This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
test/external/ssl-options fails #9020
Comments
misterdjules
pushed a commit
to misterdjules/node
that referenced
this issue
Jan 14, 2015
The tests suite available in test/external/ssl-options was originally written for security fixes made in the v0.10 branch. In this branch, the client's default ciphers list is compatible with SSLv2. After merging this change from v0.10 to v0.12, this tests suite was broken because commits 5d2aef1 and f4c8020 make SSL/TLS clients use a default ciphers list that is not compatible with the SSLv2 protocol. This change fixes two issues: 1) The cipher list that was setup for a given test was not passed properly to the client. 2) When either or both of clients/servers were using SSLv2, tests were expected to succeed when at least the server end was using SSLv2 compatible ciphers. Now, tests are expected to succeed only if SSLv2 compatible ciphers are used on both ends. Fixes nodejs#9020.
|
Fixed by #9027. |
misterdjules
pushed a commit
to misterdjules/node
that referenced
this issue
Jan 15, 2015
The tests suite available in test/external/ssl-options was originally written for security fixes made in the v0.10 branch. In this branch, the client's default ciphers list is compatible with SSLv2. After merging this change from v0.10 to v0.12, this tests suite was broken because commits 5d2aef1 and f4c8020 make SSL/TLS clients use a default ciphers list that is not compatible with the SSLv2 protocol. This change fixes two issues: 1) The cipher list that was setup for a given test was not passed properly to the client. 2) When either or both of clients/servers were using SSLv2, tests were expected to succeed when at least the server end was using SSLv2 compatible ciphers. Now, tests are expected to succeed only if SSLv2 compatible ciphers are used on both ends. Fixes nodejs#9020. Reviewed-by: Trevor Norris <[email protected]>
|
Landed in 408bffe. |
misterdjules
pushed a commit
to misterdjules/node
that referenced
this issue
May 11, 2015
Backport 408bffe from v0.12. Now that the default ciphers list is used client side even when options.ciphers is not set or set to undefined/null, and that the default ciphers list does not contain RC4 anymore, update the ssl/tls options matrix tests suite to check that a connection that uses RC4 needs both sides of the connection specifying RC4 in their allowed ciphers. Original commit message: test: fix ssl/tls options matrix test The tests suite available in test/external/ssl-options was originally written for security fixes made in the v0.10 branch. In this branch, the client's default ciphers list is compatible with SSLv2. After merging this change from v0.10 to v0.12, this tests suite was broken because commits 5d2aef1 and f4c8020 make SSL/TLS clients use a default ciphers list that is not compatible with the SSLv2 protocol. This change fixes two issues: 1) The cipher list that was setup for a given test was not passed properly to the client. 2) When either or both of clients/servers were using SSLv2, tests were expected to succeed when at least the server end was using SSLv2 compatible ciphers. Now, tests are expected to succeed only if SSLv2 compatible ciphers are used on both ends. Fixes nodejs#9020.
misterdjules
pushed a commit
to misterdjules/node
that referenced
this issue
May 11, 2015
Backport 408bffe from v0.12. Now that the default ciphers list is used client side even when options.ciphers is not set or set to undefined/null, and that the default ciphers list does not contain RC4 anymore, update the ssl/tls options matrix tests suite to check that a connection that uses RC4 needs both sides of the connection specifying RC4 in their allowed ciphers. Original commit message: test: fix ssl/tls options matrix test The tests suite available in test/external/ssl-options was originally written for security fixes made in the v0.10 branch. In this branch, the client's default ciphers list is compatible with SSLv2. After merging this change from v0.10 to v0.12, this tests suite was broken because commits 5d2aef1 and f4c8020 make SSL/TLS clients use a default ciphers list that is not compatible with the SSLv2 protocol. This change fixes two issues: 1) The cipher list that was setup for a given test was not passed properly to the client. 2) When either or both of clients/servers were using SSLv2, tests were expected to succeed when at least the server end was using SSLv2 compatible ciphers. Now, tests are expected to succeed only if SSLv2 compatible ciphers are used on both ends. Fixes nodejs#9020.
