Test: integration spec with TLSv1.2 vs TLSv1.3

kares · kares · commit 8d180cf60760 · 2021-11-29T13:28:40.000+01:00
diff --git a/spec/integration/outputs/index_spec.rb b/spec/integration/outputs/index_spec.rb
@@ -157,15 +157,38 @@
       }
     end
     it_behaves_like("an indexer", true)
-    
-    describe "with a password requiring escaping" do
+
+    context 'with enforced TLSv1.3 protocol' do
+      let(:config) { super().merge 'ssl_enabled_protocols' => [ 'TLSv1.3' ] }
+
+      it_behaves_like("an indexer", true)
+    end
+
+    context 'with enforced TLSv1.2 protocol (while ES only enabled TLSv1.3)' do
+      let(:config) { super().merge 'ssl_enabled_protocols' => [ 'TLSv1.2' ] }
+
+      it "does not ship events" do
+        subject.multi_receive(events)
+
+        http_client.post("#{es_url}/_refresh").call
+
+        response = http_client.get("#{index_url}/_count?q=*")
+        result = LogStash::Json.load(response.body)
+        cur_count = result["count"]
+        expect(cur_count).to eq(0) # ES output keeps re-trying but ends up with a
+        # [Manticore::ClientProtocolException] Received fatal alert: protocol_version
+      end
+
+    end if ENV['ES_SSL_SUPPORTED_PROTOCOLS'] == 'TLSv1.3'
+
+    context "with a password requiring escaping" do
       let(:user) { "f@ncyuser" }
       let(:password) { "ab%12#" }
       
       include_examples("an indexer", true)
     end
     
-    describe "with a user/password requiring escaping in the URL" do
+    context "with a user/password requiring escaping in the URL" do
       let(:config) do
         {
           "hosts" => ["https://#{CGI.escape(user)}:#{CGI.escape(password)}@elasticsearch:9200"],
