User agents compatibility from cipher suite

7 years ago · 018f2ba6f5
parent 4510cd158a
commit 018f2ba6f5
9 changed files with 2082 additions and 2 deletions
--- a/app/views/application/_headers.erb
+++ b/app/views/application/_headers.erb
@ -10,6 +10,7 @@
 				<li><%= link_to 'SSH', ssh_path %></li>
 			</ul>
 			<ul class="nav navbar-nav navbar-right">
+				<li><%= link_to 'Cipher suite', suite_path %></li>
 				<li><%= link_to 'Ciphers', ciphers_path %></li>
 				<!--
 				<li class="dropdown">
--- a/app/views/site/index.html.erb
+++ b/app/views/site/index.html.erb
@ -0,0 +1,20 @@
+<div id="check" class="container">
+	<div class="row">
+		<div class="col-sm-12">
+			<h1>Vérifier votre domaine</h1>
+			<%= form_tag root_path do %>
+				<div class="form-group">
+					<div class="col-sm-8">
+						<%= text_field_tag :host, nil, class: %i(form-control input-lg), placeholder: 'your-site.com' %>
+					</div>
+					<div class="col-sm-2">
+						<%= select_tag :type, options_for_select({'HTTPS' => :https, 'SMTP' => :smtp, 'XMPP' => :xmpp}), class: %i(form-control input-lg) %>
+					</div>
+					<div class="col-sm-2">
+						<%= submit_tag 'Test-moi !', class: %i(form-control btn btn-primary input-lg pull-right) %>
+					</div>
+				</div>
+			<% end %>
+		</div>
+	</div>
+</div>
--- a/app/views/site/suite.html.erb
+++ b/app/views/site/suite.html.erb
@ -0,0 +1,57 @@
+<div class="container">
+	<div class="row">
+		<div class="col-sm-12">
+			<h1>Cipher suite : <%= @suite %></h1>
+		</div>
+	</div>
+	<div class="row">
+		<table class="table-bordered table-condensed table-striped col-sm-12">
+			<thead>
+				<tr>
+					<th class="col-sm-4">Navigateur</th>
+					<th class="col-sm-8" colspan="3">Cipher</th>
+				</tr>
+			</thead>
+			<tbody>
+			<%
+			   iana_ciphers = Hash[@ciphers.collect { |c| [Rails.application.config.openssl_ciphers[c.name], c] }]
+			   Rails.application.config.user_agents_ciphers.each do |ua, support|
+				   cipher = (support['ciphers'].collect(&:first) & iana_ciphers.keys).first
+				   cipher = iana_ciphers[cipher] if cipher
+			%>
+				<tr>
+					<th><%= ua %></th>
+					<% if cipher %>
+					<td><%= cipher_name_label cipher %></td>
+					<td><%= cipher_size_label cipher %></td>
+					<td><%= cipher_labels cipher %></td>
+					<% else %>
+					<td colspan="3"><%= label('Non supporté', :error) %></td>
+					<% end %>
+				</tr>
+			<% end %>
+			</tbody>
+		</table>
+	</div>
+	<br/>
+	<div class="row">
+		<table class="table-bordered table-condensed table-striped col-sm-12">
+			<thead>
+			<tr>
+				<th class="col-sm-4">Algorithme</th>
+				<th class="col-sm-1">Taille</th>
+				<td class="col-sm-7"></td>
+			</tr>
+			</thead>
+			<tbody>
+			<% @ciphers.each do |cipher| %>
+				<tr>
+					<th><%= cipher_name_label cipher %></th>
+					<th><%= cipher_size_label cipher %></th>
+					<th><%= cipher_labels cipher %></th>
+				</tr>
+			<% end %>
+			</tbody>
+		</table>
+	</div>
+</div>
--- a/app/views/site/suite_index.html.erb
+++ b/app/views/site/suite_index.html.erb
@ -0,0 +1,17 @@
+<div id="check" class="container">
+	<div class="row">
+		<div class="col-sm-12">
+			<h1>Compatibilités des user agents</h1>
+			<%= form_tag suite_path do %>
+				<div class="form-group">
+					<div class="col-sm-10">
+						<%= text_field_tag :suite, nil, class: %i(form-control input-lg), placeholder: 'EECDH+AES' %>
+					</div>
+					<div class="col-sm-2">
+						<%= submit_tag 'Test-moi !', class: %i(form-control btn btn-primary input-lg pull-right) %>
+					</div>
+				</div>
+			<% end %>
+		</div>
+	</div>
+</div>
--- a/bin/fetch_ssllabs_useragent
+++ b/bin/fetch_ssllabs_useragent
@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+require 'httparty'
+require 'nokogiri'
+require 'nokogiri-pretty'
+require 'open-uri'
+
+uas = Nokogiri::HTML open 'https://www.ssllabs.com/ssltest/clients.html'
+uas = Hash[uas.css('#multiTable > tr > td:first > a').collect do |ua|
+	ua_url = ua.attr :href
+	ua = Nokogiri::HTML open "https://www.ssllabs.com/ssltest/#{ua_url}"
+
+	name = ua.at_css('h1').text.sub('User Agent Capabilities:', '').strip
+	puts name
+
+	reports = ua.css '.reportTable'
+	protocols = Hash[reports[0].css('tr').collect do |protocol|
+		protocol, support = protocol.css 'td'
+		next if protocol.attr(:class) == 'tableHead'
+		protocol = protocol.text.sub("\xC2\xA0 INSECURE", '').strip
+		support = support.text == 'Yes'
+		[protocol, support]
+	end.reject &:nil?]
