Merge pull request #2147 from DavidS/MODULES-11068-fixssl-honorcipherorder

(MODULES-11068) verify ssl_honorcipherorder behaviour

Author: sanfrancrisko

spec/classes/mod/ssl_spec.rb

@@ -285,5 +285,51 @@
 
       it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLProxyProtocol -ALL \+TLSv1$}) }
     end
+
+    context 'setting ssl_honorcipherorder' do
+      context 'default value' do
+        it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLHonorCipherOrder On$}) }
+      end
+
+      context 'force on' do
+        let :params do
+          {
+            ssl_honorcipherorder: true,
+          }
+        end
+
+        it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLHonorCipherOrder On$}) }
+      end
+
+      context 'force off' do
+        let :params do
+          {
+            ssl_honorcipherorder: false,
+          }
+        end
+
+        it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLHonorCipherOrder Off$}) }
+      end
+
+      context 'set on' do
+        let :params do
+          {
+            ssl_honorcipherorder: 'on',
+          }
+        end
+
+        it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLHonorCipherOrder On$}) }
+      end
+
+      context 'set off' do
+        let :params do
+          {
+            ssl_honorcipherorder: 'off',
+          }
+        end
+
+        it { is_expected.to contain_file('ssl.conf').with_content(%r{^  SSLHonorCipherOrder Off$}) }
+      end
+    end
   end
 end

spec/defines/vhost_spec.rb

@@ -1048,6 +1048,11 @@
               content: %r{^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$},
             )
           }
+          it {
+            is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
+              content: %r{^\s+SSLHonorCipherOrder\s+Off$},
+            )
+          }
           it {
             is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
               content: %r{^\s+SSLUserName\s+SSL_CLIENT_S_DN_CN$},