misterdjules
pushed a commit
to misterdjules/node
that referenced
this issue
Jun 30, 2015
Backport 408bffe from v0.12. Now that the default ciphers list is used client side even when options.ciphers is not set or set to undefined/null, and that the default ciphers list does not contain RC4 anymore, update the ssl/tls options matrix tests suite to check that a connection that uses RC4 needs both sides of the connection specifying RC4 in their allowed ciphers. Original commit message: test: fix ssl/tls options matrix test The tests suite available in test/external/ssl-options was originally written for security fixes made in the v0.10 branch. In this branch, the client's default ciphers list is compatible with SSLv2. After merging this change from v0.10 to v0.12, this tests suite was broken because commits 5d2aef1 and f4c8020 make SSL/TLS clients use a default ciphers list that is not compatible with the SSLv2 protocol. This change fixes two issues: 1) The cipher list that was setup for a given test was not passed properly to the client. 2) When either or both of clients/servers were using SSLv2, tests were expected to succeed when at least the server end was using SSLv2 compatible ciphers. Now, tests are expected to succeed only if SSLv2 compatible ciphers are used on both ends. Fixes nodejs#9020.
misterdjules
pushed a commit
to misterdjules/node
that referenced
this issue
Jun 30, 2015
Backport 408bffe from v0.12. Now that the default ciphers list is used client side even when options.ciphers is not set or set to undefined/null, and that the default ciphers list does not contain RC4 anymore, update the ssl/tls options matrix tests suite to check that a connection that uses RC4 needs both sides of the connection specifying RC4 in their allowed ciphers. Original commit message: test: fix ssl/tls options matrix test The tests suite available in test/external/ssl-options was originally written for security fixes made in the v0.10 branch. In this branch, the client's default ciphers list is compatible with SSLv2. After merging this change from v0.10 to v0.12, this tests suite was broken because commits 5d2aef1 and f4c8020 make SSL/TLS clients use a default ciphers list that is not compatible with the SSLv2 protocol. This change fixes two issues: 1) The cipher list that was setup for a given test was not passed properly to the client. 2) When either or both of clients/servers were using SSLv2, tests were expected to succeed when at least the server end was using SSLv2 compatible ciphers. Now, tests are expected to succeed only if SSLv2 compatible ciphers are used on both ends. Fixes nodejs#9020.
misterdjules
pushed a commit
to misterdjules/node
that referenced
this issue
Jul 16, 2015
Backport 408bffe from v0.12. Now that the default ciphers list is used client side even when options.ciphers is not set or set to undefined/null, and that the default ciphers list does not contain RC4 anymore, update the ssl/tls options matrix tests suite to check that a connection that uses RC4 needs both sides of the connection specifying RC4 in their allowed ciphers. Original commit message: test: fix ssl/tls options matrix test The tests suite available in test/external/ssl-options was originally written for security fixes made in the v0.10 branch. In this branch, the client's default ciphers list is compatible with SSLv2. After merging this change from v0.10 to v0.12, this tests suite was broken because commits 5d2aef1 and f4c8020 make SSL/TLS clients use a default ciphers list that is not compatible with the SSLv2 protocol. This change fixes two issues: 1) The cipher list that was setup for a given test was not passed properly to the client. 2) When either or both of clients/servers were using SSLv2, tests were expected to succeed when at least the server end was using SSLv2 compatible ciphers. Now, tests are expected to succeed only if SSLv2 compatible ciphers are used on both ends. Fixes nodejs#9020.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The most recent merge from v0.10 to v0.12 introduced a regression: test/external/ssl-options now fails on all supported platforms.
This test is not run as part of the standard tests suite used on our continuous integration platform. It is run manually and is used to make sure that the compatibility of client/server SSL/TLS runtime settings for the default build options is what we expect.
It is a somewhat critical test in the sense that it allows us to make sure that, for instance, a client that didn't enable the SSLv3 protocol cannot connect to a server that enabled it.
The text was updated successfully, but these errors were encountered: