ipatests: add test to check that only TLS 1.2 is enabled in Apache

Related to: https://pagure.io/freeipa/issue/7995

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Sergey Orlov 2019-10-18 14:53:02 +02:00 committed by Rob Crittenden
parent 73796c7797
commit 14be271533

View File

@ -679,3 +679,23 @@ class TestIPACommand(IntegrationTest):
assert 'Modified user "%s"' % (ipauser) in cmd.stdout_text
assert 'First name: %s' % (modfirst) in cmd.stdout_text
assert 'Last name: %s' % (modlast) in cmd.stdout_text
def test_enabled_tls_protocols(self):
"""Check that only TLS 1.2 is enabled in Apache.
This is the regression test for issue
https://pagure.io/freeipa/issue/7995.
"""
def is_tls_version_enabled(tls_version):
res = self.master.run_command(
['openssl', 's_client',
'-connect', '{}:443'.format(self.master.hostname),
'-{}'.format(tls_version)],
stdin_text='\n',
ok_returncode=[0, 1]
)
return res.returncode == 0
assert not is_tls_version_enabled('tls1')
assert not is_tls_version_enabled('tls1_1')
assert is_tls_version_enabled('tls1_2')