summaryrefslogtreecommitdiffstats
path: root/mysql-test/main/tls_version.test
diff options
context:
space:
mode:
Diffstat (limited to 'mysql-test/main/tls_version.test')
-rw-r--r--mysql-test/main/tls_version.test29
1 files changed, 29 insertions, 0 deletions
diff --git a/mysql-test/main/tls_version.test b/mysql-test/main/tls_version.test
new file mode 100644
index 00000000..50448f89
--- /dev/null
+++ b/mysql-test/main/tls_version.test
@@ -0,0 +1,29 @@
+# Tests for SSL connections, only run if mysqld is compiled
+# with support for SSL.
+
+-- source include/have_ssl_communication.inc
+#default is highest available version: TLSv1.2
+--exec $MYSQL --host=localhost --ssl -e "show status like 'ssl_version';"
+# TLSv1.2
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.2 -e "show status like 'ssl_version';"
+# TLSv1.1
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1 -e "show status like 'ssl_version';"
+# if a gap is between TLS versions, lowest version number should be used (TLS1.1)
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1,TLSv1.3 -e "show status like 'ssl_version';"
+# TLSv1.3 is not enabled, so TLSv1.2 should be used
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.2,TLSv1.3 -e "show status like 'ssl_version';"
+# Highest TLS version number should be used (TLSv1.2)
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1,TLSv1.2 -e "show status like 'ssl_version';"
+# Errors:
+# TLS v1.0 is disabled on server, so we should get an error
+--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/
+--error 1
+--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.0 -e "show status like 'ssl_version';"
+# finally list available protocols
+--exec $MYSQL --host=localhost --ssl -e "select @@tls_version;"
+
+call mtr.add_suppression("TLSv1.0 and TLSv1.1 are insecure");
+--let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err
+--let SEARCH_PATTERN= TLSv1.0 and TLSv1.1 are insecure
+--source include/search_pattern_in_file.inc
+