diff options
Diffstat (limited to 'mysql-test/main/tls_version.test')
-rw-r--r-- | mysql-test/main/tls_version.test | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/mysql-test/main/tls_version.test b/mysql-test/main/tls_version.test new file mode 100644 index 00000000..50448f89 --- /dev/null +++ b/mysql-test/main/tls_version.test @@ -0,0 +1,29 @@ +# Tests for SSL connections, only run if mysqld is compiled +# with support for SSL. + +-- source include/have_ssl_communication.inc +#default is highest available version: TLSv1.2 +--exec $MYSQL --host=localhost --ssl -e "show status like 'ssl_version';" +# TLSv1.2 +--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.2 -e "show status like 'ssl_version';" +# TLSv1.1 +--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1 -e "show status like 'ssl_version';" +# if a gap is between TLS versions, lowest version number should be used (TLS1.1) +--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1,TLSv1.3 -e "show status like 'ssl_version';" +# TLSv1.3 is not enabled, so TLSv1.2 should be used +--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.2,TLSv1.3 -e "show status like 'ssl_version';" +# Highest TLS version number should be used (TLSv1.2) +--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1,TLSv1.2 -e "show status like 'ssl_version';" +# Errors: +# TLS v1.0 is disabled on server, so we should get an error +--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ +--error 1 +--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.0 -e "show status like 'ssl_version';" +# finally list available protocols +--exec $MYSQL --host=localhost --ssl -e "select @@tls_version;" + +call mtr.add_suppression("TLSv1.0 and TLSv1.1 are insecure"); +--let SEARCH_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err +--let SEARCH_PATTERN= TLSv1.0 and TLSv1.1 are insecure +--source include/search_pattern_in_file.inc + |