majic-ansible-roles Changeset

Changeset - d9278f9a2689

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 3 years ago 2021-01-18 23:27:29
branko@majic.rs

MAR-151: Deduplicate TLS test for default SMTP port in mail_server role.

3 files changed with 154 insertions and 304 deletions:

roles/mail_server/molecule/default/tests/test_default.py

154

roles/mail_server/molecule/default/tests/test_mandatory.py

152

roles/mail_server/molecule/default/tests/test_optional.py

152

0 comments (0 inline, 0 general)

roles/mail_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -2,6 +2,8 @@ import os @@
 import re
 import uuid
 import defusedxml.ElementTree as ElementTree
 import testinfra.utils.ansible_runner
@@ @@ -608,3 +610,155 @@ def test_certificate_validity_check_configuration(host): @@
     assert config.group == 'root'
     assert config.mode == 0o644
     assert config.content_string == "/etc/ssl/certs/%s_imap.pem" % hostname
 def test_smtp_default_port_tls_version_and_ciphers(host):
     """
     Tests TLS configuration for SMTP default port (needs to be less
     restrictive for interoperability purposes).
     """
     expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"]
     expected_tls_ciphers = {
         "stretch": [
             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_DHE_RSA_WITH_AES_128_CCM",
             "TLS_DHE_RSA_WITH_AES_128_CCM_8",
             "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
             "TLS_DHE_RSA_WITH_AES_256_CCM",
             "TLS_DHE_RSA_WITH_AES_256_CCM_8",
             "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
             "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
             "TLS_DH_anon_WITH_AES_128_CBC_SHA",
             "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
             "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
             "TLS_DH_anon_WITH_AES_256_CBC_SHA",
             "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
             "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
             "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_DH_anon_WITH_SEED_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
             "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
             "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
             "TLS_RSA_WITH_AES_128_CBC_SHA",
             "TLS_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_RSA_WITH_AES_128_CCM",
             "TLS_RSA_WITH_AES_128_CCM_8",
             "TLS_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_RSA_WITH_AES_256_CBC_SHA",
             "TLS_RSA_WITH_AES_256_CBC_SHA256",
             "TLS_RSA_WITH_AES_256_CCM",
             "TLS_RSA_WITH_AES_256_CCM_8",
             "TLS_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_RSA_WITH_SEED_CBC_SHA",
         ],
         "buster": [
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_128_CCM',
             'TLS_DHE_RSA_WITH_AES_128_CCM_8',
             'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CCM',
             'TLS_DHE_RSA_WITH_AES_256_CCM_8',
             'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
             'TLS_DHE_RSA_WITH_SEED_CBC_SHA',
             'TLS_DH_anon_WITH_AES_128_CBC_SHA',
             'TLS_DH_anon_WITH_AES_128_CBC_SHA256',
             'TLS_DH_anon_WITH_AES_128_GCM_SHA256',
             'TLS_DH_anon_WITH_AES_256_CBC_SHA',
             'TLS_DH_anon_WITH_AES_256_CBC_SHA256',
             'TLS_DH_anon_WITH_AES_256_GCM_SHA384',
             'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_DH_anon_WITH_SEED_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
             'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384',
             'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
             'TLS_ECDH_anon_WITH_AES_128_CBC_SHA',
             'TLS_ECDH_anon_WITH_AES_256_CBC_SHA',
             'TLS_RSA_WITH_AES_128_CBC_SHA',
             'TLS_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_RSA_WITH_AES_128_CCM',
             'TLS_RSA_WITH_AES_128_CCM_8',
             'TLS_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_RSA_WITH_AES_256_CBC_SHA',
             'TLS_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_RSA_WITH_AES_256_CCM',
             'TLS_RSA_WITH_AES_256_CCM_8',
             'TLS_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_RSA_WITH_SEED_CBC_SHA',
+        ]
+    }
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     # Run the nmap scanner against the server, and fetch the results.
     nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 25 localhost -oX /tmp/report.xml")
     assert nmap.rc == 0
     report_content = host.file('/tmp/report.xml').content_string
     report_root = ElementTree.fromstring(report_content)
     tls_versions = []
     tls_ciphers = set()
     for child in report_root.findall("./host/ports/port/script/table"):
         tls_versions.append(child.attrib['key'])
     for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
         tls_ciphers.add(child.text)
     tls_versions.sort()
     tls_ciphers = sorted(list(tls_ciphers))
     assert tls_versions == expected_tls_versions
     assert tls_ciphers == expected_tls_ciphers[distribution_release]

