Add TLS 'cipher-suites' checkconf test
This commit adds a set of valid and invalid configuration files samples that use the new 'cipher-suites' option of the 'tls' statement.
This commit is contained in:
Artem Boldariev
@@ -0,0 +1,26 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
tls local-tls {
|
||||
protocols { TLSv1.3; };
|
||||
key-file "key.pem";
|
||||
cert-file "cert.pem";
|
||||
dhparam-file "dhparam.pem";
|
||||
cipher-suites "HIGH:!aNULL:!MD5:!RC4";
|
||||
prefer-server-ciphers yes;
|
||||
session-tickets no;
|
||||
};
|
||||
|
||||
options {
|
||||
listen-on port 853 tls local-tls { 10.53.0.1; };
|
||||
};
|
||||
@@ -0,0 +1,26 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
tls local-tls {
|
||||
protocols { TLSv1.3; };
|
||||
key-file "key.pem";
|
||||
cert-file "cert.pem";
|
||||
dhparam-file "dhparam.pem";
|
||||
cipher-suites "";
|
||||
prefer-server-ciphers yes;
|
||||
session-tickets no;
|
||||
};
|
||||
|
||||
options {
|
||||
listen-on port 853 tls local-tls { 10.53.0.1; };
|
||||
};
|
||||
@@ -0,0 +1,26 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
tls local-tls {
|
||||
protocols { TLSv1.3; };
|
||||
key-file "key.pem";
|
||||
cert-file "cert.pem";
|
||||
dhparam-file "dhparam.pem";
|
||||
cipher-suites "lalalalalgggg";
|
||||
prefer-server-ciphers yes;
|
||||
session-tickets no;
|
||||
};
|
||||
|
||||
options {
|
||||
listen-on port 853 tls local-tls { 10.53.0.1; };
|
||||
};
|
||||
@@ -0,0 +1,26 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
tls local-tls {
|
||||
protocols { TLSv1.3; };
|
||||
key-file "key.pem";
|
||||
cert-file "cert.pem";
|
||||
dhparam-file "dhparam.pem";
|
||||
cipher-suites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
|
||||
prefer-server-ciphers yes;
|
||||
session-tickets no;
|
||||
};
|
||||
|
||||
options {
|
||||
listen-on port 853 tls local-tls { 10.53.0.1; };
|
||||
};
|
||||
@@ -0,0 +1,26 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
tls local-tls {
|
||||
protocols { TLSv1.3; };
|
||||
key-file "key.pem";
|
||||
cert-file "cert.pem";
|
||||
dhparam-file "dhparam.pem";
|
||||
cipher-suites "TLS_CHACHA20_POLY1305_SHA256";
|
||||
prefer-server-ciphers yes;
|
||||
session-tickets no;
|
||||
};
|
||||
|
||||
options {
|
||||
listen-on port 853 tls local-tls { 10.53.0.1; };
|
||||
};
|
||||
@@ -89,6 +89,10 @@ for good in good-*.conf; do
|
||||
good-proxy-*doh*.conf) continue ;;
|
||||
bad-proxy-*doh*.conf) continue ;;
|
||||
esac
|
||||
elif ! $FEATURETEST --have-openssl-cipher-suites; then
|
||||
case $good in
|
||||
good-tls-cipher-suites-*.conf) continue ;;
|
||||
esac
|
||||
fi
|
||||
{
|
||||
$CHECKCONF $good >checkconf.out$n 2>&1
|
||||
|
||||
Reference in New Issue
Block a user