User agents compatibility from cipher suite

v1
Aeris 8 years ago
parent 4510cd158a
commit 018f2ba6f5
  1. 1
      app/views/application/_headers.erb
  2. 20
      app/views/site/index.html.erb
  3. 57
      app/views/site/suite.html.erb
  4. 17
      app/views/site/suite_index.html.erb
  5. 33
      bin/fetch_ssllabs_useragent
  6. 6
      config/initializers/ciphers.rb
  7. 104
      config/openssl-ciphers.json
  8. 7
      config/routes.rb
  9. 1839
      config/user-agents-ciphers.json

@ -10,6 +10,7 @@
<li><%= link_to 'SSH', ssh_path %></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li><%= link_to 'Cipher suite', suite_path %></li>
<li><%= link_to 'Ciphers', ciphers_path %></li>
<!--
<li class="dropdown">

@ -0,0 +1,20 @@
<div id="check" class="container">
<div class="row">
<div class="col-sm-12">
<h1>Vérifier votre domaine</h1>
<%= form_tag root_path do %>
<div class="form-group">
<div class="col-sm-8">
<%= text_field_tag :host, nil, class: %i(form-control input-lg), placeholder: 'your-site.com' %>
</div>
<div class="col-sm-2">
<%= select_tag :type, options_for_select({'HTTPS' => :https, 'SMTP' => :smtp, 'XMPP' => :xmpp}), class: %i(form-control input-lg) %>
</div>
<div class="col-sm-2">
<%= submit_tag 'Test-moi !', class: %i(form-control btn btn-primary input-lg pull-right) %>
</div>
</div>
<% end %>
</div>
</div>
</div>

@ -0,0 +1,57 @@
<div class="container">
<div class="row">
<div class="col-sm-12">
<h1>Cipher suite : <%= @suite %></h1>
</div>
</div>
<div class="row">
<table class="table-bordered table-condensed table-striped col-sm-12">
<thead>
<tr>
<th class="col-sm-4">Navigateur</th>
<th class="col-sm-8" colspan="3">Cipher</th>
</tr>
</thead>
<tbody>
<%
iana_ciphers = Hash[@ciphers.collect { |c| [Rails.application.config.openssl_ciphers[c.name], c] }]
Rails.application.config.user_agents_ciphers.each do |ua, support|
cipher = (support['ciphers'].collect(&:first) & iana_ciphers.keys).first
cipher = iana_ciphers[cipher] if cipher
%>
<tr>
<th><%= ua %></th>
<% if cipher %>
<td><%= cipher_name_label cipher %></td>
<td><%= cipher_size_label cipher %></td>
<td><%= cipher_labels cipher %></td>
<% else %>
<td colspan="3"><%= label('Non supporté', :error) %></td>
<% end %>
</tr>
<% end %>
</tbody>
</table>
</div>
<br/>
<div class="row">
<table class="table-bordered table-condensed table-striped col-sm-12">
<thead>
<tr>
<th class="col-sm-4">Algorithme</th>
<th class="col-sm-1">Taille</th>
<td class="col-sm-7"></td>
</tr>
</thead>
<tbody>
<% @ciphers.each do |cipher| %>
<tr>
<th><%= cipher_name_label cipher %></th>
<th><%= cipher_size_label cipher %></th>
<th><%= cipher_labels cipher %></th>
</tr>
<% end %>
</tbody>
</table>
</div>
</div>

@ -0,0 +1,17 @@
<div id="check" class="container">
<div class="row">
<div class="col-sm-12">
<h1>Compatibilités des user agents</h1>
<%= form_tag suite_path do %>
<div class="form-group">
<div class="col-sm-10">
<%= text_field_tag :suite, nil, class: %i(form-control input-lg), placeholder: 'EECDH+AES' %>
</div>
<div class="col-sm-2">
<%= submit_tag 'Test-moi !', class: %i(form-control btn btn-primary input-lg pull-right) %>
</div>
</div>
<% end %>
</div>
</div>
</div>

@ -0,0 +1,33 @@
#!/usr/bin/env ruby
require 'httparty'
require 'nokogiri'
require 'nokogiri-pretty'
require 'open-uri'
uas = Nokogiri::HTML open 'https://www.ssllabs.com/ssltest/clients.html'
uas = Hash[uas.css('#multiTable > tr > td:first > a').collect do |ua|
ua_url = ua.attr :href
ua = Nokogiri::HTML open "https://www.ssllabs.com/ssltest/#{ua_url}"
name = ua.at_css('h1').text.sub('User Agent Capabilities:', '').strip
puts name
reports = ua.css '.reportTable'
protocols = Hash[reports[0].css('tr').collect do |protocol|
protocol, support = protocol.css 'td'
next if protocol.attr(:class) == 'tableHead'
protocol = protocol.text.sub("\xC2\xA0 INSECURE", '').strip
support = support.text == 'Yes'
[protocol, support]
end.reject &:nil?]
ciphers = Hash[reports[1].css('tr').collect do |cipher|
cipher, size = cipher.css 'td'
next if cipher.attr(:class) == 'tableHead' or size.nil?
cipher = /(.*) \(0x(.*)\).*/.match cipher.text
cipher = ["0x#{cipher[2].upcase.rjust(2, '0')}", cipher[1]]
end.reject &:nil?]
[name, { protocols: protocols, ciphers: ciphers }]
end]
File.write 'config/user-agent.json', JSON.pretty_generate(uas, {indent: "\t"})

@ -0,0 +1,6 @@
Rails.application.config.tap do |config|
config.openssl_ciphers = JSON.parse File.read 'config/openssl-ciphers.json'
config.openssl_ciphers.merge! config.openssl_ciphers.invert
config.user_agents_ciphers = JSON.parse File.read 'config/user-agents-ciphers.json'
end

