Add tests around SSL cipher defaults behavior.

2022-11-09 13:49:40 -05:00 · 2014-03-16 14:45:59 -07:00 · 2014-03-16 14:45:59 -07:00 · b41a3941c3
commit b41a3941c3
parent a68d9bd7a2
1 changed files with 54 additions and 2 deletions
--- a/spec/unit/request_spec.rb
+++ b/spec/unit/request_spec.rb
@ -16,6 +16,7 @@ describe RestClient::Request do
    @net.stub(:use_ssl=)
    @net.stub(:verify_mode=)
    @net.stub(:verify_callback=)
+    allow(@net).to receive(:ciphers=)
    RestClient.log = nil
  end

@ -595,11 +596,12 @@ describe RestClient::Request do
      @request.transmit(@uri, 'req', 'payload')
    end

-    it "should not set the ssl_ciphers if not provided" do
+    it "should not set the ssl_ciphers if set to nil" do
      @request = RestClient::Request.new(
        :method => :put,
        :url => 'https://some/resource',
-        :payload => 'payload'
+        :payload => 'payload',
+        :ssl_ciphers => nil,
      )
      @net.should_not_receive(:ciphers=)
      @http.stub(:request)
@ -608,6 +610,56 @@ describe RestClient::Request do
      @request.transmit(@uri, 'req', 'payload')
    end

+    it "should override ssl_ciphers with better defaults with weak default ciphers" do
+      stub_const(
+        '::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS',
+        {
+          :ssl_version=>"SSLv23",
+          :verify_mode=>1,
+          :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
+          :options=>-2147480577,
+        }
+      )
+
+      @request = RestClient::Request.new(
+        :method => :put,
+        :url => 'https://some/resource',
+        :payload => 'payload',
+      )
+
+      @net.should_receive(:ciphers=).with(RestClient::Request::DefaultCiphers)
+
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should not override ssl_ciphers with better defaults with different default ciphers" do
+      stub_const(
+        '::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS',
+        {
+          :ssl_version=>"SSLv23",
+          :verify_mode=>1,
+          :ciphers=>"HIGH:!aNULL:!eNULL:!EXPORT:!LOW:!MEDIUM:!SSLv2",
+          :options=>-2147480577,
+        }
+      )
+
+      @request = RestClient::Request.new(
+        :method => :put,
+        :url => 'https://some/resource',
+        :payload => 'payload',
+      )
+
+      @net.should_not_receive(:ciphers=)
+
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
    it "should set the ssl_client_cert if provided" do
      @request = RestClient::Request.new(
              :method => :put,