Files
mongo/jstests/ssl/ssl_invalid_disabled_protocols.js
Annette Chau 670026cbe3 SERVER-98253 ssl_manager_openssl.cpp does not check if all supported protocols are disabled (#33881)
Co-authored-by: Annette Chau <annette.chau@mongodb.com>
GitOrigin-RevId: 3ab0701877443b15acb01dbaf191798476b485ab
2025-04-10 02:41:40 +00:00

30 lines
913 B
JavaScript

import {CA_CERT, SERVER_CERT} from "jstests/ssl/libs/ssl_helpers.js";
function allDisabledProtocols() {
jsTestLog(`All Protocols Disabled, Should Throw Error`);
const opts = {
tlsMode: 'requireTLS',
tlsCertificateKeyFile: SERVER_CERT,
tlsCAFile: CA_CERT,
sslDisabledProtocols: "TLS1_0,TLS1_1,TLS1_2,TLS1_3" // Disabling all TLS protocols
};
clearRawMongoProgramOutput();
assert.throws(() => {
MongoRunner.runMongod(opts);
});
}
allDisabledProtocols();
function oneEnabledProtocol() {
jsTestLog(`TLS1_2 Enabled, Should Pass`);
const opts = {
tlsMode: 'requireTLS',
tlsCertificateKeyFile: SERVER_CERT,
tlsCAFile: CA_CERT,
sslDisabledProtocols: "TLS1_0,TLS1_1,TLS1_3" // Disabling 0, 1, and 3
};
const mongod = MongoRunner.runMongod(opts);
MongoRunner.stopMongod(mongod);
}
oneEnabledProtocol();