go-proxy/tls_runtime_test.go

package proxy

import (
	"crypto/tls"
	"testing"
)

func TestTLSRuntime_buildTLSConfig_Good(t *testing.T) {
	config := buildTLSConfig(TLSConfig{
		Ciphers:   "ECDHE-RSA-AES128-GCM-SHA256:TLS_AES_128_GCM_SHA256",
		Protocols: "TLSv1.2,TLSv1.3",
	})

	if config.MinVersion != tls.VersionTLS12 {
		t.Fatalf("expected min version TLS1.2, got %d", config.MinVersion)
	}
	if config.MaxVersion != tls.VersionTLS13 {
		t.Fatalf("expected max version TLS1.3, got %d", config.MaxVersion)
	}
	if len(config.CipherSuites) != 2 || config.CipherSuites[0] != tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || config.CipherSuites[1] != tls.TLS_AES_128_GCM_SHA256 {
		t.Fatalf("unexpected cipher suites: %#v", config.CipherSuites)
	}
}

func TestTLSRuntime_buildTLSConfig_Bad(t *testing.T) {
	config := buildTLSConfig(TLSConfig{Protocols: "bogus", Ciphers: "bogus"})

	if config.MinVersion != 0 || config.MaxVersion != 0 {
		t.Fatalf("expected default versions for invalid input, got min=%d max=%d", config.MinVersion, config.MaxVersion)
	}
	if len(config.CipherSuites) != 0 {
		t.Fatalf("expected no cipher suites for invalid input, got %#v", config.CipherSuites)
	}
}

func TestTLSRuntime_buildTLSConfig_Ugly(t *testing.T) {
	config := buildTLSConfig(TLSConfig{Protocols: "1.1:1.2:1.3", Ciphers: "AES128-GCM-SHA256,unknown"})

	if config.MinVersion != tls.VersionTLS11 {
		t.Fatalf("expected min version TLS1.1, got %d", config.MinVersion)
	}
	if config.MaxVersion != tls.VersionTLS13 {
		t.Fatalf("expected max version TLS1.3, got %d", config.MaxVersion)
	}
	if len(config.CipherSuites) != 1 || config.CipherSuites[0] != tls.TLS_RSA_WITH_AES_128_GCM_SHA256 {
		t.Fatalf("unexpected cipher suites: %#v", config.CipherSuites)
	}
}
feat(proxy): honour TLS config and pool keepalive Co-Authored-By: Virgil <virgil@lethean.io> 2026-04-04 11:16:29 +00:00			`package proxy`

			`import (`
			`"crypto/tls"`
			`"testing"`
			`)`

			`func TestTLSRuntime_buildTLSConfig_Good(t *testing.T) {`
			`config := buildTLSConfig(TLSConfig{`
			`Ciphers: "ECDHE-RSA-AES128-GCM-SHA256:TLS_AES_128_GCM_SHA256",`
			`Protocols: "TLSv1.2,TLSv1.3",`
			`})`

			`if config.MinVersion != tls.VersionTLS12 {`
			`t.Fatalf("expected min version TLS1.2, got %d", config.MinVersion)`
			`}`
			`if config.MaxVersion != tls.VersionTLS13 {`
			`t.Fatalf("expected max version TLS1.3, got %d", config.MaxVersion)`
			`}`
			`if len(config.CipherSuites) != 2 \|\| config.CipherSuites[0] != tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \|\| config.CipherSuites[1] != tls.TLS_AES_128_GCM_SHA256 {`
			`t.Fatalf("unexpected cipher suites: %#v", config.CipherSuites)`
			`}`
			`}`

			`func TestTLSRuntime_buildTLSConfig_Bad(t *testing.T) {`
			`config := buildTLSConfig(TLSConfig{Protocols: "bogus", Ciphers: "bogus"})`

			`if config.MinVersion != 0 \|\| config.MaxVersion != 0 {`
			`t.Fatalf("expected default versions for invalid input, got min=%d max=%d", config.MinVersion, config.MaxVersion)`
			`}`
			`if len(config.CipherSuites) != 0 {`
			`t.Fatalf("expected no cipher suites for invalid input, got %#v", config.CipherSuites)`
			`}`
			`}`

			`func TestTLSRuntime_buildTLSConfig_Ugly(t *testing.T) {`
			`config := buildTLSConfig(TLSConfig{Protocols: "1.1:1.2:1.3", Ciphers: "AES128-GCM-SHA256,unknown"})`

			`if config.MinVersion != tls.VersionTLS11 {`
			`t.Fatalf("expected min version TLS1.1, got %d", config.MinVersion)`
			`}`
			`if config.MaxVersion != tls.VersionTLS13 {`
			`t.Fatalf("expected max version TLS1.3, got %d", config.MaxVersion)`
			`}`
			`if len(config.CipherSuites) != 1 \|\| config.CipherSuites[0] != tls.TLS_RSA_WITH_AES_128_GCM_SHA256 {`
			`t.Fatalf("unexpected cipher suites: %#v", config.CipherSuites)`
			`}`
			`}`