/** * Tests to ensure SSLv2 and SSLv3 are disabled */ @Test public void testSSLVersion() throws Exception { // we need openssl Assume.assumeTrue(execCommand("which openssl") == 0); // we depend on linux openssl exit codes Assume.assumeTrue(System.getProperty("os.name").toLowerCase().contains("linux")); setSslConfOverlay(confOverlay); // Test in binary mode setBinaryConfOverlay(confOverlay); // Start HS2 with SSL miniHS2.start(confOverlay); // make SSL connection hs2Conn = DriverManager.getConnection( miniHS2.getJdbcURL() + ";ssl=true;sslTrustStore=" + dataFileDir + File.separator + TRUST_STORE_NAME + ";trustStorePassword="******"user.name"), "bar"); hs2Conn.close(); Assert.assertEquals( "Expected exit code of 1", 1, execCommand( "openssl s_client -connect " + miniHS2.getHost() + ":" + miniHS2.getBinaryPort() + " -ssl2 < /dev/null")); Assert.assertEquals( "Expected exit code of 1", 1, execCommand( "openssl s_client -connect " + miniHS2.getHost() + ":" + miniHS2.getBinaryPort() + " -ssl3 < /dev/null")); miniHS2.stop(); // Test in http mode setHttpConfOverlay(confOverlay); miniHS2.start(confOverlay); // make SSL connection try { hs2Conn = DriverManager.getConnection( miniHS2.getJdbcURL() + ";ssl=true;sslTrustStore=" + dataFileDir + File.separator + TRUST_STORE_NAME + ";trustStorePassword="******"user.name"), "bar"); Assert.fail("Expected SQLException during connect"); } catch (SQLException e) { LOG.info("Expected exception: " + e, e); Assert.assertEquals("08S01", e.getSQLState().trim()); Throwable cause = e.getCause(); Assert.assertNotNull(cause); while (cause.getCause() != null) { cause = cause.getCause(); } Assert.assertEquals("org.apache.http.NoHttpResponseException", cause.getClass().getName()); Assert.assertTrue(cause.getMessage().contains("failed to respond")); } miniHS2.stop(); }