Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions spec/acceptance/basic_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,14 @@
describe package('foreman-proxy-journald') do
it { is_expected.not_to be_installed }
end

describe command('nmap --script +ssl-enum-ciphers localhost -p 8443') do
its(:stdout) { should match(/TLSv1\.3/) }

Check failure on line 15 in spec/acceptance/basic_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / OpenVox 8 - Ubuntu 22.04

Scenario: install foreman-proxy Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.3/ Failure/Error: its(:stdout) { should match(/TLSv1\.3/) } expected "Starting Nmap 7.80 ( https://nmap.org ) at 2026-06-30 10:24 UTC\nNmap scan report for localhost (127...nce: server\n|_ least strength: A\n\nNmap done: 1 IP address (1 host up) scanned in 0.23 seconds\n" to match /TLSv1\.3/ Diff: @@ -1 +1,24 @@ -/TLSv1\.3/ +Starting Nmap 7.80 ( https://nmap.org ) at 2026-06-30 10:24 UTC +Nmap scan report for localhost (127.0.0.1) +Host is up (0.000043s latency). +Other addresses for localhost (not scanned): ::1 127.0.0.1 + +PORT STATE SERVICE +8443/tcp open https-alt +| ssl-enum-ciphers: +| TLSv1.2: +| ciphers: +| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A +| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A +| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A +| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A +| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A +| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A +| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A +| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A +| compressors: +| NULL +| cipher preference: server +|_ least strength: A + +Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

Check failure on line 15 in spec/acceptance/basic_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - Ubuntu 22.04

Scenario: install foreman-proxy Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.3/ Failure/Error: its(:stdout) { should match(/TLSv1\.3/) } expected "Starting Nmap 7.80 ( https://nmap.org ) at 2026-06-30 10:25 UTC\nNmap scan report for localhost (127...nce: server\n|_ least strength: A\n\nNmap done: 1 IP address (1 host up) scanned in 0.24 seconds\n" to match /TLSv1\.3/ Diff: @@ -1 +1,24 @@ -/TLSv1\.3/ +Starting Nmap 7.80 ( https://nmap.org ) at 2026-06-30 10:25 UTC +Nmap scan report for localhost (127.0.0.1) +Host is up (0.000034s latency). +Other addresses for localhost (not scanned): ::1 127.0.0.1 + +PORT STATE SERVICE +8443/tcp open https-alt +| ssl-enum-ciphers: +| TLSv1.2: +| ciphers: +| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A +| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A +| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A +| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A +| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A +| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A +| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A +| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A +| compressors: +| NULL +| cipher preference: server +|_ least strength: A + +Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds
its(:stdout) { should match(/TLSv1\.2/) }
its(:stdout) { should_not match(/TLSv1\.1/) }
its(:stdout) { should_not match(/TLSv1\.0/) }

# Test that the least cipher strength is "strong" or "A"
its(:stdout) { should match(/least strength: (A|strong)/) }
end
end
5 changes: 5 additions & 0 deletions spec/setup_acceptance_node.pp
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
# Used to test which TLS versions are enabled
package { 'nmap':
ensure => installed,
}

class { 'foreman::repo':
repo => 'nightly',
}
Expand Down
Loading