+
+	ciphers = Hash[reports[1].css('tr').collect do |cipher|
+		cipher, size = cipher.css 'td'
+		next if cipher.attr(:class) == 'tableHead' or size.nil?
+		cipher = /(.*) \(0x(.*)\).*/.match cipher.text
+		cipher = ["0x#{cipher[2].upcase.rjust(2, '0')}", cipher[1]]
+	end.reject &:nil?]
+
+	[name, { protocols: protocols, ciphers: ciphers }]
+end]
+File.write 'config/user-agent.json', JSON.pretty_generate(uas, {indent: "\t"})
--- a/config/initializers/ciphers.rb
+++ b/config/initializers/ciphers.rb
@ -0,0 +1,6 @@
+Rails.application.config.tap do |config|
+	config.openssl_ciphers = JSON.parse File.read 'config/openssl-ciphers.json'
+	config.openssl_ciphers.merge! config.openssl_ciphers.invert
+
+	config.user_agents_ciphers = JSON.parse File.read 'config/user-agents-ciphers.json'
+end
--- a/config/openssl-ciphers.json
+++ b/config/openssl-ciphers.json
@ -0,0 +1,104 @@
+{
+	"0x04": "RC4-MD5",
+	"0x05": "RC4-SHA",
+	"0x09": "DES-CBC-SHA",
+	"0x0A": "DES-CBC3-SHA",
+	"0x0C": "DH-DSS-DES-CBC-SHA",
+	"0x0D": "DH-DSS-DES-CBC3-SHA",
+	"0x0F": "DH-RSA-DES-CBC-SHA",
+	"0x10": "DH-RSA-DES-CBC3-SHA",
+	"0x12": "EDH-DSS-DES-CBC-SHA",
+	"0x13": "EDH-DSS-DES-CBC3-SHA",
+	"0x15": "EDH-RSA-DES-CBC-SHA",
+	"0x16": "EDH-RSA-DES-CBC3-SHA",
+	"0x2F": "AES128-SHA",
+	"0x30": "DH-DSS-AES128-SHA",
+	"0x31": "DH-RSA-AES128-SHA",
+	"0x32": "DHE-DSS-AES128-SHA",
+	"0x33": "DHE-RSA-AES128-SHA",
+	"0x35": "AES256-SHA",
+	"0x36": "DH-DSS-AES256-SHA",
+	"0x37": "DH-RSA-AES256-SHA",
+	"0x38": "DHE-DSS-AES256-SHA",
+	"0x39": "DHE-RSA-AES256-SHA",
+	"0x3C": "AES128-SHA256",
+	"0x3D": "AES256-SHA256",
+	"0x3E": "DH-DSS-AES128-SHA256",
+	"0x3F": "DH-RSA-AES128-SHA256",
+	"0x40": "DHE-DSS-AES128-SHA256",
+	"0x41": "CAMELLIA128-SHA",
+	"0x42": "DH-DSS-CAMELLIA128-SHA",
+	"0x43": "DH-RSA-CAMELLIA128-SHA",
+	"0x44": "DHE-DSS-CAMELLIA128-SHA",
+	"0x45": "DHE-RSA-CAMELLIA128-SHA",
+	"0x67": "DHE-RSA-AES128-SHA256",
+	"0x68": "DH-DSS-AES256-SHA256",
+	"0x69": "DH-RSA-AES256-SHA256",
+	"0x6A": "DHE-DSS-AES256-SHA256",
+	"0x6B": "DHE-RSA-AES256-SHA256",
+	"0x84": "CAMELLIA256-SHA",
+	"0x85": "DH-DSS-CAMELLIA256-SHA",
+	"0x86": "DH-RSA-CAMELLIA256-SHA",
+	"0x87": "DHE-DSS-CAMELLIA256-SHA",
+	"0x88": "DHE-RSA-CAMELLIA256-SHA",
+	"0x8A": "PSK-RC4-SHA",
+	"0x8B": "PSK-3DES-EDE-CBC-SHA",
+	"0x8C": "PSK-AES128-CBC-SHA",
+	"0x8D": "PSK-AES256-CBC-SHA",
+	"0x96": "SEED-SHA",
+	"0x97": "DH-DSS-SEED-SHA",
+	"0x98": "DH-RSA-SEED-SHA",
+	"0x99": "DHE-DSS-SEED-SHA",
