diff --git a/command/server/cipher_suites_test.go b/command/server/cipher_suites_test.go
new file mode 100644
index 000000000000..262227578a15
--- /dev/null
+++ b/command/server/cipher_suites_test.go
@@ -0,0 +1,17 @@
+package server
+
+import (
+	"crypto/tls"
+	"testing"
+)
+
+func TestIsBadCipher(t *testing.T) {
+	badCipher := tls.TLS_RSA_WITH_AES_128_CBC_SHA
+	if !isBadCipher(badCipher) {
+		t.Fatalf("TLS_RSA_WITH_AES_128_CBC_SHA is a bad cipher but has not been detected")
+	}
+	goodCipher := tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+	if isBadCipher(goodCipher) {
+		t.Fatalf("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is a good cipher but has been detected")
+	}
+}