roles/mail_server/molecule/default/tests/test_mandatory.py

➞

Show inline comments

@@ @@ -157,158 +157,6 @@ def test_imap_max_user_connections_per_ip(host): @@
         assert "  mail_max_userip_connections = 10" in config.stdout
 def test_smtp_default_port_tls_version_and_ciphers(host):
     """
     Tests TLS configuration for SMTP default port (needs to be less
     restrictive for interoperability purposes).
     """
     expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"]
     expected_tls_ciphers = {
         "stretch": [
             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_DHE_RSA_WITH_AES_128_CCM",
             "TLS_DHE_RSA_WITH_AES_128_CCM_8",
             "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
             "TLS_DHE_RSA_WITH_AES_256_CCM",
             "TLS_DHE_RSA_WITH_AES_256_CCM_8",
             "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
             "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
             "TLS_DH_anon_WITH_AES_128_CBC_SHA",
             "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
             "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
             "TLS_DH_anon_WITH_AES_256_CBC_SHA",
             "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
             "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
             "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_DH_anon_WITH_SEED_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
             "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
             "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
             "TLS_RSA_WITH_AES_128_CBC_SHA",
             "TLS_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_RSA_WITH_AES_128_CCM",
             "TLS_RSA_WITH_AES_128_CCM_8",
             "TLS_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_RSA_WITH_AES_256_CBC_SHA",
             "TLS_RSA_WITH_AES_256_CBC_SHA256",
             "TLS_RSA_WITH_AES_256_CCM",
             "TLS_RSA_WITH_AES_256_CCM_8",
             "TLS_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_RSA_WITH_SEED_CBC_SHA",
         ],
         "buster": [
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_128_CCM',
             'TLS_DHE_RSA_WITH_AES_128_CCM_8',
             'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CCM',
             'TLS_DHE_RSA_WITH_AES_256_CCM_8',
             'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
             'TLS_DHE_RSA_WITH_SEED_CBC_SHA',
             'TLS_DH_anon_WITH_AES_128_CBC_SHA',
             'TLS_DH_anon_WITH_AES_128_CBC_SHA256',
             'TLS_DH_anon_WITH_AES_128_GCM_SHA256',
             'TLS_DH_anon_WITH_AES_256_CBC_SHA',
             'TLS_DH_anon_WITH_AES_256_CBC_SHA256',
             'TLS_DH_anon_WITH_AES_256_GCM_SHA384',
             'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_DH_anon_WITH_SEED_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
             'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384',
             'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
             'TLS_ECDH_anon_WITH_AES_128_CBC_SHA',
             'TLS_ECDH_anon_WITH_AES_256_CBC_SHA',
             'TLS_RSA_WITH_AES_128_CBC_SHA',
             'TLS_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_RSA_WITH_AES_128_CCM',
             'TLS_RSA_WITH_AES_128_CCM_8',
             'TLS_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_RSA_WITH_AES_256_CBC_SHA',
             'TLS_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_RSA_WITH_AES_256_CCM',
             'TLS_RSA_WITH_AES_256_CCM_8',
             'TLS_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_RSA_WITH_SEED_CBC_SHA',
+        ]
+    }
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     # Run the nmap scanner against the server, and fetch the results.
     nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 25 localhost -oX /tmp/report.xml")
     assert nmap.rc == 0
     report_content = host.file('/tmp/report.xml').content_string
     report_root = ElementTree.fromstring(report_content)
     tls_versions = []
     tls_ciphers = set()
     for child in report_root.findall("./host/ports/port/script/table"):
         tls_versions.append(child.attrib['key'])
     for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
         tls_ciphers.add(child.text)
     tls_versions.sort()
     tls_ciphers = sorted(list(tls_ciphers))
     assert tls_versions == expected_tls_versions
     assert tls_ciphers == expected_tls_ciphers[distribution_release]
 def test_sieve_tls_configuration(host):
     """
     Tests TLS configuration for SIEVE in Dovecot

