I'm in the process of migrating some CFML projects from Adobe ColdFusion 2016 to either CF2021 or Lucee. After the recent CF2016v17 update, I've been reading some reports of SSL connections not working and wanted to find out for myself if all platforms returned equivalent results when connecting to badssl.com. While badssl is meant for manual testing of security UI in web clients, it's the best (and only) public SSL testing endpoint that I could find.
Here's the TestBox unit CFC with 59 tests based on the SSL connection results that are currently expected by the Chromium browser. (8 of the tests failed to identify the SSL as "invalid", but that's because CFHTTP doesn't perform the same validity checks that Chromium does.)
Gist Link
https://gist.github.com/JamoCA/df8436a55bdc64dfc9276b11fed68aae
Gist Source
component | |
displayName="TestBox for BadSSL.com Tests" | |
labels ="coldfusion,cfml" | |
extends ="testbox.system.BaseSpec" { | |
/* | |
date: 3/31/2021 | |
gist: https://gist.github.com/JamoCA/df8436a55bdc64dfc9276b11fed68aae | |
blog: https://dev.to/gamesover/cfml-unit-tests-for-cfhttp-and-badssl-1lfa | |
*/ | |
function beforeTests(){} | |
function afterTests(){} | |
function setup(){} | |
function teardown(){} | |
function doHttp(string url) { | |
cfhttp(method="GET", charset="utf-8", url=arguments.url, result="local.result", redirect="no", getasbinary="never", timeout="5", throwonerror=false, useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4437.0 Safari/537.36 Edg/91.0.831.1"); | |
return local.result; | |
} | |
/************* Test Methods from https://badssl.com/ *************/ | |
function testexpire() { | |
local.result = doHttp("https://expired.badssl.com/"); | |
expect(local.result.errorDetail).toBeEmpty(); | |
} | |
function testwrong_host() { | |
local.result = doHttp("https://wrong.host.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testself_signed() { | |
local.result = doHttp("https://self-signed.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testuntrusted_root() { | |
local.result = doHttp("https://untrusted-root.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testrevoked() { | |
local.result = doHttp("https://revoked.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testpinning_test() { | |
local.result = doHttp("https://pinning-test.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testno_common_name() { | |
local.result = doHttp("https://no-common-name.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testno_subject() { | |
local.result = doHttp("https://no-subject.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testincomplete_chain() { | |
local.result = doHttp("https://incomplete-chain.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testreversed_chain() { | |
local.result = doHttp("https://reversed-chain.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testsha256() { | |
local.result = doHttp("https://sha256.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testsha384() { | |
local.result = doHttp("https://sha384.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testsha512() { | |
local.result = doHttp("https://sha512.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function test1000_sans() { | |
local.result = doHttp("https://1000-sans.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function test10000_sans() { | |
local.result = doHttp("https://10000-sans.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testecc256() { | |
local.result = doHttp("https://ecc256.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testecc384() { | |
local.result = doHttp("https://ecc384.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testersa2048() { | |
local.result = doHttp("https://rsa2048.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testersa4096() { | |
local.result = doHttp("https://rsa4096.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testrsa8192() { | |
local.result = doHttp("https://rsa8192.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testextended_validation() { | |
local.result = doHttp("https://extended-validation.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testclient() { | |
local.result = doHttp("https://client.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testclient_cert_missing() { | |
local.result = doHttp("https://client-cert-missing.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testmixed_script() { | |
local.result = doHttp("https://mixed-script.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testvery() { | |
local.result = doHttp("https://very.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testcbc() { | |
local.result = doHttp("https://cbc.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testrc4_md5() { | |
local.result = doHttp("https://rc4-md5.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testrc4() { | |
local.result = doHttp("https://rc4.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function test3des() { | |
local.result = doHttp("https://3des.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testnull() { | |
local.result = doHttp("https://null.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testmozilla_old() { | |
local.result = doHttp("https://mozilla-old.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testmozilla_intermediate() { | |
local.result = doHttp("https://mozilla-intermediate.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testmozilla_modern() { | |
local.result = doHttp("https://mozilla-modern.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testdh480() { | |
local.result = doHttp("https://dh480.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testdh512() { | |
local.result = doHttp("https://dh512.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testdh1024() { | |
local.result = doHttp("https://dh1024.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testdh2048() { | |
local.result = doHttp("https://dh2048.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testdh_small_subgroup() { | |
local.result = doHttp("https://dh-small-subgroup.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testdh_composite() { | |
local.result = doHttp("https://dh-composite.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function teststatic_rsa() { | |
local.result = doHttp("https://static-rsa.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testtls_v1_0() { | |
local.result = doHttp("https://tls-v1-0.badssl.com:1010/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testtls_v1_1() { | |
local.result = doHttp("https://tls-v1-1.badssl.com:1011/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testtls_v1_2() { | |
local.result = doHttp("https://tls-v1-2.badssl.com:1012/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testtls_v1_3() { | |
// local.result = doHttp("https://tls13.1d.pw/"); | |
local.result = doHttp("https://tls13.akamai.io/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testtls_v1_3_AdobeForums() skip=true { | |
local.result = doHttp("https://www.xpressreg.net/services/XpressWebRegService/CDSBridgeLite.asmx"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testno_sct() { | |
local.result = doHttp("https://no-sct.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testhsts() { | |
local.result = doHttp("https://hsts.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testupgrade() { | |
local.result = doHttp("https://upgrade.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testpreloaded_hsts() { | |
local.result = doHttp("https://preloaded-hsts.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testsubdomain_preloaded_hsts() { | |
local.result = doHttp("https://subdomain.preloaded-hsts.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testhttps_everywhere() { | |
local.result = doHttp("https://https-everywhere.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testlong_extended_subdomain_name_containing_many_letters_and_dashes() { | |
local.result = doHttp("https://long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testlongextendedsubdomainnamewithoutdashesinordertotestwordwrapping() { | |
local.result = doHttp("https://longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com/"); | |
$assert.isEqual("", local.result.errorDetail); | |
} | |
function testsuperfish() { | |
local.result = doHttp("https://superfish.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testedellroot() { | |
local.result = doHttp("https://edellroot.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testdsdtestprovider() { | |
local.result = doHttp("https://dsdtestprovider.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testpreact_cli() { | |
local.result = doHttp("https://preact-cli.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testwebpack_dev_server() { | |
local.result = doHttp("https://webpack-dev-server.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testcaptive_portal() { | |
local.result = doHttp("https://captive-portal.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testmitm_software() { | |
local.result = doHttp("https://mitm-software.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testsha1_2016() { | |
local.result = doHttp("https://sha1-2016.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testsha1_2017() { | |
local.result = doHttp("https://sha1-2017.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
function testsha1_intermediate() { | |
local.result = doHttp("https://sha1-intermediate.badssl.com/"); | |
$assert.includes(local.result.errorDetail, "Usage constraint TLSServer check failed"); | |
} | |
function testinvalid_expected_sct() { | |
local.result = doHttp("https://invalid-expected-sct.badssl.com/"); | |
$assert.isNotEqual("", local.result.errorDetail); | |
} | |
} |
Top comments (0)