|
@@ -98,16 +98,32 @@ def test_imap_and_smtp_submission_tls_version_and_ciphers(host, port):
|
|
|
IMAP and SMTP submission.
|
|
|
"""
|
|
|
|
|
|
expected_tls_versions = ["TLSv1.2"]
|
|
|
|
|
|
expected_tls_ciphers = [
|
|
|
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
|
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
|
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
|
|
]
|
|
|
distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
|
|
|
|
|
|
if distribution_release == "bullseye":
|
|
|
expected_tls_versions = ["TLSv1.2"]
|
|
|
expected_tls_ciphers = [
|
|
|
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
|
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
|
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
|
|
]
|
|
|
|
|
|
else:
|
|
|
expected_tls_versions = ["TLSv1.2", "TLSv1.3"]
|
|
|
expected_tls_ciphers = [
|
|
|
"TLS_AKE_WITH_AES_128_GCM_SHA256",
|
|
|
"TLS_AKE_WITH_AES_256_GCM_SHA384",
|
|
|
"TLS_AKE_WITH_CHACHA20_POLY1305_SHA256",
|
|
|
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
|
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
|
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
|
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
|
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
|
|
|
]
|
|
|
|
|
|
# Run the nmap scanner against the server, and fetch the results.
|
|
|
nmap = host.run("nmap -sV --script ssl-enum-ciphers -p %s localhost -oX /tmp/report.xml", str(port))
|