go.etcd.io/etcd@v3.3.27+incompatible/pkg/transport/transport_test.go (about) 1 // Copyright 2018 The etcd Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package transport 16 17 import ( 18 "crypto/tls" 19 "net/http" 20 "strings" 21 "testing" 22 "time" 23 ) 24 25 // TestNewTransportTLSInvalidCipherSuites expects a client with invalid 26 // cipher suites fail to handshake with the server. 27 func TestNewTransportTLSInvalidCipherSuites(t *testing.T) { 28 tlsInfo, del, err := createSelfCert() 29 if err != nil { 30 t.Fatalf("unable to create cert: %v", err) 31 } 32 defer del() 33 34 cipherSuites := []uint16{ 35 tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 36 tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 37 tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 38 tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 39 tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 40 tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 41 } 42 43 // make server and client have unmatched cipher suites 44 srvTLS, cliTLS := *tlsInfo, *tlsInfo 45 srvTLS.CipherSuites, cliTLS.CipherSuites = cipherSuites[:2], cipherSuites[2:] 46 47 ln, err := NewListener("127.0.0.1:0", "https", &srvTLS) 48 if err != nil { 49 t.Fatalf("unexpected NewListener error: %v", err) 50 } 51 defer ln.Close() 52 53 donec := make(chan struct{}) 54 go func() { 55 ln.Accept() 56 donec <- struct{}{} 57 }() 58 go func() { 59 tr, err := NewTransport(cliTLS, 3*time.Second) 60 if err != nil { 61 t.Fatalf("unexpected NewTransport error: %v", err) 62 } 63 cli := &http.Client{Transport: tr} 64 _, gerr := cli.Get("https://" + ln.Addr().String()) 65 if gerr == nil || !strings.Contains(gerr.Error(), "tls: handshake failure") { 66 t.Fatal("expected client TLS handshake error") 67 } 68 ln.Close() 69 donec <- struct{}{} 70 }() 71 <-donec 72 <-donec 73 }