roles/mail_server/molecule/default/tests/test_optional.py

➞

Show inline comments

@@ @@ -188,158 +188,6 @@ def test_imap_max_user_connections_per_ip(host): @@
         assert "  mail_max_userip_connections = 2" in config.stdout
 def test_smtp_default_port_tls_version_and_ciphers(host):
     """
     Tests TLS configuration for SMTP default port (needs to be less
     restrictive for interoperability purposes).
     """
     expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"]
     expected_tls_ciphers = {
         "stretch": [
             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
             "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_DHE_RSA_WITH_AES_128_CCM",
             "TLS_DHE_RSA_WITH_AES_128_CCM_8",
             "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
             "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
             "TLS_DHE_RSA_WITH_AES_256_CCM",
             "TLS_DHE_RSA_WITH_AES_256_CCM_8",
             "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
             "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
             "TLS_DH_anon_WITH_AES_128_CBC_SHA",
             "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
             "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
             "TLS_DH_anon_WITH_AES_256_CBC_SHA",
             "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
             "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
             "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_DH_anon_WITH_SEED_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
             "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
             "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
             "TLS_RSA_WITH_AES_128_CBC_SHA",
             "TLS_RSA_WITH_AES_128_CBC_SHA256",
             "TLS_RSA_WITH_AES_128_CCM",
             "TLS_RSA_WITH_AES_128_CCM_8",
             "TLS_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_RSA_WITH_AES_256_CBC_SHA",
             "TLS_RSA_WITH_AES_256_CBC_SHA256",
             "TLS_RSA_WITH_AES_256_CCM",
             "TLS_RSA_WITH_AES_256_CCM_8",
             "TLS_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
             "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
             "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
             "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
             "TLS_RSA_WITH_SEED_CBC_SHA",
         ],
         "buster": [
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_128_CCM',
             'TLS_DHE_RSA_WITH_AES_128_CCM_8',
             'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CCM',
             'TLS_DHE_RSA_WITH_AES_256_CCM_8',
             'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
             'TLS_DHE_RSA_WITH_SEED_CBC_SHA',
             'TLS_DH_anon_WITH_AES_128_CBC_SHA',
             'TLS_DH_anon_WITH_AES_128_CBC_SHA256',
             'TLS_DH_anon_WITH_AES_128_GCM_SHA256',
             'TLS_DH_anon_WITH_AES_256_CBC_SHA',
             'TLS_DH_anon_WITH_AES_256_CBC_SHA256',
             'TLS_DH_anon_WITH_AES_256_GCM_SHA384',
             'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_DH_anon_WITH_SEED_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
             'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384',
             'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
             'TLS_ECDH_anon_WITH_AES_128_CBC_SHA',
             'TLS_ECDH_anon_WITH_AES_256_CBC_SHA',
             'TLS_RSA_WITH_AES_128_CBC_SHA',
             'TLS_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_RSA_WITH_AES_128_CCM',
             'TLS_RSA_WITH_AES_128_CCM_8',
             'TLS_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_RSA_WITH_AES_256_CBC_SHA',
             'TLS_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_RSA_WITH_AES_256_CCM',
             'TLS_RSA_WITH_AES_256_CCM_8',
             'TLS_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_RSA_WITH_SEED_CBC_SHA',
+        ]
+    }
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     # Run the nmap scanner against the server, and fetch the results.
     nmap = host.run("nmap -sV --script ssl-enum-ciphers -p 25 localhost -oX /tmp/report.xml")
     assert nmap.rc == 0
     report_content = host.file('/tmp/report.xml').content_string
     report_root = ElementTree.fromstring(report_content)
     tls_versions = []
     tls_ciphers = set()
     for child in report_root.findall("./host/ports/port/script/table"):
         tls_versions.append(child.attrib['key'])
     for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):
         tls_ciphers.add(child.text)
     tls_versions.sort()
     tls_ciphers = sorted(list(tls_ciphers))
     assert tls_versions == expected_tls_versions
     assert tls_ciphers == expected_tls_ciphers[distribution_release]
 def test_sieve_tls_configuration(host):
     """
     Tests TLS configuration for SIEVE in Dovecot

0 comments (0 inline, 0 general)