From Fedora Project Wiki

Revision as of 17:03, 29 March 2017 by Szidek (talk | contribs)

Description

Sanity of crypto-policies


How to test

We will test if system actually pays attention to crypto policy setting

  1. Check LEGACY profile 
    update-crypto-policies --set LEGACY || echo "FAIL update LEGACY"
    

    wget -O - https://rc4.badssl.com/ || echo "FAIL wget rc4"
    

    curl https://rc4.badssl.com/ || echo "FAIL curl LEGACY rc4"
  2. Check DEFAULT profile 
    update-crypto-policies --set DEFAULT || echo "FAIL update DEFAULT"
    

    wget -O - https://rc4.badssl.com/ && echo "FAIL wget DEFAULT rc4"
    

    wget -O - https://3des.badssl.com/ || echo "FAIL wget DEFAULT 3des"
    

    curl https://rc4.badssl.com/ && echo "FAIL curl DEFAULT rc4"
    

    curl https://3des.badssl.com/ || echo "FAIL curl DEFAULT 3des"
  3. Check FUTURE profile 
    update-crypto-policies --set FUTURE || echo "FAIL update FUTURE"
    

    wget -O - https://3des.badssl.com/ && echo "FAIL wget FUTURE 3des"
    

    wget -O - https://mozilla-modern.badssl.com/ || echo "FAIL wget FUTURE modern"
    

    curl https://3des.badssl.com/ && echo "FAIL curl FUTURE 3des"
    

    curl https://mozilla-modern.badssl.com/ || echo "FAIL curl FUTURE modern"

Expected Results

  1. commands complete without FAIL being printed



Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_CryptoPolicies_Sanity&oldid=489387"