def test_tls_1_3_cipher_suites(self):
# Given a server to scan that supports TLS 1.3
server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup("www.cloudflare.com", 443)
server_info = ServerConnectivityTester().perform(server_location)
# When scanning for cipher suites, it succeeds
result: CipherSuitesScanResult = Tlsv13ScanImplementation.scan_server(server_info)
assert result.accepted_cipher_suites
assert {"TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256"} == {
accepted_cipher.cipher_suite.name for accepted_cipher in result.accepted_cipher_suites
}
def test_succeeds_when_client_auth_failed_tls_1_3(self):
# Given a TLS 1.3 server that requires client authentication
with ModernOpenSslServer(client_auth_config=ClientAuthConfigEnum.REQUIRED) as server:
# And SSLyze does NOT provide a client certificate
server_location = ServerNetworkLocationViaDirectConnection(
hostname=server.hostname, ip_address=server.ip_address, port=server.port
)
server_info = ServerConnectivityTester().perform(server_location)
# When scanning for cipher suites, it succeeds
result: CipherSuitesScanResult = Tlsv13ScanImplementation.scan_server(server_info)
assert result.accepted_cipher_suites
def test_tls_1_3_cipher_suites(self):
# Given a server to scan that supports TLS 1.3
server_location = ServerNetworkLocation("www.cloudflare.com", 443)
server_info = check_connectivity_to_server_and_return_info(
server_location)
# When scanning for cipher suites, it succeeds
result: CipherSuitesScanResult = Tlsv13ScanImplementation.scan_server(
server_info)
assert result.accepted_cipher_suites
assert {
"TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_256_GCM_SHA384",
"TLS_AES_128_GCM_SHA256"
} == {
accepted_cipher.cipher_suite.name
for accepted_cipher in result.accepted_cipher_suites
}