+	"0x9A": "DHE-RSA-SEED-SHA",
+	"0x9C": "AES128-GCM-SHA256",
+	"0x9D": "AES256-GCM-SHA384",
+	"0x9E": "DHE-RSA-AES128-GCM-SHA256",
+	"0x9F": "DHE-RSA-AES256-GCM-SHA384",
+	"0xA0": "DH-RSA-AES128-GCM-SHA256",
+	"0xA1": "DH-RSA-AES256-GCM-SHA384",
+	"0xA2": "DHE-DSS-AES128-GCM-SHA256",
+	"0xA3": "DHE-DSS-AES256-GCM-SHA384",
+	"0xA4": "DH-DSS-AES128-GCM-SHA256",
+	"0xA5": "DH-DSS-AES256-GCM-SHA384",
+	"0xC002": "ECDH-ECDSA-RC4-SHA",
+	"0xC003": "ECDH-ECDSA-DES-CBC3-SHA",
+	"0xC004": "ECDH-ECDSA-AES128-SHA",
+	"0xC005": "ECDH-ECDSA-AES256-SHA",
+	"0xC007": "ECDHE-ECDSA-RC4-SHA",
+	"0xC008": "ECDHE-ECDSA-DES-CBC3-SHA",
+	"0xC009": "ECDHE-ECDSA-AES128-SHA",
+	"0xC00A": "ECDHE-ECDSA-AES256-SHA",
+	"0xC00C": "ECDH-RSA-RC4-SHA",
+	"0xC00D": "ECDH-RSA-DES-CBC3-SHA",
+	"0xC00E": "ECDH-RSA-AES128-SHA",
+	"0xC00F": "ECDH-RSA-AES256-SHA",
+	"0xC011": "ECDHE-RSA-RC4-SHA",
+	"0xC012": "ECDHE-RSA-DES-CBC3-SHA",
+	"0xC013": "ECDHE-RSA-AES128-SHA",
+	"0xC014": "ECDHE-RSA-AES256-SHA",
+	"0xC01A": "SRP-3DES-EDE-CBC-SHA",
+	"0xC01B": "SRP-RSA-3DES-EDE-CBC-SHA",
+	"0xC01C": "SRP-DSS-3DES-EDE-CBC-SHA",
+	"0xC01D": "SRP-AES-128-CBC-SHA",
+	"0xC01E": "SRP-RSA-AES-128-CBC-SHA",
+	"0xC01F": "SRP-DSS-AES-128-CBC-SHA",
+	"0xC020": "SRP-AES-256-CBC-SHA",
+	"0xC021": "SRP-RSA-AES-256-CBC-SHA",
+	"0xC022": "SRP-DSS-AES-256-CBC-SHA",
+	"0xC023": "ECDHE-ECDSA-AES128-SHA256",
+	"0xC024": "ECDHE-ECDSA-AES256-SHA384",
+	"0xC025": "ECDH-ECDSA-AES128-SHA256",
+	"0xC026": "ECDH-ECDSA-AES256-SHA384",
+	"0xC027": "ECDHE-RSA-AES128-SHA256",
+	"0xC028": "ECDHE-RSA-AES256-SHA384",
+	"0xC029": "ECDH-RSA-AES128-SHA256",
+	"0xC02A": "ECDH-RSA-AES256-SHA384",
+	"0xC02B": "ECDHE-ECDSA-AES128-GCM-SHA256",
+	"0xC02C": "ECDHE-ECDSA-AES256-GCM-SHA384",
+	"0xC02D": "ECDH-ECDSA-AES128-GCM-SHA256",
+	"0xC02E": "ECDH-ECDSA-AES256-GCM-SHA384",
+	"0xC02F": "ECDHE-RSA-AES128-GCM-SHA256",
+	"0xC030": "ECDHE-RSA-AES256-GCM-SHA384",
+	"0xC031": "ECDH-RSA-AES128-GCM-SHA256",
+	"0xC032": "ECDH-RSA-AES256-GCM-SHA384"
+}
--- a/config/routes.rb
+++ b/config/routes.rb
@ -26,6 +26,9 @@ Rails.application.routes.draw do
 		get ':id/refresh', action: :refresh, as: :refresh
 	end

-	root 'https#index'
-	get '/ciphers' => 'site#ciphers'
+	get 'ciphers' => 'site#ciphers'
+	get 'suite' => 'site#suite_index'
+	post 'suite' => 'site#suite'
+	root 'site#index'
+	post '/' => 'site#check'
 end
--- a/config/user-agents-ciphers.json
+++ b/config/user-agents-ciphers.json