public void SslSupportedCiphers()
{
TestRuntime.AssertSystemVersion(PlatformName.MacOSX, 10, 8, throwIfOtherPlatform: false);
int ssl_client_ciphers = -1;
using (var client = new SslContext(SslProtocolSide.Client, SslConnectionType.Stream)) {
// maximum downgrade
client.MaxProtocol = client.MinProtocol;
var ciphers = client.GetSupportedCiphers();
ssl_client_ciphers = ciphers.Count;
Assert.That(ssl_client_ciphers, Is.AtLeast(1), "GetSupportedCiphers");
// we can't really scan for SSL_* since (some of) the values are identical to TLS_
// useful the other way around
}
int ssl_server_ciphers = -1;
using (var server = new SslContext(SslProtocolSide.Server, SslConnectionType.Stream)) {
// no downgrade, shows that the ciphers are not really restriced
var ciphers = server.GetSupportedCiphers();
ssl_server_ciphers = ciphers.Count;
Assert.That(ssl_server_ciphers, Is.AtLeast(1), "GetSupportedCiphers");
// we can't really scan for SSL_* since (some of) the values are identical to TLS_
// useful the other way around
// make sure we have names for all ciphers - except old export ones (that we do not want to promote)
// e.g. iOS 5.1 still supports them
foreach (var cipher in ciphers)
{
string s = cipher.ToString();
if (s.Length < 8)
{
Console.WriteLine(s);
}
Assert.True(s.StartsWith("SSL_", StringComparison.Ordinal) || s.StartsWith("TLS_", StringComparison.Ordinal), s);
}
}
Assert.That(ssl_client_ciphers, Is.EqualTo(ssl_server_ciphers), "same");
}
