tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_deprecatedTLSVersions.js (3174B)

      1 /*
      2 * Any copyright is dedicated to the Public Domain.
      3 * http://creativecommons.org/publicdomain/zero/1.0/
      4 *
      5 * Tests for Bug 1535210 - Set SSL STATE_IS_BROKEN flag for TLS1.0 and TLS 1.1 connections
      6 */
      7 
      8 const HTTPS_TLS1_0 = "https://tls1.example.com";
      9 const HTTPS_TLS1_1 = "https://tls11.example.com";
     10 const HTTPS_TLS1_2 = "https://tls12.example.com";
     11 const HTTPS_TLS1_3 = "https://tls13.example.com";
     12 
     13 function getIdentityMode(aWindow = window) {
     14  return aWindow.document.getElementById("identity-box").className;
     15 }
     16 
     17 function closeIdentityPopup() {
     18  let promise = BrowserTestUtils.waitForEvent(
     19    gIdentityHandler._identityPopup,
     20    "popuphidden"
     21  );
     22  gIdentityHandler._identityPopup.hidePopup();
     23  return promise;
     24 }
     25 
     26 async function checkConnectionState(state) {
     27  await openIdentityPopup();
     28  is(getConnectionState(), state, "connectionState should be " + state);
     29  await closeIdentityPopup();
     30 }
     31 
     32 function getConnectionState() {
     33  return document.getElementById("identity-popup").getAttribute("connection");
     34 }
     35 
     36 registerCleanupFunction(function () {
     37  // Set preferences back to their original values
     38  Services.prefs.clearUserPref("security.tls.version.min");
     39  Services.prefs.clearUserPref("security.tls.version.max");
     40 });
     41 
     42 add_task(async function () {
     43  // Run with all versions enabled for this test.
     44  Services.prefs.setIntPref("security.tls.version.min", 1);
     45  Services.prefs.setIntPref("security.tls.version.max", 4);
     46 
     47  await BrowserTestUtils.withNewTab("about:blank", async function (browser) {
     48    // Try deprecated versions
     49    BrowserTestUtils.startLoadingURIString(browser, HTTPS_TLS1_0);
     50    await BrowserTestUtils.browserLoaded(browser);
     51    isSecurityState(browser, "broken");
     52    is(
     53      getIdentityMode(),
     54      "unknownIdentity weakCipher",
     55      "Identity should be unknownIdentity"
     56    );
     57    await checkConnectionState("not-secure");
     58 
     59    BrowserTestUtils.startLoadingURIString(browser, HTTPS_TLS1_1);
     60    await BrowserTestUtils.browserLoaded(browser);
     61    isSecurityState(browser, "broken");
     62    is(
     63      getIdentityMode(),
     64      "unknownIdentity weakCipher",
     65      "Identity should be unknownIdentity"
     66    );
     67    await checkConnectionState("not-secure");
     68 
     69    // Transition to secure
     70    BrowserTestUtils.startLoadingURIString(browser, HTTPS_TLS1_2);
     71    await BrowserTestUtils.browserLoaded(browser);
     72    isSecurityState(browser, "secure");
     73    is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
     74    await checkConnectionState("secure");
     75 
     76    // Transition back to broken
     77    BrowserTestUtils.startLoadingURIString(browser, HTTPS_TLS1_1);
     78    await BrowserTestUtils.browserLoaded(browser);
     79    isSecurityState(browser, "broken");
     80    is(
     81      getIdentityMode(),
     82      "unknownIdentity weakCipher",
     83      "Identity should be unknownIdentity"
     84    );
     85    await checkConnectionState("not-secure");
     86 
     87    // TLS1.3 for completeness
     88    BrowserTestUtils.startLoadingURIString(browser, HTTPS_TLS1_3);
     89    await BrowserTestUtils.browserLoaded(browser);
     90    isSecurityState(browser, "secure");
     91    is(getIdentityMode(), "verifiedDomain", "Identity should be verified");
     92    await checkConnectionState("secure");
     93  });
     94 });