/** * Tests to ensure SSLv2 and SSLv3 are disabled */
@Test
public void testSSLVersion() throws Exception {
// we need openssl
Assume.assumeTrue(execCommand("which openssl") == 0);
// we depend on linux openssl exit codes
Assume.assumeTrue(System.getProperty("os.name").toLowerCase().contains("linux"));
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
// Start HS2 with SSL
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL()
+ ";ssl=true;sslTrustStore="
+ dataFileDir
+ File.separator
+ TRUST_STORE_NAME
+ ";trustStorePassword="******"user.name"),
"bar");
hs2Conn.close();
Assert.assertEquals(
"Expected exit code of 1",
1,
execCommand(
"openssl s_client -connect "
+ miniHS2.getHost()
+ ":"
+ miniHS2.getBinaryPort()
+ " -ssl2 < /dev/null"));
Assert.assertEquals(
"Expected exit code of 1",
1,
execCommand(
"openssl s_client -connect "
+ miniHS2.getHost()
+ ":"
+ miniHS2.getBinaryPort()
+ " -ssl3 < /dev/null"));
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// make SSL connection
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL()
+ ";ssl=true;sslTrustStore="
+ dataFileDir
+ File.separator
+ TRUST_STORE_NAME
+ ";trustStorePassword="******"user.name"),
"bar");
Assert.fail("Expected SQLException during connect");
} catch (SQLException e) {
LOG.info("Expected exception: " + e, e);
Assert.assertEquals("08S01", e.getSQLState().trim());
Throwable cause = e.getCause();
Assert.assertNotNull(cause);
while (cause.getCause() != null) {
cause = cause.getCause();
}
Assert.assertEquals("org.apache.http.NoHttpResponseException", cause.getClass().getName());
Assert.assertTrue(cause.getMessage().contains("failed to respond"));
}
miniHS2.stop();
}
