mongodb/mongo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77d90a66d3
mongo/jstests/ssl/openssl_ciphersuites.js
Gabriel Marks 77d90a66d3 SERVER-99750 Use generated certificates in jstests (#46650) 
GitOrigin-RevId: 303ffa3be9ec56f70a9ff9e38d4430fd0c927599
2026-01-28 18:44:45 +00:00

58 lines
2.0 KiB
JavaScript
Raw Blame History

// Test setParameter sslCipherSuitesConfig for TLS 1.3
// sslCipherSuitesConfig allows the user to set the list of cipher suites for just TLS 1.3
import {detectDefaultTLSProtocol, determineSSLProvider} from "jstests/ssl/libs/ssl_helpers.js";
// Short circuits for system configurations that do not support this setParameter, (i.e. OpenSSL
// that don't support TLS 1.3)
if (determineSSLProvider() !== "openssl") {
jsTestLog("SSL provider is not OpenSSL; skipping test.");
quit();
} else if (detectDefaultTLSProtocol() !== "TLS1_3") {
jsTestLog("Platform does not support TLS 1.3; skipping test.");
quit();
}
const baseParams = {
tlsMode: "requireTLS",
tlsCertificateKeyFile: getX509Path("server.pem"),
tlsCAFile: getX509Path("root-and-trusted-ca.pem"),
waitForConnect: false,
};
function testConn() {
const mongo = runMongoProgram(
"mongo",
"--host",
"localhost",
"--port",
mongod.port,
"--tls",
"--tlsCAFile",
getX509Path("ca.pem"),
"--tlsCertificateKeyFile",
getX509Path("trusted-client.pem"),
"--eval",
";",
);
return mongo === 0;
}
// test a successful connection when setting cipher suites
jsTestLog("Testing for successful connection with valid cipher suite config");
let mongod = MongoRunner.runMongod(
Object.merge(baseParams, {setParameter: {opensslCipherSuiteConfig: "TLS_AES_256_GCM_SHA384"}}),
);
assert.soon(testConn, "Client could not connect to server with valid ciphersuite config.");
MongoRunner.stopMongod(mongod);
// test an unsuccessful connection when mandating a cipher suite which OpenSSL disables by default
jsTestLog("Testing for unsuccessful connection with cipher suite config which OpenSSL disables by default.");
mongod = MongoRunner.runMongod(
Object.merge(baseParams, {setParameter: {opensslCipherSuiteConfig: "TLS_AES_128_CCM_8_SHA256"}}),
);
sleep(30000);
assert.eq(false, testConn(), "Client successfully connected to server with invalid ciphersuite config.");
MongoRunner.stopMongod(mongod);
Reference in New Issue View Git Blame Copy Permalink