public async Task WhenAllTestAreTcpConnectionFailedShouldReturnOneError() { EvaluatorResult expectedResult = EvaluatorResult.INCONCLUSIVE; string expectedMessage = "We were unable to create a TLS connection with this server. This could be because the server does not support TLS " + "or because Mail Check servers have been blocked. We will keep trying to test TLS with this server, so please check back later or get in touch " + "if you think there's a problem."; var mxHostTlsResults = new TlsTestResults("abc.def.gov.uk", false, false, new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), new BouncyCastleTlsTestResult(TlsError.TCP_CONNECTION_FAILED, "", null), null); IMxSecurityEvaluator mxSecurityEvaluator = A.Fake <IMxSecurityEvaluator>(); ILogger <EvaluationProcessor> log = A.Fake <ILogger <EvaluationProcessor> >(); IEvaluationProcessor processor = new EvaluationProcessor(mxSecurityEvaluator, log); TlsResultsEvaluated results = await processor.Process(mxHostTlsResults); Assert.AreEqual(expectedResult, results.TlsRecords.Tls12AvailableWithBestCipherSuiteSelected.TlsEvaluatedResult.Result.Value); Assert.AreEqual(expectedMessage, results.TlsRecords.Tls12AvailableWithBestCipherSuiteSelected.TlsEvaluatedResult.Description); }
public async Task <MxRecordTlsSecurityProfile> Test(MxRecordTlsSecurityProfile mxRecordTlsSecurityProfile) { if (_config.CachingEnabled) { string cachedStringResult = await _cache.GetString($"{KeyPrefix}-{mxRecordTlsSecurityProfile.MxRecord.Hostname?.ToLower()}"); if (cachedStringResult != null) { _log.Debug($"Successfully retrieved TLSSecurityProfile from cache for host {mxRecordTlsSecurityProfile.MxRecord.Hostname}"); TlsTestResults cachedResults = JsonConvert.DeserializeObject <TlsTestResults>(cachedStringResult); return(new MxRecordTlsSecurityProfile(mxRecordTlsSecurityProfile.MxRecord, new TlsSecurityProfile(mxRecordTlsSecurityProfile.TlsSecurityProfile.Id, null, cachedResults))); } } MxRecordTlsSecurityProfile result = await _tlsSecurityTesterAdaptor.Test(mxRecordTlsSecurityProfile); _log.Debug($"Successfully retrieved TLSSecurityProfile from tls tester for host {mxRecordTlsSecurityProfile.MxRecord.Hostname}"); if (_config.CachingEnabled && (result.TlsSecurityProfile.TlsResults.FailureCount == 0 || result.TlsSecurityProfile.TlsResults.FailureCount >= FailureCountBeforeCaching)) { string resultToCache = JsonConvert.SerializeObject(result.TlsSecurityProfile.TlsResults); await _cache.SetString($"{KeyPrefix}-{mxRecordTlsSecurityProfile.MxRecord.Hostname}", resultToCache, TimeSpan.FromSeconds(_config.RefreshIntervalSeconds *RefreshIntervalSecondsMultiplier)); _log.Debug($"Successfully set TLSSecurityProfile to cache for host {mxRecordTlsSecurityProfile.MxRecord.Hostname}"); } return(result); }
public static HostCertificates MapToHostCertificates(this TlsTestResults tlsTestResults) { return(new HostCertificates(tlsTestResults.Id, tlsTestResults.HostNotFound, tlsTestResults.Certificates.MapToX509Certificates(), tlsTestResults.SelectedCipherSuites )); }
public async Task <TlsResultsEvaluated> Process(TlsTestResults tlsTestRptRecords) { Stopwatch stopwatch = Stopwatch.StartNew(); TlsResultsEvaluated result = await EvaluateMxRecordProfile(tlsTestRptRecords); stopwatch.Stop(); _log.LogDebug($"Processed domain with ID {tlsTestRptRecords.Id}. Took {stopwatch.Elapsed.TotalSeconds} seconds."); return(result); }
public async Task ConnectionRefusedErrorsShouldResultInPass(TlsError tlsError) { BouncyCastleTlsTestResult BouncyCastleTlsTestResult = new BouncyCastleTlsTestResult(tlsError, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Ssl3FailsWithBadCipherSuite, BouncyCastleTlsTestResult); var evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.PASS); }
public async Task InsecureCipherSuitesShouldResultInFail(CipherSuite cipherSuite) { BouncyCastleTlsTestResult BouncyCastleTlsTestResult = new BouncyCastleTlsTestResult(null, cipherSuite, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Ssl3FailsWithBadCipherSuite, BouncyCastleTlsTestResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.FAIL); }
public async Task UnaccountedForCipherSuiteResponseShouldResultInInconclusive() { BouncyCastleTlsTestResult BouncyCastleTlsTestResult = new BouncyCastleTlsTestResult(null, CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Ssl3FailsWithBadCipherSuite, BouncyCastleTlsTestResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); }
