 bug]
#'''Attention:''' You need updated [https://koji.fedoraproject.org/koji/buildinfo?buildID=873855 nss-3.29.3-1.3.fc2] (and also dependencies) because of [https://bugzilla.mozilla.org/show_bug.cgi?id=1328318 bug], e.g. (x86_64 architecture):
#:<pre>dnf update https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-sysinit-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-tools-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-freebl-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-util/3.29.3/2.2.fc26/x86_64/nss-util-3.29.3-2.2.fc26.x86_64.rpm</pre>
#:<pre>dnf update https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-sysinit-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-tools-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-freebl-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-util/3.29.3/2.2.fc26/x86_64/nss-util-3.29.3-2.2.fc26.x86_64.rpm</pre>
# Visit [https://www.ssllabs.com/ssltest/viewMyClient.html ssllabs site] with different profiles (LEGACY, DEFAULT, FUTURE - use <code>update-crypto-policies --set PROFILE</code> to switch them)
# Visit [https://www.ssllabs.com/ssltest/viewMyClient.html ssllabs site] with different profiles (LEGACY, DEFAULT, FUTURE - use <code>update-crypto-policies --set PROFILE</code> to switch them)

Latest revision as of 07:23, 30 March 2017

Description

Using Firefox with crypto-policies


How to test

We will try some basic stuff with Firefox.

  1. Attention: You need updated nss-3.29.3-1.3.fc2 (and also dependencies) because of bug, e.g. (x86_64 architecture): 
    dnf update https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-sysinit-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-tools-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-freebl-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-util/3.29.3/2.2.fc26/x86_64/nss-util-3.29.3-2.2.fc26.x86_64.rpm
  2. Visit ssllabs site with different profiles (LEGACY, DEFAULT, FUTURE - use update-crypto-policies --set PROFILE to switch them)
  3. Try sites using exclusively RC4 ciphers, 3DES ciphers, and modern ciphers using different profiles

Expected Results

  1. roughly speaking:
    1. FUTURE should allow only TLSv1.2
    2. DEFAULT should also allow 3DES ciphers
    3. LEGACY should also allow RC4 ciphers
  2. RC4 should be accessible only with LEGACY, 3DES also with DEFAULT and modern also with FUTURE.



Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_CryptoPolicies_Firefox&oldid=489591"