|
@@ -4,6 +4,8 @@ import pytest
|
|
|
|
|
|
import testinfra.utils.ansible_runner
|
|
|
|
|
|
from tls_ciphers import ALL_CIPHERS
|
|
|
|
|
|
|
|
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-mandatory')
|
|
@@ -23,66 +25,6 @@ def test_tls_version(host):
|
|
|
assert old_tls_versions_disabled.rc != 0
|
|
|
|
|
|
|
|
|
ALL_CIPHERS = [
|
|
|
"AES128-GCM-SHA256",
|
|
|
"AES128-SHA",
|
|
|
"AES128-SHA256",
|
|
|
"AES256-GCM-SHA384",
|
|
|
"AES256-SHA",
|
|
|
"AES256-SHA256",
|
|
|
"DHE-PSK-AES128-CBC-SHA",
|
|
|
"DHE-PSK-AES128-CBC-SHA256",
|
|
|
"DHE-PSK-AES128-GCM-SHA256",
|
|
|
"DHE-PSK-AES256-CBC-SHA",
|
|
|
"DHE-PSK-AES256-CBC-SHA384",
|
|
|
"DHE-PSK-AES256-GCM-SHA384",
|
|
|
"DHE-PSK-CHACHA20-POLY1305",
|
|
|
"DHE-RSA-AES128-GCM-SHA256",
|
|
|
"DHE-RSA-AES128-SHA",
|
|
|
"DHE-RSA-AES128-SHA256",
|
|
|
"DHE-RSA-AES256-GCM-SHA384",
|
|
|
"DHE-RSA-AES256-SHA",
|
|
|
"DHE-RSA-AES256-SHA256",
|
|
|
"DHE-RSA-CHACHA20-POLY1305",
|
|
|
"ECDHE-ECDSA-AES128-GCM-SHA256",
|
|
|
"ECDHE-ECDSA-AES128-SHA",
|
|
|
"ECDHE-ECDSA-AES128-SHA256",
|
|
|
"ECDHE-ECDSA-AES256-GCM-SHA384",
|
|
|
"ECDHE-ECDSA-AES256-SHA",
|
|
|
"ECDHE-ECDSA-AES256-SHA384",
|
|
|
"ECDHE-ECDSA-CHACHA20-POLY1305",
|
|
|
"ECDHE-PSK-AES128-CBC-SHA",
|
|
|
"ECDHE-PSK-AES128-CBC-SHA256",
|
|
|
"ECDHE-PSK-AES256-CBC-SHA",
|
|
|
"ECDHE-PSK-AES256-CBC-SHA384",
|
|
|
"ECDHE-PSK-CHACHA20-POLY1305",
|
|
|
"ECDHE-RSA-AES128-GCM-SHA256",
|
|
|
"ECDHE-RSA-AES128-SHA",
|
|
|
"ECDHE-RSA-AES128-SHA256",
|
|
|
"ECDHE-RSA-AES256-GCM-SHA384",
|
|
|
"ECDHE-RSA-AES256-SHA",
|
|
|
"ECDHE-RSA-AES256-SHA384",
|
|
|
"ECDHE-RSA-CHACHA20-POLY1305",
|
|
|
"PSK-AES128-CBC-SHA",
|
|
|
"PSK-AES128-CBC-SHA256",
|
|
|
"PSK-AES128-GCM-SHA256",
|
|
|
"PSK-AES256-CBC-SHA",
|
|
|
"PSK-AES256-CBC-SHA384",
|
|
|
"PSK-AES256-GCM-SHA384",
|
|
|
"PSK-CHACHA20-POLY1305",
|
|
|
"RSA-PSK-AES128-CBC-SHA",
|
|
|
"RSA-PSK-AES128-CBC-SHA256",
|
|
|
"RSA-PSK-AES128-GCM-SHA256",
|
|
|
"RSA-PSK-AES256-CBC-SHA",
|
|
|
"RSA-PSK-AES256-CBC-SHA384",
|
|
|
"RSA-PSK-AES256-GCM-SHA384",
|
|
|
"RSA-PSK-CHACHA20-POLY1305",
|
|
|
"SRP-AES-128-CBC-SHA",
|
|
|
"SRP-AES-256-CBC-SHA",
|
|
|
"SRP-RSA-AES-128-CBC-SHA",
|
|
|
"SRP-RSA-AES-256-CBC-SHA",
|
|
|
]
|
|
|
|
|
|
ENABLED_CIPHERS = [
|
|
|
"DHE-RSA-AES128-GCM-SHA256",
|
|
|
"DHE-RSA-AES256-GCM-SHA384",
|