|
1 | 1 | /* |
2 | | -Copyright IBM Corp. 2016 All Rights Reserved. |
| 2 | +Copyright IBM Corp. All Rights Reserved. |
3 | 3 |
|
4 | | -Licensed under the Apache License, Version 2.0 (the "License"); |
5 | | -you may not use this file except in compliance with the License. |
6 | | -You may obtain a copy of the License at |
7 | | -
|
8 | | - http://www.apache.org/licenses/LICENSE-2.0 |
9 | | -
|
10 | | -Unless required by applicable law or agreed to in writing, software |
11 | | -distributed under the License is distributed on an "AS IS" BASIS, |
12 | | -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | | -See the License for the specific language governing permissions and |
14 | | -limitations under the License. |
| 4 | +SPDX-License-Identifier: Apache-2.0 |
15 | 5 | */ |
16 | 6 |
|
17 | 7 | package comm_test |
@@ -641,6 +631,20 @@ func TestNewSecureGRPCServer(t *testing.T) { |
641 | 631 | } else { |
642 | 632 | t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress) |
643 | 633 | } |
| 634 | + |
| 635 | + // ensure that TLS 1.2 in required / enforced |
| 636 | + for _, tlsVersion := range []uint16{tls.VersionSSL30, tls.VersionTLS10, tls.VersionTLS11} { |
| 637 | + _, err = invokeEmptyCall(testAddress, |
| 638 | + []grpc.DialOption{grpc.WithTransportCredentials( |
| 639 | + credentials.NewTLS(&tls.Config{ |
| 640 | + RootCAs: certPool, |
| 641 | + MinVersion: tlsVersion, |
| 642 | + MaxVersion: tlsVersion, |
| 643 | + }))}) |
| 644 | + t.Logf("TLSVersion [%d] failed with [%s]", tlsVersion, err) |
| 645 | + assert.Error(t, err, "Should not have been able to connect with TLS version < 1.2") |
| 646 | + assert.Contains(t, err.Error(), "protocol version not supported") |
| 647 | + } |
644 | 648 | } |
645 | 649 |
|
646 | 650 | func TestNewSecureGRPCServerFromListener(t *testing.T) { |
|
0 commit comments