1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http.ssl;
29
30 import org.junit.Assert;
31 import org.junit.Test;
32
33
34
35
36 public class TestTlsCiphers {
37
38 @Test
39 public void testStrongCipherSuites() {
40 final String[] strongCipherSuites = {
41 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
42 "TLS_RSA_WITH_AES_256_CBC_SHA256",
43 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
44 "TLS_RSA_WITH_AES_128_CBC_SHA",
45 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
46 "TLS_RSA_WITH_AES_256_GCM_SHA384"
47 };
48 for (final String cipherSuite : strongCipherSuites) {
49 Assert.assertFalse(TlsCiphers.isWeak(cipherSuite));
50 }
51 }
52
53 @Test
54 public void testWeakCiphersDisabledByDefault() {
55 final String[] weakCiphersSuites = {
56 "SSL_RSA_WITH_RC4_128_SHA",
57 "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
58 "TLS_DH_anon_WITH_AES_128_CBC_SHA",
59 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
60 "SSL_RSA_WITH_NULL_SHA",
61 "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
62 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
63 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
64 "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
65 "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
66 "TLS_RSA_WITH_NULL_SHA256",
67 "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
68 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
69 "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
70 "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"
71 };
72 for (final String cipherSuite : weakCiphersSuites) {
73 Assert.assertTrue(TlsCiphers.isWeak(cipherSuite));
74 }
75 }
76
77 }