add unit test for cipherSuite serversTransport validation

2025-08-06 22:57:14 +02:00 · 2025-07-31 18:58:37 +02:00 · 2025-07-31 18:58:37 +02:00 · 02cac33a40
commit 02cac33a40
parent 337171ad1d
1 changed files with 8 additions and 5 deletions
--- a/pkg/server/service/transport_test.go
+++ b/pkg/server/service/transport_test.go
@ -6,6 +6,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"fmt"
 	"math/big"
 	"net"
 	"net/http"
@ -118,9 +119,6 @@ PtvuNc5EImfSkuPBYLBslNxtjbBvAYgacEdY+gRhn2TeIUApnND58lCWsKbNHLFZ
 ajIPbTY+Fe9OTOFTN48ujXNn
 -----END PRIVATE KEY-----`)

-var cipherSuite = []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}
-var cipherSuiteName = []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}
-
 func TestKeepConnectionWhenSameConfiguration(t *testing.T) {
 	srv := httptest.NewUnstartedServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		rw.WriteHeader(http.StatusOK)
@ -196,18 +194,23 @@ func TestCipherSuites(t *testing.T) {

 	srv.TLS = &tls.Config{
 		Certificates: []tls.Certificate{cert},
-		CipherSuites: cipherSuite,
 		MaxVersion:   tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		},
 	}
 	srv.StartTLS()

+	fmt.Printf("cipher: %v, version: %v\n", srv.TLS.CipherSuites, srv.TLS.MaxVersion)
+
 	transportManager := NewTransportManager(nil)

 	dynamicConf := map[string]*dynamic.ServersTransport{
 		"test": {
 			ServerName:   "example.com",
 			RootCAs:      []types.FileOrContent{types.FileOrContent(LocalhostCert)},
-			CipherSuites: cipherSuiteName,
+			CipherSuites: []string{"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
+			MaxVersion:   "VersionTLS12",
 		},
 	}