public void InsecureCipherSuitesShouldResultInFail(CipherSuite cipherSuite)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, cipherSuite, null, null, null, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Ssl3FailsWithBadCipherSuite, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public void ConnectionRefusedErrorsShouldResultInPass(Error error)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(error, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Ssl3FailsWithBadCipherSuite, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.PASS);
}
public void UnaccountedForCipherSuiteResponseShouldResultInInconclusive()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, null, null, null, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Ssl3FailsWithBadCipherSuite, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void AnErrorShouldResultInInconslusive()
{
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.TlsSecureEllipticCurveSelected,
new TlsConnectionResult(Error.CERTIFICATE_UNOBTAINABLE, null, null));
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void NoPfsCipherSuiteShouldResultInWarning(CipherSuite cipherSuite)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, cipherSuite, null, null, null, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Ssl3FailsWithBadCipherSuite, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.WARNING);
}
public void CipherSuitesWithNoPfsShouldResultInAWarning(CipherSuite cipherSuite)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, cipherSuite, null, null, null, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls10AvailableWithBestCipherSuiteSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.WARNING);
}
public void ConnectionRefusedErrorsShouldResultInPass(Error error)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(error, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.PASS);
}
public void NoCipherSuiteResponseShouldResultInInconclusive()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, null, null, null, null, null, null, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(TlsTestType.TlsWeakCipherSuitesRejected, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void Unknown1024GroupShouldResultInAWarn()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, null, CurveGroup.UnknownGroup1024, null, null, null, null, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(TlsTestType.TlsSecureDiffieHellmanGroupSelected, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.WARNING);
}
public void InsecureCiphersShouldResultInAFail(CipherSuite cipherSuite)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, cipherSuite, null, null, null, null, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public void GoodCurveGroupsShouldResultInAPass(CurveGroup curveGroup)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, null, curveGroup, null, null, null, null, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(TlsTestType.TlsSecureDiffieHellmanGroupSelected, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.PASS);
}
public void OtherErrorsShouldResultInInconclusive()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(Error.INTERNAL_ERROR, null, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(TlsTestType.TlsSecureDiffieHellmanGroupSelected, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void ConnectionRefusedErrorsShouldResultInPass(Error error)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(error, null, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(TlsTestType.TlsSecureDiffieHellmanGroupSelected, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.PASS);
}
public void UnaccountedForCurveShouldResultInInconclusive()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, null, null, null, null, null, null, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(TlsTestType.TlsSecureEllipticCurveSelected, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void OtherErrorsShouldResultInInconclusive()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(Error.INTERNAL_ERROR, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls12AvailableWithWeakCipherSuiteNotSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void GoodCiphersShouldResultInAPass(CipherSuite cipherSuite)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, cipherSuite, null, null, null, null, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls12AvailableWithSha2HashFunctionSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.PASS);
}
public void AnErrorShouldResultInAFail()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(Error.INSUFFICIENT_SECURITY, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls12AvailableWithSha2HashFunctionSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public void CurvesWithCurveNumberLessThan256ShouldResultInAFail(CurveGroup curveGroup)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null, null, curveGroup, null, null, null, null, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(TlsTestType.TlsSecureEllipticCurveSelected, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public void TcpErrorsShouldResultInInconclusive(Error error)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(error, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls12AvailableWithSha2HashFunctionSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void AnErrorShouldResultInAFail()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(Error.ACCESS_DENIED, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls10AvailableWithBestCipherSuiteSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public void AnErrorShouldResultInAFail()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(Error.INSUFFICIENT_SECURITY, "Insufficient security", null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls11AvailableWithBestCipherSuiteSelected,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public void AnErrorShouldResultInAWarning()
{
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new TlsConnectionResult(Error.BAD_CERTIFICATE, null, null));
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.WARNING);
}
public void ErrorsShouldHaveErrorDescriptionInResult(Error error, string description)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(error, description, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(TlsTestType.Tls10AvailableWithBestCipherSuiteSelected, tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
StringAssert.Contains($"Error description \"{description}\".", _sut.Test(connectionResults).Description);
}
public void ConnectionRefusedErrorsShouldResultInPassWithoutErrorDescription(Error error, string description)
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(error, null, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Ssl3FailsWithBadCipherSuite, tlsConnectionResult);
TlsEvaluatorResult result = _sut.Test(connectionResults);
Assert.AreEqual(result.Result, EvaluatorResult.PASS);
Assert.That(result.Description, Is.Null);
}
public void OtherErrorsShouldResultInInconclusive()
{
string errorDescription = "Something went wrong!";
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(Error.INTERNAL_ERROR, errorDescription, null);
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(TlsTestType.Ssl3FailsWithBadCipherSuite, tlsConnectionResult);
TlsEvaluatorResult result = _sut.Test(connectionResults);
Assert.AreEqual(result.Result, EvaluatorResult.INCONCLUSIVE);
StringAssert.Contains($"Error description \"{errorDescription}\".", result.Description);
}
public void PreviousTestBeingInconclusiveShouldResultInPass()
{
TlsConnectionResult tlsConnectionResult = new TlsConnectionResult(null,
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, null, null, null, null, null, null);
ConnectionResults connectionResults =
TlsTestDataUtil.CreateConnectionResults(
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
tlsConnectionResult);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.PASS);
}
public void PreviousCipherSuiteIsDifferentAndCurrentIsFailShouldResultInFail(CipherSuite cipherSuite)
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new TlsConnectionResult(null, cipherSuite, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, CipherSuite.TLS_RSA_WITH_RC4_128_SHA, null, null, null, null, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public void ExpectFailMessageWhenTls11HasError()
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, null, null, null, Error.BAD_CERTIFICATE, null, null)
},
{
TlsTestType.Tls11AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, null, null, null, Error.BAD_CERTIFICATE, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.FAIL);
}
public void NullCipherSuiteShouldResultInInconclusive()
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new TlsConnectionResult(null, null, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, null, null, null,
null, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}
public void UnaccountedForCipherSuiteResponseShouldResultInInconclusive()
{
Dictionary <TlsTestType, TlsConnectionResult> data = new Dictionary <TlsTestType, TlsConnectionResult>
{
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelectedFromReverseList,
new TlsConnectionResult(null, null, null, null, null, null, null, null)
},
{
TlsTestType.Tls12AvailableWithBestCipherSuiteSelected,
new TlsConnectionResult(null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, null, null, null,
null, null, null)
}
};
ConnectionResults connectionResults = TlsTestDataUtil.CreateConnectionResults(data);
Assert.AreEqual(_sut.Test(connectionResults).Result, EvaluatorResult.INCONCLUSIVE);
}