def test_tlsv1_0_disabled(self):
# Given a server to scan that does NOT support TLS 1.0
server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup("success.trendmicro.com", 443)
server_info = ServerConnectivityTester().perform(server_location)
# When scanning for cipher suites, it succeeds
result: CipherSuitesScanResult = Tlsv10ScanImplementation.scan_server(server_info)
# And the result confirms that TLS 1.0 is not supported
assert result.cipher_suite_preferred_by_server is None
assert not result.accepted_cipher_suites
assert result.rejected_cipher_suites
def test_tlsv1_0_disabled(self):
# Given a server to scan that does NOT support TLS 1.0
server_location = ServerNetworkLocation("success.trendmicro.com", 443)
server_info = check_connectivity_to_server_and_return_info(
server_location)
# When scanning for cipher suites, it succeeds
result: CipherSuitesScanResult = Tlsv10ScanImplementation.scan_server(
server_info)
# And the result confirms that TLS 1.0 is not supported
assert not result.accepted_cipher_suites
assert result.rejected_cipher_suites
def test_tlsv1_0_enabled(self):
# Given a server to scan that supports TLS 1.0
server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup("www.google.com", 443)
server_info = ServerConnectivityTester().perform(server_location)
# When scanning for cipher suites, it succeeds
result: CipherSuitesScanResult = Tlsv10ScanImplementation.scan_server(server_info)
# And the result confirms that TLS 1.0 is supported
expected_ciphers = {
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
}
assert expected_ciphers == {
accepted_cipher.cipher_suite.name for accepted_cipher in result.accepted_cipher_suites
}
assert result.rejected_cipher_suites