MCPcopy
hub / github.com/grpc/grpc-go / TestTLS_CipherSuites

Method TestTLS_CipherSuites

credentials/tls_ext_test.go:252–332  ·  view source on GitHub ↗

Tests that CipherSuites is set to exclude HTTP/2 forbidden suites by default.

(t *testing.T)

Source from the content-addressed store, hash-verified

250
251// Tests that CipherSuites is set to exclude HTTP/2 forbidden suites by default.
252func (s) TestTLS_CipherSuites(t *testing.T) {
253 ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
254 defer cancel()
255 testCases := []struct {
256 name string
257 serverTLS func() *tls.Config
258 }{
259 {
260 name: "base_case",
261 serverTLS: func() *tls.Config {
262 return &tls.Config{
263 Certificates: []tls.Certificate{serverCert},
264 }
265 },
266 },
267 {
268 name: "fallback_to_base",
269 serverTLS: func() *tls.Config {
270 config := &tls.Config{
271 Certificates: []tls.Certificate{serverCert},
272 }
273 config.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
274 return nil, nil
275 }
276 return config
277 },
278 },
279 {
280 name: "dynamic_using_get_config_for_client",
281 serverTLS: func() *tls.Config {
282 return &tls.Config{
283 GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) {
284 return &tls.Config{
285 Certificates: []tls.Certificate{serverCert},
286 }, nil
287 },
288 }
289 },
290 },
291 }
292
293 for _, tc := range testCases {
294 t.Run(tc.name, func(t *testing.T) {
295 // Create server creds without cipher suites.
296 serverCreds := credentials.NewTLS(tc.serverTLS())
297 ss := stubserver.StubServer{
298 EmptyCallF: func(context.Context, *testpb.Empty) (*testpb.Empty, error) {
299 return &testpb.Empty{}, nil
300 },
301 }
302
303 // Create client creds that use a forbidden suite only.
304 clientCreds := credentials.NewTLS(&tls.Config{
305 ServerName: serverName,
306 RootCAs: certPool,
307 CipherSuites: []uint16{tls.TLS_RSA_WITH_AES_128_CBC_SHA},
308 MaxVersion: tls.VersionTLS12, // TLS1.3 cipher suites are not configurable, so limit to 1.2.
309 })

Callers

nothing calls this directly

Calls 12

StartServerMethod · 0.95
StopMethod · 0.95
EmptyCallMethod · 0.95
NewTLSFunction · 0.92
CredsFunction · 0.92
NewClientFunction · 0.92
WithTransportCredentialsFunction · 0.92
CodeFunction · 0.92
ConvertFunction · 0.92
MessageMethod · 0.80
FatalfMethod · 0.65
CloseMethod · 0.65

Tested by

no test coverage detected