{ "comment": "Tests for SSL configuration", "configs": { "1": { "proto": { "proto": "ssl", "tcp_nodelay": "yes", "ip_ttl": "15", "connect_timeout": "1000", "read_timeout": "50", "write_timeout": "50", "verify_peer": "no", "ciphers": "HIGH", "no_ssl2": "yes", "no_ssl3": "yes", "no_tls10": "yes", "no_tls11": "yes", "no_tls12": "yes", "no_tls13": "yes", "min_proto_version": "ssl3", "max_proto_version": "tls13", "ecdhcurve": "prime256v1", "use_sni": "no", "verify_hostname": "no", "compression": "no" }, "client": { "ip": "127.0.0.1", "port": "8443", "crt": "server.crt", "key": "server.key", "use_sni": "yes", "sni_servername": "example.com", "verify_hostname": "yes", "no_tls10": "no", "max_proto_version": "tls11" }, "server": { "ip": "127.0.0.1", "port": "9443", "crt": "server.crt", "key": "server.key", "no_tls12": "no", "min_proto_version": "tls12", "compression": "yes" } } }, "tests": { "1": { "comment": "Configures ssl cert, proto, ciphers correctly", "states": { "1": { "testend": "client", "cmd": "send", "payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n", "assert": { "current_cipher_name": { "match": [ "^ECDHE-[A-Z0-9]+-[A-Z0-9]+", "[A-Z0-9]+-AES256-[A-Z0-9]", "[A-Z0-9]+-[A-Z0-9]+-SHA\\d*$" ], "!match": [ "^(DHE|IDEA)-\\w+-\\w+", "\\w+-(SEED|CBC)-\\w+" ] }, "current_cipher_version": { "==": [ "SSLv3", "TLSv1", "TLSv1.0" ], "!match": [ "^TLSv1\\.[1-3]?$" ] }, "ssl_proto_version": { "==": [ "TLSv1" ], "!=": [ "SSLv3" ], "!match": [ "^TLSv1\\.[1-3]?$" ] }, "ssl_state": { "==": [ "SSLOK " ] }, "peer_certificate": { "==": [ "TR, Antalya, Serik, ComixWall, SSLproxy, comixwall.org, sonertari@gmail.com" ] }, "peer_certificate_not_before": { ">=": [ "-2" ], "<=": [ "0" ] }, "peer_certificate_not_after": { ">=": [ "363" ], "<=": [ "365" ] } } }, "2": { "testend": "server", "cmd": "recv", "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n", "assert": { "current_cipher_name": { "match": [ "ECDHE-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+", "[A-Z0-9]+-[A-Z0-9]+-AES256-[A-Z0-9]+-[A-Z0-9]+", "[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-SHA384" ], "!match": [ "^DHE-\\w+-\\w+-\\w+", "\\w+-\\w+-SEED-\\w+", "\\w+-\\w+-\\w+-SHA$" ] }, "current_cipher_version": { "==": [ "TLSv1.2" ], "!match": [ "^(SSLv3|TLSv1|TLSv1\\.[13]?)$" ] }, "ssl_proto_version": { "==": [ "TLSv1.2" ], "!match": [ "^(SSLv3|TLSv1|TLSv1\\.[13]?)$" ] }, "ssl_state": { "==": [ "SSLOK " ] }, "sni_servername": { "==": [ "example.com" ] } } } } } } }