Why should systems and infrastructure not be treated in the same way as other software components, especially when it comes to implementing security concerns. With today’s POODLE announcement of another SSL vulnerability it makes sense to add infrastructure tests to your regression tests
ServerSpec is a solid way of testing for this, and can be done as follows:
describe command 'openssl s_client -connect localhost:443 -ssl3 < /dev/null' do
its(:exit_status) { should eq 1 }
its(:stdout) { should match /no peer certificate available/ }
end
Use of the < /dev/null is to force the openssl client to terminate instead of
waiting for input from the shell as we are only interested in the key exchange.