mirror of https://github.com/sonertari/SSLproxy
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
166 lines
4.2 KiB
JSON
166 lines
4.2 KiB
JSON
{
|
|
"comment": "Tests for SSL configuration",
|
|
"configs": {
|
|
"1": {
|
|
"proto": {
|
|
"proto": "ssl",
|
|
"tcp_nodelay": "yes",
|
|
"ip_ttl": "15",
|
|
"connect_timeout": "1000",
|
|
"read_timeout": "50",
|
|
"write_timeout": "50",
|
|
"verify_peer": "no",
|
|
"cipher_list": "HIGH",
|
|
"no_ssl2": "yes",
|
|
"no_ssl3": "yes",
|
|
"no_tls10": "yes",
|
|
"no_tls11": "yes",
|
|
"no_tls12": "yes",
|
|
"no_tls13": "yes",
|
|
"min_proto_version": "ssl3",
|
|
"max_proto_version": "tls13",
|
|
"ecdhcurve": "prime256v1",
|
|
"use_sni": "no",
|
|
"verify_hostname": "no",
|
|
"compression": "no"
|
|
},
|
|
"client": {
|
|
"ip": "127.0.0.1",
|
|
"port": "8443",
|
|
"crt": "server.crt",
|
|
"key": "server.key",
|
|
"use_sni": "yes",
|
|
"sni_servername": "example.com",
|
|
"verify_hostname": "yes",
|
|
"no_tls10": "no",
|
|
"max_proto_version": "tls11"
|
|
},
|
|
"server": {
|
|
"ip": "127.0.0.1",
|
|
"port": "9443",
|
|
"crt": "server.crt",
|
|
"key": "server.key",
|
|
"no_tls12": "no",
|
|
"min_proto_version": "tls12",
|
|
"compression": "yes"
|
|
}
|
|
}
|
|
},
|
|
"tests": {
|
|
"1": {
|
|
"comment": "Configures ssl cert, proto, cipher_list correctly",
|
|
"states": {
|
|
"1": {
|
|
"testend": "client",
|
|
"cmd": "send",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n",
|
|
"assert": {
|
|
"current_cipher_name": {
|
|
"match": [
|
|
"^ECDHE-[A-Z0-9]+-[A-Z0-9]+",
|
|
"[A-Z0-9]+-AES256-[A-Z0-9]",
|
|
"[A-Z0-9]+-[A-Z0-9]+-SHA\\d*$"
|
|
],
|
|
"!match": [
|
|
"^(DHE|IDEA)-\\w+-\\w+",
|
|
"\\w+-(SEED|CBC)-\\w+"
|
|
]
|
|
},
|
|
"current_cipher_version": {
|
|
"==": [
|
|
"SSLv3",
|
|
"TLSv1",
|
|
"TLSv1.0"
|
|
],
|
|
"!match": [
|
|
"^TLSv1\\.[1-3]?$"
|
|
]
|
|
},
|
|
"ssl_proto_version": {
|
|
"==": [
|
|
"TLSv1"
|
|
],
|
|
"!=": [
|
|
"SSLv3"
|
|
],
|
|
"!match": [
|
|
"^TLSv1\\.[1-3]?$"
|
|
]
|
|
},
|
|
"ssl_state": {
|
|
"==": [
|
|
"SSLOK "
|
|
]
|
|
},
|
|
"peer_certificate": {
|
|
"==": [
|
|
"TR, Antalya, Serik, ComixWall, SSLproxy, comixwall.org, sonertari@gmail.com"
|
|
]
|
|
},
|
|
"peer_certificate_not_before": {
|
|
">=": [
|
|
"-2"
|
|
],
|
|
"<=": [
|
|
"0"
|
|
]
|
|
},
|
|
"peer_certificate_not_after": {
|
|
">=": [
|
|
"363"
|
|
],
|
|
"<=": [
|
|
"365"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"2": {
|
|
"testend": "server",
|
|
"cmd": "recv",
|
|
"payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n",
|
|
"assert": {
|
|
"current_cipher_name": {
|
|
"match": [
|
|
"ECDHE-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+",
|
|
"[A-Z0-9]+-[A-Z0-9]+-AES256-[A-Z0-9]+-[A-Z0-9]+",
|
|
"[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-[A-Z0-9]+-SHA384"
|
|
],
|
|
"!match": [
|
|
"^DHE-\\w+-\\w+-\\w+",
|
|
"\\w+-\\w+-SEED-\\w+",
|
|
"\\w+-\\w+-\\w+-SHA$"
|
|
]
|
|
},
|
|
"current_cipher_version": {
|
|
"==": [
|
|
"TLSv1.2"
|
|
],
|
|
"!match": [
|
|
"^(SSLv3|TLSv1|TLSv1\\.[13]?)$"
|
|
]
|
|
},
|
|
"ssl_proto_version": {
|
|
"==": [
|
|
"TLSv1.2"
|
|
],
|
|
"!match": [
|
|
"^(SSLv3|TLSv1|TLSv1\\.[13]?)$"
|
|
]
|
|
},
|
|
"ssl_state": {
|
|
"==": [
|
|
"SSLOK "
|
|
]
|
|
},
|
|
"sni_servername": {
|
|
"==": [
|
|
"example.com"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |