File diff 0758b92e0638 → c1abe824342c
roles/xmpp_server/molecule/default/tests/test_optional.py
Show inline comments
 
@@ -55,19 +55,37 @@ def test_xmpp_c2s_tls_version_and_ciphers(host, port):
 
    XMPP C2S ports.
 
    """
 

			




	
	
	
		
 
    expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"]

			




	
	
	
		
 

			




	
	
	
		
 
    expected_tls_ciphers = [

			




	
	
	
		
 
        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",

			




	
	
	
		
 
        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",

			




	
	
	
		
 
        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",

			




	
	
	
		
 
        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",

			




	
	
	
		
 
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",

			




	
	
	
		
 
        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

			




	
	
	
		
 
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

			




	
	
	
		
 
        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",

			




	
	
	
		
 
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",

			




	
	
	
		
 
    ]

			




	
	
	
		
 
    distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]

			




	
	
	
		
 

			




	
	
	
		
 
    if distribution_release == "bullseye":

			




	
	
	
		
 
        expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"]

			




	
	
	
		
 
        expected_tls_ciphers = [

			




	
	
	
		
 
            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",

			




	
	
	
		
 
            "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",

			




	
	
	
		
 
            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",

			




	
	
	
		
 
            "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",

			




	
	
	
		
 
        ]

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"]

			




	
	
	
		
 
        expected_tls_ciphers = [

			




	
	
	
		
 
            "TLS_AKE_WITH_AES_128_GCM_SHA256",

			




	
	
	
		
 
            "TLS_AKE_WITH_AES_256_GCM_SHA384",

			




	
	
	
		
 
            "TLS_AKE_WITH_CHACHA20_POLY1305_SHA256",

			




	
	
	
		
 
            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",

			




	
	
	
		
 
            "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",

			




	
	
	
		
 
            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",

			




	
	
	
		
 
            "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",

			




	
	
	
		
 
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",

			




	
	
	
		
 
        ]

			




	
	
	
		
 

			




	
	
	
		
 
    # Run the nmap scanner against the server, and fetch the results.

			




	
	
	
		
 
    nmap = host.run("nmap -sV --script ssl-enum-ciphers -p %s domain2 -oX /tmp/report.xml", str(port))

			




        

    



    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.