public async Task AnErrorShouldResultInInconslusive() { TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.TlsSecureEllipticCurveSelected, new BouncyCastleTlsTestResult(TlsError.CERTIFICATE_UNOBTAINABLE, null, null)); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); }
public async Task GoodCurveGroupsShouldResultInAPass(CurveGroup curveGroup) { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, null, curveGroup, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.TlsSecureDiffieHellmanGroupSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.PASS); }
public async Task TcpErrorsShouldResultInInconclusive(TlsError tlsError) { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(tlsError, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.TlsSecureDiffieHellmanGroupSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); }
public async Task Unknown1024GroupShouldResultInAWarn() { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, null, CurveGroup.UnknownGroup1024, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.TlsSecureDiffieHellmanGroupSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.WARNING); }
public async Task UnaccountedForCurveShouldResultInInconclusive() { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, null, null, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.TlsSecureEllipticCurveSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); }
public async Task CurvesWithCurveNumberLessThan256ShouldResultInAFail(CurveGroup curveGroup) { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, null, curveGroup, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.TlsSecureEllipticCurveSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.FAIL); }
public async Task OtherErrorsShouldResultInInconclusive() { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(TlsError.INTERNAL_ERROR, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); }
public async Task AnErrorShouldResultInAFail() { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(TlsError.INSUFFICIENT_SECURITY, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Tls12AvailableWithSha2HashFunctionSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.FAIL); }
public async Task CipherSuitesWithNoPfsShouldResultInAWarning(CipherSuite cipherSuite) { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, cipherSuite, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Tls10AvailableWithBestCipherSuiteSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.WARNING); }
public async Task ConnectionRefusedErrorsShouldResultInPass(TlsError tlsError) { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(tlsError, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.PASS); }
public async Task AnErrorShouldResultInAWarning() { TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults( TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList, new BouncyCastleTlsTestResult(TlsError.BAD_CERTIFICATE, null, null)); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.WARNING); }
public async Task NoCipherSuiteResponseShouldResultInInconclusive() { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, null, null, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.TlsWeakCipherSuitesRejected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); }
public async Task GoodCiphersShouldResultInAPass(CipherSuite cipherSuite) { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, cipherSuite, null, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Tls12AvailableWithSha2HashFunctionSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.PASS); }
public async Task ErrorsShouldHaveErrorDescriptionInResult(TlsError tlsError, string description) { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(tlsError, description, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); StringAssert.Contains($"Error description \"{description}\".", evaluatorResults[0].TlsEvaluatedResult.Description); }
public async Task TcpErrorsShouldResultInInconclusive(TlsError tlsError) { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(tlsError, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); }
