haproxy/reg-tests/ssl/ssl_curves.vtc

135 lines
4.8 KiB
Plaintext

#REGTEST_TYPE=devel
# This reg-test checks the behaviour of the 'curves' and 'ecdhe' options on a
# bind line. Its main point is to ensure that the default curve used in
# HAProxy is indeed prime256v1 (or P-256 depending on the curve's
# representation). In order to check this, is uses two ssl frontends that have
# different lists of accepted curves, one of them accepting this default curve
# while the other one does not. A backend tries to connect to those two
# frontends by using the default curve, and it should succeed in one case and
# fail in the other.
# For some strange reason, OpenSSL 1.0.2 does not behave the same way as later
# versions when it comes to ECDH and curves related matters. Instead of trying
# to make it work the same way as the other (more used) versions, we will
# ignore it and disable this test on OpenSSL 1.0.2.
# For the same reason, this test is disabled for other SSL libraries as well.
#
varnishtest "Test the 'curves' and 'ecdhe' options and default curve value"
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'"
feature ignore_unknown_macro
server s1 -repeat 2 {
rxreq
txresp
} -start
barrier b1 cond 2 -cyclic
syslog Slg_cust_fmt -level info {
recv
expect ~ "ERROR.*conn_status:\"34:SSL handshake failure\" hsk_err:\".*wrong curve\".*"
barrier b1 sync
recv
expect ~ "ERROR ECDHE.*conn_status:\"34:SSL handshake failure\" hsk_err:\".*wrong curve\".*"
} -start
haproxy h1 -conf {
global
tune.ssl.default-dh-param 2048
defaults
mode http
option httpslog
log stderr local0 debug err
option logasap
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
retries 0
listen clear-lst
bind "fd@${clearlst}"
use_backend ssl-curves-be if { path /curves }
use_backend ssl-ecdhe-521-be if { path /ecdhe-521 }
use_backend ssl-ecdhe-256-be if { path /ecdhe-256 }
default_backend ssl-be
backend ssl-be
server s1 "${tmpdir}/ssl1.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12 curves P-256:P-384
backend ssl-curves-be
server s1 "${tmpdir}/ssl2.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12 curves P-384
backend ssl-ecdhe-256-be
server s1 "${tmpdir}/ssl-ecdhe-256.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12
backend ssl-ecdhe-521-be
server s1 "${tmpdir}/ssl-ecdhe-521.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12
listen ssl1-lst
bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional curves P-256:P-384
server s1 ${s1_addr}:${s1_port}
# The prime256v1 curve, which is used by default by a backend when no
# 'curves' or 'ecdhe' option is specified, is not allowed on this listener
listen ssl2-lst
log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
error-log-format "ERROR conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"
bind "${tmpdir}/ssl2.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional curves P-384
server s1 ${s1_addr}:${s1_port}
listen ssl-ecdhe-521-lst
log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
error-log-format "ERROR ECDHE-521 conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"
bind "${tmpdir}/ssl-ecdhe-521.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ecdhe secp521r1
server s1 ${s1_addr}:${s1_port}
listen ssl-ecdhe-256-lst
log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
error-log-format "ERROR ECDHE-256 conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"
bind "${tmpdir}/ssl-ecdhe-256.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ecdhe prime256v1
server s1 ${s1_addr}:${s1_port}
} -start
client c1 -connect ${h1_clearlst_sock} {
txreq
rxresp
expect resp.status == 200
} -run
# The backend tries to use the prime256v1 curve that is not accepted by the
# frontend so the handshake should fail.
client c2 -connect ${h1_clearlst_sock} {
txreq -url "/curves"
rxresp
expect resp.status == 503
} -run
barrier b1 sync
# The backend tries to use the prime256v1 curve that is not accepted by the
# frontend so the handshake should fail.
client c3 -connect ${h1_clearlst_sock} {
txreq -url "/ecdhe-521"
rxresp
expect resp.status == 503
} -run
client c4 -connect ${h1_clearlst_sock} {
txreq -url "/ecdhe-256"
rxresp
expect resp.status == 200
} -run
syslog Slg_cust_fmt -wait