From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 19:32:43 +0200 Subject: Adding upstream version 1:115.7.0. Signed-off-by: Daniel Baumann --- .../siteIdentity/browser_deprecatedTLSVersions.js | 94 ++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js (limited to 'browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js') diff --git a/browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js b/browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js new file mode 100644 index 0000000000..22fa33f3c2 --- /dev/null +++ b/browser/base/content/test/siteIdentity/browser_deprecatedTLSVersions.js @@ -0,0 +1,94 @@ +/* + * Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ + * + * Tests for Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections + */ + +const HTTPS_TLS1_0 = "https://tls1.example.com"; +const HTTPS_TLS1_1 = "https://tls11.example.com"; +const HTTPS_TLS1_2 = "https://tls12.example.com"; +const HTTPS_TLS1_3 = "https://tls13.example.com"; + +function getIdentityMode(aWindow = window) { + return aWindow.document.getElementById("identity-box").className; +} + +function closeIdentityPopup() { + let promise = BrowserTestUtils.waitForEvent( + gIdentityHandler._identityPopup, + "popuphidden" + ); + gIdentityHandler._identityPopup.hidePopup(); + return promise; +} + +async function checkConnectionState(state) { + await openIdentityPopup(); + is(getConnectionState(), state, "connectionState should be " + state); + await closeIdentityPopup(); +} + +function getConnectionState() { + return document.getElementById("identity-popup").getAttribute("connection"); +} + +registerCleanupFunction(function () { + // Set preferences back to their original values + Services.prefs.clearUserPref("security.tls.version.min"); + Services.prefs.clearUserPref("security.tls.version.max"); +}); + +add_task(async function () { + // Run with all versions enabled for this test. + Services.prefs.setIntPref("security.tls.version.min", 1); + Services.prefs.setIntPref("security.tls.version.max", 4); + + await BrowserTestUtils.withNewTab("about:blank", async function (browser) { + // Try deprecated versions + BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_0); + await BrowserTestUtils.browserLoaded(browser); + isSecurityState(browser, "broken"); + is( + getIdentityMode(), + "unknownIdentity weakCipher", + "Identity should be unknownIdentity" + ); + await checkConnectionState("not-secure"); + + BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_1); + await BrowserTestUtils.browserLoaded(browser); + isSecurityState(browser, "broken"); + is( + getIdentityMode(), + "unknownIdentity weakCipher", + "Identity should be unknownIdentity" + ); + await checkConnectionState("not-secure"); + + // Transition to secure + BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_2); + await BrowserTestUtils.browserLoaded(browser); + isSecurityState(browser, "secure"); + is(getIdentityMode(), "verifiedDomain", "Identity should be verified"); + await checkConnectionState("secure"); + + // Transition back to broken + BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_1); + await BrowserTestUtils.browserLoaded(browser); + isSecurityState(browser, "broken"); + is( + getIdentityMode(), + "unknownIdentity weakCipher", + "Identity should be unknownIdentity" + ); + await checkConnectionState("not-secure"); + + // TLS1.3 for completeness + BrowserTestUtils.loadURIString(browser, HTTPS_TLS1_3); + await BrowserTestUtils.browserLoaded(browser); + isSecurityState(browser, "secure"); + is(getIdentityMode(), "verifiedDomain", "Identity should be verified"); + await checkConnectionState("secure"); + }); +}); -- cgit v1.2.3