public async Task OtherErrorsShouldResultInInconclusive() { string errorDescription = "Something went wrong!"; BouncyCastleTlsTestResult BouncyCastleTlsTestResult = new BouncyCastleTlsTestResult(TlsError.INTERNAL_ERROR, errorDescription, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(TlsTestType.Ssl3FailsWithBadCipherSuite, BouncyCastleTlsTestResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.INCONCLUSIVE); StringAssert.Contains($"Error description \"{errorDescription}\".", evaluatorResults[0].TlsEvaluatedResult.Description); }
public async Task <TlsResultsEvaluated> Evaluate(TlsTestResults tlsTestResults) { EvaluationResult <TlsTestResults, RuleTypedTlsEvaluationResult> evaluationResult = await _evaluator.Evaluate(tlsTestResults, tlsEvaluatedResult => tlsEvaluatedResult.Any(_ => _.TlsEvaluatedResult.Result != EvaluatorResult.PASS)); Dictionary <TlsTestType, RuleTypedTlsEvaluationResult> evaluationResultsByType = evaluationResult.Messages.ToDictionary(_ => _.Type); return(new TlsResultsEvaluated(tlsTestResults.Id, tlsTestResults.Failed, new TlsRecords( new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Tls12AvailableWithBestCipherSuiteSelected, evaluationResultsByType), tlsTestResults.Tls12AvailableWithBestCipherSuiteSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList, evaluationResultsByType), tlsTestResults.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Tls12AvailableWithSha2HashFunctionSelected, evaluationResultsByType), tlsTestResults.Tls12AvailableWithSha2HashFunctionSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected, evaluationResultsByType), tlsTestResults.Tls12AvailableWithWeakCipherSuiteNotSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Tls11AvailableWithBestCipherSuiteSelected, evaluationResultsByType), tlsTestResults.Tls11AvailableWithBestCipherSuiteSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Tls11AvailableWithWeakCipherSuiteNotSelected, evaluationResultsByType), tlsTestResults.Tls11AvailableWithWeakCipherSuiteNotSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Tls10AvailableWithBestCipherSuiteSelected, evaluationResultsByType), tlsTestResults.Tls10AvailableWithBestCipherSuiteSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Tls10AvailableWithWeakCipherSuiteNotSelected, evaluationResultsByType), tlsTestResults.Tls10AvailableWithWeakCipherSuiteNotSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.Ssl3FailsWithBadCipherSuite, evaluationResultsByType), tlsTestResults.Ssl3FailsWithBadCipherSuite), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.TlsSecureEllipticCurveSelected, evaluationResultsByType), tlsTestResults.TlsSecureEllipticCurveSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.TlsSecureDiffieHellmanGroupSelected, evaluationResultsByType), tlsTestResults.TlsSecureDiffieHellmanGroupSelected), new TlsRecord( GetEvaluatorResultOrDefault(TlsTestType.TlsWeakCipherSuitesRejected, evaluationResultsByType), tlsTestResults.TlsWeakCipherSuitesRejected), new TlsRecord(GetEvaluatorResultOrDefault(TlsTestType.Tls12Available, evaluationResultsByType)), new TlsRecord(GetEvaluatorResultOrDefault(TlsTestType.Tls11Available, evaluationResultsByType)), new TlsRecord(GetEvaluatorResultOrDefault(TlsTestType.Tls10Available, evaluationResultsByType))))); }
public async Task PreviousTestBeingInconclusiveShouldResultInPass() { BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, null, null, null, null, null, null); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults( TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> evaluatorResults = await _sut.Evaluate(connectionTestResults); Assert.That(evaluatorResults.Count, Is.EqualTo(1)); Assert.AreEqual(evaluatorResults[0].TlsEvaluatedResult.Result, EvaluatorResult.PASS); }
protected async Task <TlsResultsEvaluated> EvaluateMxRecordProfile(TlsTestResults tlsTestResults) { List <BouncyCastleTlsTestResult> bouncyCastleTlsTestResults = new List <BouncyCastleTlsTestResult> { tlsTestResults.Ssl3FailsWithBadCipherSuite, tlsTestResults.Tls10AvailableWithBestCipherSuiteSelected, tlsTestResults.Tls10AvailableWithWeakCipherSuiteNotSelected, tlsTestResults.Tls11AvailableWithBestCipherSuiteSelected, tlsTestResults.Tls11AvailableWithWeakCipherSuiteNotSelected, tlsTestResults.Tls12AvailableWithBestCipherSuiteSelected, tlsTestResults.