@@ -23,17 +23,33 @@ def test_certificate_validity_check_configuration(host):
assert config.content_string == "/etc/ssl/certs/%s_https.pem" % hostname
def test_tls_configuration(host):
def test_tls_enabled(host):
"""
Tests if the TLS has been configured correctly and works.
Tests if TLS has been enabled.
tls = host.run('wget -q -O - https://parameters-mandatory/')
assert tls.rc == 0
def test_tls_version(host):
Tests if only the configured TLS protocol versions are allowed by
the server.
old_tls_versions_disabled = host.run("echo 'Q' | openssl s_client -no_tls1_2 -connect parameters-mandatory:443")
assert old_tls_versions_disabled.rc != 0
# Avoid false negatives by ensuring the client had actually
# established the TCP connection.
assert "CONNECTED" in old_tls_versions_disabled.stdout
def test_tls_ciphers(host):
Tests available TLS ciphers on the server.
cipher = host.run("echo 'Q' | openssl s_client -cipher ECDHE-RSA-AES128-SHA256 -connect parameters-mandatory:443")
assert cipher.rc == 0