mongodb/mongo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77d90a66d3
mongo/jstests/sslSpecial/ssl_cipher_default.js
Gabriel Marks 77d90a66d3 SERVER-99750 Use generated certificates in jstests (#46650) 
GitOrigin-RevId: 303ffa3be9ec56f70a9ff9e38d4430fd0c927599
2026-01-28 18:44:45 +00:00

52 lines
1.3 KiB
JavaScript
Raw Blame History

// validate default for opensslCipherConfig
function getparam(mongod, field) {
let q = {getParameter: 1};
q[field] = 1;
let ret = mongod.getDB("admin").runCommand(q);
return ret[field];
}
function assertCorrectConfig(mongodArgs, expectedConfig) {
let m = MongoRunner.runMongod(mongodArgs);
assert.eq(getparam(m, "opensslCipherConfig"), expectedConfig);
MongoRunner.stopMongod(m);
}
const defaultConfig = "HIGH:!EXPORT:!aNULL@STRENGTH";
// if sslMode is disabled, cipher config should be set to default
assertCorrectConfig({sslMode: "disabled"}, defaultConfig);
// if sslMode is enabled, cipher config should have default
assertCorrectConfig(
{
sslMode: "allowSSL",
sslPEMKeyFile: getX509Path("server.pem"),
sslCAFile: getX509Path("ca.pem"),
},
defaultConfig,
);
// setting through setParameter or tlsCipherConfig should override default
assertCorrectConfig(
{
sslMode: "allowSSL",
sslPEMKeyFile: getX509Path("server.pem"),
sslCAFile: getX509Path("ca.pem"),
setParameter: "opensslCipherConfig=HIGH",
},
"HIGH",
);
assertCorrectConfig(
{
sslMode: "allowSSL",
sslPEMKeyFile: getX509Path("server.pem"),
sslCAFile: getX509Path("ca.pem"),
tlsCipherConfig: "HIGH",
},
"HIGH",
);
Reference in New Issue View Git Blame Copy Permalink