1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
/*
* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*
* Tests for Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections
*/
const HTTPS_TLS1_0 = "https://tls1.example.com";
const HTTPS_TLS1_1 = "https://tls11.example.com";
const HTTPS_TLS1_2 = "https://tls12.example.com";
const HTTPS_TLS1_3 = "https://tls13.example.com";
function getIdentityMode(aWindow = window) {
return aWindow.document.getElementById("identity-box").className;
}
function closeIdentityPopup() {
let promise = BrowserTestUtils.waitForEvent(
gIdentityHandler._identityPopup,
"popuphidden"
);
gIdentityHandler._identityPopup.hidePopup();
return promise;
}
async function checkConnectionState(state) {
await openIdentityPopup();
is(getConnectionState(), state, "connectionState should be " + state);
await closeIdentityPopup();
}
function getConnectionState() {
return document.getElementById("identity-popup").getAttribute("connection");
}
registerCleanupFunction(function() {
// Set preferences back to their original values
Services.prefs.clearUserPref("security.tls.version.min");
Services.prefs.clearUserPref("security.tls.version.max");
});
add_task(async function() {
// Run with all versions enabled for this test.
Services.prefs.setIntPref("security.tls.version.min", 1);
Services.prefs.setIntPref("security.tls.version.max", 4);
await BrowserTestUtils.withNewTab("about:blank", async function(browser) {
// Try deprecated versions
BrowserTestUtils.loadURI(browser, HTTPS_TLS1_0);
await BrowserTestUtils.browserLoaded(browser);
isSecurityState(browser, "broken");
is(
getIdentityMode(),
"unknownIdentity weakCipher",
"Identity should be unknownIdentity"
);
await checkConnectionState("not-secure");
BrowserTestUtils.loadURI(browser, HTTPS_TLS1_1);
await BrowserTestUtils.browserLoaded(browser);
isSecurityState(browser, "broken");
is(
getIdentityMode(),
"unknownIdentity weakCipher",
"Identity should be unknownIdentity"
);
await checkConnectionState("not-secure");
// Transition to secure
BrowserTestUtils.loadURI(browser, HTTPS_TLS1_2);
await BrowserTestUtils.browserLoaded(browser);
isSecurityState(browser, "secure");
is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
await checkConnectionState("secure");
// Transition back to broken
BrowserTestUtils.loadURI(browser, HTTPS_TLS1_1);
await BrowserTestUtils.browserLoaded(browser);
isSecurityState(browser, "broken");
is(
getIdentityMode(),
"unknownIdentity weakCipher",
"Identity should be unknownIdentity"
);
await checkConnectionState("not-secure");
// TLS1.3 for completeness
BrowserTestUtils.loadURI(browser, HTTPS_TLS1_3);
await BrowserTestUtils.browserLoaded(browser);
isSecurityState(browser, "secure");
is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
await checkConnectionState("secure");
});
});
|
