1'use strict'; 2const common = require('../common'); 3 4// This test ensures that ecdhCurve option of TLS server supports colon 5// separated ECDH curve names as value. 6 7if (!common.hasCrypto) 8 common.skip('missing crypto'); 9 10if (!common.opensslCli) 11 common.skip('missing openssl-cli'); 12 13const assert = require('assert'); 14const tls = require('tls'); 15const { execFile } = require('child_process'); 16const fixtures = require('../common/fixtures'); 17 18function loadPEM(n) { 19 return fixtures.readKey(`${n}.pem`); 20} 21 22const options = { 23 key: loadPEM('agent2-key'), 24 cert: loadPEM('agent2-cert'), 25 ciphers: '-ALL:ECDHE-RSA-AES128-SHA256', 26 ecdhCurve: 'secp256k1:prime256v1:secp521r1', 27 maxVersion: 'TLSv1.2', 28}; 29 30const reply = 'I AM THE WALRUS'; // Something recognizable 31 32const server = tls.createServer(options, (conn) => { 33 conn.end(reply); 34}).listen(0, common.mustCall(() => { 35 const args = ['s_client', 36 '-cipher', `${options.ciphers}`, 37 '-connect', `127.0.0.1:${server.address().port}`]; 38 39 execFile(common.opensslCli, args, common.mustSucceed((stdout) => { 40 assert(stdout.includes(reply)); 41 server.close(); 42 })); 43})); 44 45{ 46 // Some unsupported curves. 47 const unsupportedCurves = [ 48 'wap-wsg-idm-ecid-wtls1', 49 'c2pnb163v1', 50 'prime192v3', 51 ]; 52 53 // Brainpool is not supported in FIPS mode. 54 if (common.hasFipsCrypto) 55 unsupportedCurves.push('brainpoolP256r1'); 56 57 unsupportedCurves.forEach((ecdhCurve) => { 58 assert.throws(() => tls.createServer({ ecdhCurve }), 59 /Error: Failed to set ECDH curve/); 60 }); 61} 62