test: use an always invalid cipher and cover OpenSSL 4.0 behaviours

panva · panva · commit 11015dc199ef · 2026-04-18T14:09:03.000+02:00
Signed-off-by: Filip Skokan &lt;panva.ip@gmail.com&gt;
diff --git a/test/parallel/test-tls-set-ciphers-error.js b/test/parallel/test-tls-set-ciphers-error.js
@@ -7,12 +7,13 @@ if (!common.hasCrypto)
 const assert = require('assert');
 const tls = require('tls');
 const fixtures = require('../common/fixtures');
+const { hasOpenSSL } = require('../common/crypto');
 
 {
   const options = {
     key: fixtures.readKey('agent2-key.pem'),
     cert: fixtures.readKey('agent2-cert.pem'),
-    ciphers: 'aes256-sha'
+    ciphers: 'DES-CBC-SHA'
   };
   assert.throws(() => tls.createServer(options, common.mustNotCall()),
                 /no[_ ]cipher[_ ]match/i);
@@ -23,3 +24,19 @@ const fixtures = require('../common/fixtures');
   assert.throws(() => tls.createServer(options, common.mustNotCall()),
                 /no[_ ]cipher[_ ]match/i);
 }
+
+// Cipher name matching is case-sensitive prior to OpenSSL 4.0, and
+// case-insensitive starting with OpenSSL 4.0.
+{
+  const options = {
+    key: fixtures.readKey('agent2-key.pem'),
+    cert: fixtures.readKey('agent2-cert.pem'),
+    ciphers: 'aes256-sha',
+  };
+  if (hasOpenSSL(4, 0)) {
+    tls.createServer(options).close();
+  } else {
+    assert.throws(() => tls.createServer(options, common.mustNotCall()),
+                  /no[_ ]cipher[_ ]match/i);
+  }
+}
