From cff4771375ee5120fdd11a82a3e090cc3ecd6135 Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Date: Thu, 29 Oct 2020 13:57:20 -0500
Subject: [PATCH] Issue #5531 - Test excluded protocol behavior

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
---
 .../jetty/util/ssl/SslContextFactoryTest.java | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
index ee7da6f82506..d1bf6123e4e4 100644
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
@@ -50,6 +50,7 @@
 import org.junit.jupiter.api.Test;
 
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.arrayContaining;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
@@ -95,6 +96,39 @@ public void testSLOTH() throws Exception
         }
     }
 
+    @Test
+    public void testDumpExcludedProtocols() throws Exception
+    {
+        SslContextFactory.Server cf = new SslContextFactory.Server();
+        cf.setKeyStorePassword("storepwd");
+        cf.setKeyManagerPassword("keypwd");
+        cf.setExcludeProtocols("SSL.*", "TLSv1", "TLSv1\\.[01]");
+        cf.start();
+
+        // Confirm behavior in engine
+        assertThat(cf.newSSLEngine().getEnabledProtocols(), not(arrayContaining("TLSv1.1")));
+
+        // Confirm output in dump
+        List<SslSelectionDump> dumps = cf.selectionDump();
+
+        Optional<SslSelectionDump> protocolDumpOpt = dumps.stream()
+            .filter((dump) -> dump.type.contains("Protocol"))
+            .findFirst();
+
+        assertTrue(protocolDumpOpt.isPresent(), "Protocol dump section should exist");
+
+        SslSelectionDump protocolDump = protocolDumpOpt.get();
+
+        long countTls11Enabled = protocolDump.enabled.stream().filter((t) -> t.contains("TLSv1.1")).count();
+        long countTls11Disabled = protocolDump.disabled.stream().filter((t) -> t.contains("TLSv1.1")).count();
+
+        assertThat("Enabled Protocols TLSv1.1 count", countTls11Enabled, is(0L));
+        assertThat("Disabled Protocols TLSv1.1 count", countTls11Disabled, is(1L));
+
+        // Uncomment to show in console.
+        // cf.dump(System.out, "");
+    }
+
     @Test
     public void testDumpIncludeTlsRsa() throws Exception
     {