feat: Add tests for 3DES and DH2048 cipher support (#351)

Cargo.toml

@@ -113,9 +113,9 @@ socket2 = { version = "0.5", features = ["all"] }
 lru = { version = "0.12", default-features = false }
 
 ## boring-tls
-boring2 = { version = "4.13.0", features = ["pq-experimental"] }
-boring-sys2 = { version = "4.13.0", features = ["pq-experimental"] }
-tokio-boring2 = { version = "4.13.0", features = ["pq-experimental"] }
+boring2 = { version = "4.14.0", features = ["pq-experimental"] }
+boring-sys2 = { version = "4.14.0", features = ["pq-experimental"] }
+tokio-boring2 = { version = "4.14.0", features = ["pq-experimental"] }
 foreign-types = "0.5.0"
 linked_hash_set = "0.1"
 

src/imp/firefox.rs

@@ -47,15 +47,15 @@ macro_rules! tls_settings {
             .enable_ech_grease(true)
             .pre_shared_key(true)
             .psk_skip_session_tickets(true)
-            .key_shares_length_limit(3)
+            .key_shares_limit(3)
             .cert_compression_algorithm(CERT_COMPRESSION_ALGORITHM)
             .build()
     };
     (2, $cipher_list:expr, $curves:expr) => {
         FirefoxTlsSettings::builder()
             .cipher_list($cipher_list)
             .curves($curves)
-            .key_shares_length_limit(2)
+            .key_shares_limit(2)
             .build()
     };
     (3, $cipher_list:expr, $curves:expr) => {
@@ -65,7 +65,7 @@ macro_rules! tls_settings {
             .session_ticket(false)
             .enable_ech_grease(true)
             .psk_dhe_ke(false)
-            .key_shares_length_limit(2)
+            .key_shares_limit(2)
             .build()
     };
 }
@@ -290,7 +290,7 @@ mod tls {
         record_size_limit: u16,
 
         #[builder(default, setter(into))]
-        key_shares_length_limit: Option<u8>,
+        key_shares_limit: Option<u8>,
 
         #[builder(default = true, setter(into))]
         psk_dhe_ke: bool,
@@ -317,7 +317,7 @@ mod tls {
                 .cert_compression_algorithm(val.cert_compression_algorithm.map(Cow::Borrowed))
                 .min_tls_version(TlsVersion::TLS_1_2)
                 .max_tls_version(TlsVersion::TLS_1_3)
-                .key_shares_length_limit(val.key_shares_length_limit)
+                .key_shares_limit(val.key_shares_limit)
                 .pre_shared_key(val.pre_shared_key)
                 .psk_skip_session_ticket(val.psk_skip_session_tickets)
                 .psk_dhe_ke(val.psk_dhe_ke)

src/tls/mod.rs

@@ -95,8 +95,8 @@ impl BoringTlsConnector {
             connector.set_record_size_limit(record_size_limit);
         }
 
-        if let Some(limit) = settings.key_shares_length_limit {
-            connector.set_key_shares_length_limit(limit);
+        if let Some(limit) = settings.key_shares_limit {
+            connector.set_key_shares_limit(limit);
         }
 
         if let Some(indices) = settings.extension_permutation_indices {
@@ -371,7 +371,7 @@ pub struct TlsSettings {
 
     /// Sets the context's key shares length limit.
     #[builder(default, setter(into))]
-    pub key_shares_length_limit: Option<u8>,
+    pub key_shares_limit: Option<u8>,
 
     /// Sets PSK with (EC)DHE key establishment (psk_dhe_ke)
     /// [Reference](https://github.com/openssl/openssl/issues/13918)
@@ -457,7 +457,7 @@ impl_debug!(
         enable_signed_cert_timestamps,
         cert_compression_algorithm,
         record_size_limit,
-        key_shares_length_limit,
+        key_shares_limit,
         psk_skip_session_ticket,
         extension_permutation_indices
     }

tests/badssl.rs

@@ -1,3 +1,6 @@
+use rquest::{join, SslCurve, TlsSettings};
+use rquest::{Client, ImpersonateSettings};
+
 #[tokio::test]
 async fn test_badssl_modern() {
     let text = rquest::Client::builder()
@@ -32,3 +35,80 @@ async fn test_badssl_self_signed() {
 
     assert!(!text.is_empty());
 }
+
+const CURVES: &[SslCurve] = &[
+    SslCurve::X25519,
+    SslCurve::SECP256R1,
+    SslCurve::SECP384R1,
+    SslCurve::SECP521R1,
+    SslCurve::FFDHE2048,
+    SslCurve::FFDHE3072,
+];
+
+#[tokio::test]
+async fn test_3des_support() -> Result<(), rquest::Error> {
+    let client = Client::builder()
+        .impersonate(
+            ImpersonateSettings::builder()
+                .tls(
+                    TlsSettings::builder()
+                        .curves(CURVES)
+                        .cipher_list(join!(
+                            ":",
+                            "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+                            "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
+                        ))
+                        .build(),
+                )
+                .build(),
+        )
+        .danger_accept_invalid_certs(true)
+        .build()?;
+
+    // Check if the client can connect to the 3des.badssl.com
+    let content = client
+        .get("https://3des.badssl.com/")
+        .send()
+        .await?
+        .text()
+        .await?;
+
+    println!("3des.badssl.com is supported:\n{}", content);
+
+    Ok(())
+}
+
+#[tokio::test]
+async fn test_firefox_7x_100_cipher() -> Result<(), rquest::Error> {
+    let client = Client::builder()
+        .impersonate(
+            ImpersonateSettings::builder()
+                .tls(
+                    TlsSettings::builder()
+                        .curves(CURVES)
+                        .cipher_list(join!(
+                            ":",
+                            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+                            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+                            "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+                            "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
+                        ))
+                        .build(),
+                )
+                .build(),
+        )
+        .danger_accept_invalid_certs(true)
+        .build()?;
+
+    // Check if the client can connect to the dh2048.badssl.com
+    let content = client
+        .get("https://dh2048.badssl.com/")
+        .send()
+        .await?
+        .text()
+        .await?;
+
+    println!("dh2048.badssl.com is supported:\n{}", content);
+
+    Ok(())
+}