diff --git a/tests/integration/test_authd/data/enroll_ssl_options_tests.yaml b/tests/integration/test_authd/data/enroll_ssl_options_tests.yaml index b07d936ca0..109a9c3ec6 100644 --- a/tests/integration/test_authd/data/enroll_ssl_options_tests.yaml +++ b/tests/integration/test_authd/data/enroll_ssl_options_tests.yaml @@ -1,86 +1,86 @@ - - name: "SSL - Default" - description: "Default ssl configuration" + name: SSL - Default + description: Default ssl configuration test_case: - expect: "output" - input: "OSSEC A:'user1'" - output: "OSSEC K:'" - ciphers: "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH" - protocol: "ssl_tlsv1_2" + expect: output + input: OSSEC A:'user1' + output: OSSEC K:' + ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + protocol: ssl_tlsv1_2 - - name: "SSL - Wrong ciphers" - description: "Send a message with low encryption cypher suites" + name: SSL - Wrong ciphers + description: Send a message with low encryption cypher suites test_case: - expect: "open_error" - input: "OSSEC A:'user1'" - error: "handshake failure" - ciphers: "CAMELLIA" - protocol: "ssl_tlsv1_2" + expect: open_error + input: OSSEC A:'user1' + error: handshake failure + ciphers: CAMELLIA + protocol: ssl_tlsv1_2 - - name: "SSL - Incompatible ciphers from Agent" - description: "Send a message with low encryption cypher suites" + name: SSL - Incompatible ciphers from Agent + description: Send a message with low encryption cypher suites test_case: - ciphers: "CAMELLIA" - protocol: "ssl_tlsv1_2" - expect: "open_error" - error: "handshake failure" + ciphers: CAMELLIA + protocol: ssl_tlsv1_2 + expect: open_error + error: handshake failure - - name: "SSL - Incompatible ciphers from Manger" - description: "Send a message with low encryption cypher suites" + name: SSL - Incompatible ciphers from Manger + description: Send a message with low encryption cypher suites test_case: - ciphers: "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH" - protocol: "ssl_tlsv1_2" - expect: "open_error" - error: "handshake failure" + ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + protocol: ssl_tlsv1_2 + expect: open_error + error: handshake failure # Override ossec.conf - CIPHERS: "CAMELLIA" + CIPHERS: CAMELLIA - - name: "SSL - Compatible ciphers from Agent" - description: "Send a message with a compatible yet not default cypher" + name: SSL - Compatible ciphers from Agent + description: Send a message with a compatible yet not default cypher test_case: - expect: "output" - input: "OSSEC A:'user1'" - output: "OSSEC K:'" - ciphers: "SHA256" - protocol: "ssl_tlsv1_2" + expect: output + input: OSSEC A:'user1' + output: OSSEC K:' + ciphers: SHA256 + protocol: ssl_tlsv1_2 - - name: "SSL - Wrong TLS version (TLSV1_1)" - description: "Send a message with a different TLS version with Auto negotiate disabled" + name: SSL - Wrong TLS version (TLSV1_1) + description: Send a message with a different TLS version with Auto negotiate disabled test_case: - ciphers: "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH" - protocol: "ssl_tlsv1_1" - expect: "open_error" - error: "alert protocol version" + ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + protocol: ssl_tlsv1_1 + expect: open_error + error: alert protocol version # Override ossec.conf SSL_AUTO_NEGOTIATE: 'no' - - name: "SSL - Auto Negotiate TLS version (TLSV1_1)" - description: "Send a message with a different TLS version with Auto negotiate enabled" + name: SSL - Auto Negotiate TLS version (TLSV1_1) + description: Send a message with a different TLS version with Auto negotiate enabled test_case: - ciphers: "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH" - protocol: "ssl_tlsv1_1" - expect: "output" - input: "OSSEC A:'user1'" - output: "OSSEC K:'" + ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + protocol: ssl_tlsv1_1 + expect: output + input: OSSEC A:'user1' + output: OSSEC K:' # Override ossec.conf SSL_AUTO_NEGOTIATE: 'yes' - - name: "SSL - Compatible ciphers from Manger" - description: "Send a message with a compatible yet not default cypher" + name: SSL - Compatible ciphers from Manger + description: Send a message with a compatible yet not default cypher test_case: - expect: "output" - input: "OSSEC A:'user1'" - output: "OSSEC K:'" - ciphers: "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH" - protocol: "ssl_tlsv1_2" + expect: output + input: OSSEC A:'user1' + output: OSSEC K:' + ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + protocol: ssl_tlsv1_2 # Override ossec.conf - CIPHERS: "SHA256" + CIPHERS: SHA256 - - name: "Valid Certificates - Manager verification without host" - description: "Enables CA Certificate and validates that conneciton is acepted when valid certs are provided" + name: Valid Certificates - Manager verification without host + description: Enables CA Certificate and validates that conneciton is acepted when valid certs are provided test_case: - ciphers: "HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH" - protocol: "ssl_tlsv1_2" - expect: "output" - input: "OSSEC A:'user1'" - output: "OSSEC K:'" + ciphers: HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + protocol: ssl_tlsv1_2 + expect: output + input: OSSEC A:'user1' + output: OSSEC K:' diff --git a/tests/integration/test_authd/test_authd_ssl_options.py b/tests/integration/test_authd/test_authd_ssl_options.py index 8b30415d8a..d469d234d3 100644 --- a/tests/integration/test_authd/test_authd_ssl_options.py +++ b/tests/integration/test_authd/test_authd_ssl_options.py @@ -186,16 +186,16 @@ def test_ossec_auth_configurations(get_configuration, configure_environment, con ciphers = config['ciphers'] protocol = config['protocol'] expect = config['expect'] - + if protocol == 'ssl_tlsv1_1': pytest.skip('TLS 1.1 is deprecated and not working on several pyOpenSSL versions.') - + override_wazuh_conf(get_configuration) - + address, family, connection_protocol = receiver_sockets_params[0] SSL_socket = SocketController(address, family=family, connection_protocol=connection_protocol, open_at_start=False) - + SSL_socket.set_ssl_configuration(ciphers=ciphers, connection_protocol=protocol) try: