Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enable TLSv1.3 by default #264

Closed
wants to merge 1 commit into from
+7 −8
Closed

enable TLSv1.3 by default #264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@
Stdlib::Absolutepath $ca_cert = '/etc/candlepin/certs/candlepin-ca.crt',
Optional[Variant[Sensitive[String], String]] $ca_key_password = undef,
Array[String] $ciphers = $candlepin::params::ciphers,
Array[String] $tls_versions = ['1.2'],
Array[String] $tls_versions = ['1.2', '1.3'],
Optional[String[1]] $java_package = undef,
String $version = 'present',
Optional[String] $adapter_module = undef,
Expand Down
7 changes: 3 additions & 4 deletions spec/acceptance/basic_candlepin_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,26 @@
include_examples 'the example', 'basic_candlepin.pp'

describe port(8443) do
it { is_expected.to be_listening }

Check failure on line 9 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9 

candlepin works Port "8443" is expected to be listening

Failure/Error: it { is_expected.to be_listening }
  expected Port "8443" to be listening

Check failure on line 9 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9 

candlepin works Port "8443" is expected to be listening

Failure/Error: it { is_expected.to be_listening }
  expected Port "8443" to be listening

Check failure on line 9 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8 

candlepin works Port "8443" is expected to be listening

Failure/Error: it { is_expected.to be_listening }
  expected Port "8443" to be listening

Check failure on line 9 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8 

candlepin works Port "8443" is expected to be listening

Failure/Error: it { is_expected.to be_listening }
  expected Port "8443" to be listening

Check failure on line 9 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9 

candlepin works Port "8443" is expected to be listening

Failure/Error: it { is_expected.to be_listening }
  expected Port "8443" to be listening

Check failure on line 9 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9 

candlepin works Port "8443" is expected to be listening

Failure/Error: it { is_expected.to be_listening }
  expected Port "8443" to be listening
end

describe command('curl -k -s -o /dev/null -w \'%{http_code}\' https://localhost:8443/candlepin/status') do
its(:stdout) { should eq "200" }

Check failure on line 13 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9 

candlepin works Command "curl -k -s -o /dev/null -w '%{http_code}' https://localhost:8443/candlepin/status" stdout is expected to eq "200"

Failure/Error: its(:stdout) { should eq "200" }
  
  expected: "200"
       got: "000"
  
  (compared using ==)

Check failure on line 13 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9 

candlepin works Command "curl -k -s -o /dev/null -w '%{http_code}' https://localhost:8443/candlepin/status" stdout is expected to eq "200"

Failure/Error: its(:stdout) { should eq "200" }
  
  expected: "200"
       got: "000"
  
  (compared using ==)

Check failure on line 13 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8 

candlepin works Command "curl -k -s -o /dev/null -w '%{http_code}' https://localhost:8443/candlepin/status" stdout is expected to eq "200"

Failure/Error: its(:stdout) { should eq "200" }
  
  expected: "200"
       got: "000"
  
  (compared using ==)

Check failure on line 13 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8 

candlepin works Command "curl -k -s -o /dev/null -w '%{http_code}' https://localhost:8443/candlepin/status" stdout is expected to eq "200"

Failure/Error: its(:stdout) { should eq "200" }
  
  expected: "200"
       got: "000"
  
  (compared using ==)

Check failure on line 13 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9 

candlepin works Command "curl -k -s -o /dev/null -w '%{http_code}' https://localhost:8443/candlepin/status" stdout is expected to eq "200"

Failure/Error: its(:stdout) { should eq "200" }
  
  expected: "200"
       got: "000"
  
  (compared using ==)

Check failure on line 13 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9 

candlepin works Command "curl -k -s -o /dev/null -w '%{http_code}' https://localhost:8443/candlepin/status" stdout is expected to eq "200"

Failure/Error: its(:stdout) { should eq "200" }
  
  expected: "200"
       got: "000"
  
  (compared using ==)
end

describe command('nmap --script +ssl-enum-ciphers localhost -p 8443') do
# We don't enable TLSv1.3 by default yet. TLSv1.3 support was added in tomcat 7.0.92
# But tomcat 7.0.76 is the latest version available on EL7
its(:stdout) { should_not match(/TLSv1\.3/) }

# Test that TLSv1.2 is enabled
its(:stdout) { should match(/TLSv1\.2/) }

Check failure on line 18 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.2/

Failure/Error: its(:stdout) { should match(/TLSv1\.2/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.38 seconds\n" to match /TLSv1\.2/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.2/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000030s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

Check failure on line 18 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.2/

Failure/Error: its(:stdout) { should match(/TLSv1\.2/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.38 seconds\n" to match /TLSv1\.2/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.2/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000036s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

Check failure on line 18 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.2/

Failure/Error: its(:stdout) { should match(/TLSv1\.2/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.48 seconds\n" to match /TLSv1\.2/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.2/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000043s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds

Check failure on line 18 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.2/

Failure/Error: its(:stdout) { should match(/TLSv1\.2/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.43 seconds\n" to match /TLSv1\.2/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.2/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000037s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Check failure on line 18 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.2/

Failure/Error: its(:stdout) { should match(/TLSv1\.2/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.43 seconds\n" to match /TLSv1\.2/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.2/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000038s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Check failure on line 18 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.2/

Failure/Error: its(:stdout) { should match(/TLSv1\.2/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.44 seconds\n" to match /TLSv1\.2/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.2/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000043s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds

# Test that TLSv1.3 is enabled
its(:stdout) { should match(/TLSv1\.3/) }

Check failure on line 21 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.3/

Failure/Error: its(:stdout) { should match(/TLSv1\.3/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.38 seconds\n" to match /TLSv1\.3/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.3/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000030s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

Check failure on line 21 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.3/

Failure/Error: its(:stdout) { should match(/TLSv1\.3/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.38 seconds\n" to match /TLSv1\.3/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.3/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000036s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

Check failure on line 21 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.3/

Failure/Error: its(:stdout) { should match(/TLSv1\.3/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.48 seconds\n" to match /TLSv1\.3/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.3/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000043s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds

Check failure on line 21 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.3/

Failure/Error: its(:stdout) { should match(/TLSv1\.3/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.43 seconds\n" to match /TLSv1\.3/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.3/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000037s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Check failure on line 21 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.3/

Failure/Error: its(:stdout) { should match(/TLSv1\.3/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.43 seconds\n" to match /TLSv1\.3/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.3/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000038s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Check failure on line 21 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /TLSv1\.3/

Failure/Error: its(:stdout) { should match(/TLSv1\.3/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.44 seconds\n" to match /TLSv1\.3/
  Diff:
  @@ -1,9 +1,17 @@
  -/TLSv1\.3/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000043s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds

# Test that older TLS versions are disabled
its(:stdout) { should_not match(/TLSv1\.1/) }
its(:stdout) { should_not match(/TLSv1\.0/) }

# Test that the least cipher strength is "strong" or "A"
its(:stdout) { should match(/least strength: (A|strong)/) }

Check failure on line 28 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /least strength: (A|strong)/

Failure/Error: its(:stdout) { should match(/least strength: (A|strong)/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.38 seconds\n" to match /least strength: (A|strong)/
  Diff:
  @@ -1,9 +1,17 @@
  -/least strength: (A|strong)/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000030s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

Check failure on line 28 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /least strength: (A|strong)/

Failure/Error: its(:stdout) { should match(/least strength: (A|strong)/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.38 seconds\n" to match /least strength: (A|strong)/
  Diff:
  @@ -1,9 +1,17 @@
  -/least strength: (A|strong)/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:54 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000036s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

Check failure on line 28 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 8 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /least strength: (A|strong)/

Failure/Error: its(:stdout) { should match(/least strength: (A|strong)/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.48 seconds\n" to match /least strength: (A|strong)/
  Diff:
  @@ -1,9 +1,17 @@
  -/least strength: (A|strong)/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000043s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds

Check failure on line 28 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 8 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /least strength: (A|strong)/

Failure/Error: its(:stdout) { should match(/least strength: (A|strong)/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.43 seconds\n" to match /least strength: (A|strong)/
  Diff:
  @@ -1,9 +1,17 @@
  -/least strength: (A|strong)/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000037s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Check failure on line 28 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /least strength: (A|strong)/

Failure/Error: its(:stdout) { should match(/least strength: (A|strong)/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.43 seconds\n" to match /least strength: (A|strong)/
  Diff:
  @@ -1,9 +1,17 @@
  -/least strength: (A|strong)/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000038s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Check failure on line 28 in spec/acceptance/basic_candlepin_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9 

candlepin works Command "nmap --script +ssl-enum-ciphers localhost -p 8443" stdout is expected to match /least strength: (A|strong)/

Failure/Error: its(:stdout) { should match(/least strength: (A|strong)/) }
  expected "Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC\nNmap scan report for localhost (127...SERVICE\n8443/tcp closed https-alt\n\nNmap done: 1 IP address (1 host up) scanned in 0.44 seconds\n" to match /least strength: (A|strong)/
  Diff:
  @@ -1,9 +1,17 @@
  -/least strength: (A|strong)/
  +Starting Nmap 7.92 ( https://nmap.org ) at 2024-06-14 14:53 UTC
  +Nmap scan report for localhost (127.0.0.1)
  +Host is up (0.000043s latency).
  +Other addresses for localhost (not scanned): ::1 127.0.0.1
  +
  +PORT     STATE  SERVICE
  +8443/tcp closed https-alt
  +
  +Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds
end

describe file("/etc/tomcat/cert-users.properties") do
Expand Down
6 changes: 3 additions & 3 deletions spec/classes/candlepin_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,14 +313,14 @@

describe 'with tls_versions' do
let :params do
{tls_versions: ['1.2', '1.3']}
{tls_versions: ['1.3']}
end

it { is_expected.to compile.with_all_deps }
it do
is_expected.to contain_file("/etc/tomcat/server.xml").
with_content(/sslProtocol="TLSv1.2,TLSv1.3"/).
with_content(/sslEnabledProtocols="TLSv1.2,TLSv1.3"/)
with_content(/sslProtocol="TLSv1.3"/).
with_content(/sslEnabledProtocols="TLSv1.3"/)
end
end

Expand Down
Loading