summaryrefslogtreecommitdiffstats
path: root/browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js
blob: 22fa33f3c2f91f1279ff6a483d8a28cd84e2b79c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
/*
 * Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/
 *
 * Tests for Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections
 */

const HTTPS_TLS1_0 = "https://tls1.example.com";
const HTTPS_TLS1_1 = "https://tls11.example.com";
const HTTPS_TLS1_2 = "https://tls12.example.com";
const HTTPS_TLS1_3 = "https://tls13.example.com";

function getIdentityMode(aWindow = window) {
  return aWindow.document.getElementById("identity-box").className;
}

function closeIdentityPopup() {
  let promise = BrowserTestUtils.waitForEvent(
    gIdentityHandler._identityPopup,
    "popuphidden"
  );
  gIdentityHandler._identityPopup.hidePopup();
  return promise;
}

async function checkConnectionState(state) {
  await openIdentityPopup();
  is(getConnectionState(), state, "connectionState should be " + state);
  await closeIdentityPopup();
}

function getConnectionState() {
  return document.getElementById("identity-popup").getAttribute("connection");
}

registerCleanupFunction(function () {
  // Set preferences back to their original values
  Services.prefs.clearUserPref("security.tls.version.min");
  Services.prefs.clearUserPref("security.tls.version.max");
});

add_task(async function () {
  // Run with all versions enabled for this test.
  Services.prefs.setIntPref("security.tls.version.min", 1);
  Services.prefs.setIntPref("security.tls.version.max", 4);

  await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
    // Try deprecated versions
    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_0);
    await BrowserTestUtils.browserLoaded(browser);
    isSecurityState(browser, "broken");
    is(
      getIdentityMode(),
      "unknownIdentity weakCipher",
      "Identity should be unknownIdentity"
    );
    await checkConnectionState("not-secure");

    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_1);
    await BrowserTestUtils.browserLoaded(browser);
    isSecurityState(browser, "broken");
    is(
      getIdentityMode(),
      "unknownIdentity weakCipher",
      "Identity should be unknownIdentity"
    );
    await checkConnectionState("not-secure");

    // Transition to secure
    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_2);
    await BrowserTestUtils.browserLoaded(browser);
    isSecurityState(browser, "secure");
    is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
    await checkConnectionState("secure");

    // Transition back to broken
    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_1);
    await BrowserTestUtils.browserLoaded(browser);
    isSecurityState(browser, "broken");
    is(
      getIdentityMode(),
      "unknownIdentity weakCipher",
      "Identity should be unknownIdentity"
    );
    await checkConnectionState("not-secure");

    // TLS1.3 for completeness
    BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_3);
    await BrowserTestUtils.browserLoaded(browser);
    isSecurityState(browser, "secure");
    is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
    await checkConnectionState("secure");
  });
});