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList, tlsTestResults.Tls12AvailableWithSha2HashFunctionSelected, tlsTestResults.Tls12AvailableWithWeakCipherSuiteNotSelected, tlsTestResults.TlsSecureDiffieHellmanGroupSelected, tlsTestResults.TlsSecureEllipticCurveSelected, tlsTestResults.TlsWeakCipherSuitesRejected }; bool hasFailedConnection = bouncyCastleTlsTestResults.All(_ => _.TlsError == TlsError.SESSION_INITIALIZATION_FAILED || _.TlsError == TlsError.TCP_CONNECTION_FAILED); if (hasFailedConnection) { _log.LogDebug($"TLS connection failed for host {tlsTestResults.Id}"); string failedConnectionErrors = string.Join(", ", bouncyCastleTlsTestResults .Select(_ => _.ErrorDescription) .Distinct() .ToList()); return(GetConnectionFailedResults(tlsTestResults.Id, failedConnectionErrors, tlsTestResults.ToTlsResult())); } bool hostNotFound = bouncyCastleTlsTestResults.All(_ => _.TlsError == TlsError.HOST_NOT_FOUND); if (hostNotFound) { _log.LogDebug($"Host not found for {tlsTestResults.Id}"); return(GetHostNotFoundResults(tlsTestResults.Id, tlsTestResults.ToTlsResult())); } _log.LogDebug($"Evaluating TLS connection results for {tlsTestResults.Id}."); TlsResultsEvaluated tlsEvaluatedResults = await _mxSecurityEvaluator.Evaluate(tlsTestResults); return(tlsEvaluatedResults); }
public static TlsResults ToTlsResult(this TlsTestResults tlsTestResults) { return(new TlsResults(tlsTestResults.Failed, tlsTestResults.Tls12AvailableWithBestCipherSuiteSelected, tlsTestResults.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList, tlsTestResults.Tls12AvailableWithSha2HashFunctionSelected, tlsTestResults.Tls10AvailableWithWeakCipherSuiteNotSelected, tlsTestResults.Tls11AvailableWithBestCipherSuiteSelected, tlsTestResults.Tls11AvailableWithWeakCipherSuiteNotSelected, tlsTestResults.Tls10AvailableWithBestCipherSuiteSelected, tlsTestResults.Tls10AvailableWithWeakCipherSuiteNotSelected, tlsTestResults.Ssl3FailsWithBadCipherSuite, tlsTestResults.TlsSecureEllipticCurveSelected, tlsTestResults.TlsSecureDiffieHellmanGroupSelected, tlsTestResults.TlsWeakCipherSuitesRejected)); }
public async Task Test(TlsError?tlsError, EvaluatorResult expectedEvaluatorResult, string expectedDescription) { Tls10Available tls10Available = new Tls10Available(); BouncyCastleTlsTestResult tlsConnectionResult = new BouncyCastleTlsTestResult(null, null, null, null, tlsError, null, new List <string>()); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults( TlsTestType.Tls10AvailableWithBestCipherSuiteSelected, tlsConnectionResult); List <RuleTypedTlsEvaluationResult> ruleTypedTlsEvaluationResults = await tls10Available.Evaluate(connectionTestResults); Assert.That(ruleTypedTlsEvaluationResults.Count, Is.EqualTo(1)); Assert.That(ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Result, Is.EqualTo(expectedEvaluatorResult)); StringAssert.StartsWith(expectedDescription, ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Description); }
public async Task NoErrorReturnsPass() { Tls12Available tls12Available = new Tls12Available(); BouncyCastleTlsTestResult tls12ConnectionResult = new BouncyCastleTlsTestResult(null, null, null, null, null, null, new List <string>()); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(new Dictionary <TlsTestType, BouncyCastleTlsTestResult> { { TlsTestType.Tls12AvailableWithBestCipherSuiteSelected, tls12ConnectionResult }, }); List <RuleTypedTlsEvaluationResult> ruleTypedTlsEvaluationResults = await tls12Available.Evaluate(connectionTestResults); Assert.That(ruleTypedTlsEvaluationResults.Count, Is.EqualTo(1)); Assert.That(ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Result, Is.EqualTo(EvaluatorResult.PASS)); Assert.That(ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Description, Is.Null); }
public async Task Tls12ErrorAndNoOtherTlsSupportedReturnsError() { Tls12Available tls11Available = new Tls12Available(); BouncyCastleTlsTestResult tls12ConnectionResult = new BouncyCastleTlsTestResult(null, null, null, null, TlsError.HANDSHAKE_FAILURE, null, new List <string>()); TlsTestResults connectionTestResults = TlsTestDataUtil.CreateMxHostTlsResults(new Dictionary <TlsTestType, BouncyCastleTlsTestResult> { { TlsTestType.Tls12AvailableWithBestCipherSuiteSelected, tls12ConnectionResult } }); List <RuleTypedTlsEvaluationResult> ruleTypedTlsEvaluationResults = await tls11Available.Evaluate(connectionTestResults); Assert.That(ruleTypedTlsEvaluationResults.Count, Is.EqualTo(1)); Assert.That(ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Result, Is.EqualTo(EvaluatorResult.FAIL)); StringAssert.StartsWith("This server refused to negotiate using TLS 1.2", ruleTypedTlsEvaluationResults[0].TlsEvaluatedResult.Description); }