@ -0,0 +1,104 @@
{
"0x04": "RC4-MD5",
"0x05": "RC4-SHA",
"0x09": "DES-CBC-SHA",
"0x0A": "DES-CBC3-SHA",
"0x0C": "DH-DSS-DES-CBC-SHA",
"0x0D": "DH-DSS-DES-CBC3-SHA",
"0x0F": "DH-RSA-DES-CBC-SHA",
"0x10": "DH-RSA-DES-CBC3-SHA",
"0x12": "EDH-DSS-DES-CBC-SHA",
"0x13": "EDH-DSS-DES-CBC3-SHA",
"0x15": "EDH-RSA-DES-CBC-SHA",
"0x16": "EDH-RSA-DES-CBC3-SHA",
"0x2F": "AES128-SHA",
"0x30": "DH-DSS-AES128-SHA",
"0x31": "DH-RSA-AES128-SHA",
"0x32": "DHE-DSS-AES128-SHA",
"0x33": "DHE-RSA-AES128-SHA",
"0x35": "AES256-SHA",
"0x36": "DH-DSS-AES256-SHA",
"0x37": "DH-RSA-AES256-SHA",
"0x38": "DHE-DSS-AES256-SHA",
"0x39": "DHE-RSA-AES256-SHA",
"0x3C": "AES128-SHA256",
"0x3D": "AES256-SHA256",
"0x3E": "DH-DSS-AES128-SHA256",
"0x3F": "DH-RSA-AES128-SHA256",
"0x40": "DHE-DSS-AES128-SHA256",
"0x41": "CAMELLIA128-SHA",
"0x42": "DH-DSS-CAMELLIA128-SHA",
"0x43": "DH-RSA-CAMELLIA128-SHA",
"0x44": "DHE-DSS-CAMELLIA128-SHA",
"0x45": "DHE-RSA-CAMELLIA128-SHA",
"0x67": "DHE-RSA-AES128-SHA256",
"0x68": "DH-DSS-AES256-SHA256",
"0x69": "DH-RSA-AES256-SHA256",
"0x6A": "DHE-DSS-AES256-SHA256",
"0x6B": "DHE-RSA-AES256-SHA256",
"0x84": "CAMELLIA256-SHA",
"0x85": "DH-DSS-CAMELLIA256-SHA",
"0x86": "DH-RSA-CAMELLIA256-SHA",
"0x87": "DHE-DSS-CAMELLIA256-SHA",
"0x88": "DHE-RSA-CAMELLIA256-SHA",
"0x8A": "PSK-RC4-SHA",
"0x8B": "PSK-3DES-EDE-CBC-SHA",
"0x8C": "PSK-AES128-CBC-SHA",
"0x8D": "PSK-AES256-CBC-SHA",
"0x96": "SEED-SHA",
"0x97": "DH-DSS-SEED-SHA",
"0x98": "DH-RSA-SEED-SHA",
"0x99": "DHE-DSS-SEED-SHA",
"0x9A": "DHE-RSA-SEED-SHA",
"0x9C": "AES128-GCM-SHA256",
"0x9D": "AES256-GCM-SHA384",
"0x9E": "DHE-RSA-AES128-GCM-SHA256",
"0x9F": "DHE-RSA-AES256-GCM-SHA384",
"0xA0": "DH-RSA-AES128-GCM-SHA256",
"0xA1": "DH-RSA-AES256-GCM-SHA384",
"0xA2": "DHE-DSS-AES128-GCM-SHA256",
"0xA3": "DHE-DSS-AES256-GCM-SHA384",
"0xA4": "DH-DSS-AES128-GCM-SHA256",
"0xA5": "DH-DSS-AES256-GCM-SHA384",
"0xC002": "ECDH-ECDSA-RC4-SHA",
"0xC003": "ECDH-ECDSA-DES-CBC3-SHA",
"0xC004": "ECDH-ECDSA-AES128-SHA",
"0xC005": "ECDH-ECDSA-AES256-SHA",
"0xC007": "ECDHE-ECDSA-RC4-SHA",
"0xC008": "ECDHE-ECDSA-DES-CBC3-SHA",
"0xC009": "ECDHE-ECDSA-AES128-SHA",
"0xC00A": "ECDHE-ECDSA-AES256-SHA",
"0xC00C": "ECDH-RSA-RC4-SHA",
"0xC00D": "ECDH-RSA-DES-CBC3-SHA",
"0xC00E": "ECDH-RSA-AES128-SHA",
"0xC00F": "ECDH-RSA-AES256-SHA",
"0xC011": "ECDHE-RSA-RC4-SHA",
"0xC012": "ECDHE-RSA-DES-CBC3-SHA",
"0xC013": "ECDHE-RSA-AES128-SHA",
"0xC014": "ECDHE-RSA-AES256-SHA",
"0xC01A": "SRP-3DES-EDE-CBC-SHA",
"0xC01B": "SRP-RSA-3DES-EDE-CBC-SHA",
"0xC01C": "SRP-DSS-3DES-EDE-CBC-SHA",
"0xC01D": "SRP-AES-128-CBC-SHA",
"0xC01E": "SRP-RSA-AES-128-CBC-SHA",
"0xC01F": "SRP-DSS-AES-128-CBC-SHA",
"0xC020": "SRP-AES-256-CBC-SHA",
"0xC021": "SRP-RSA-AES-256-CBC-SHA",
"0xC022": "SRP-DSS-AES-256-CBC-SHA",
"0xC023": "ECDHE-ECDSA-AES128-SHA256",
"0xC024": "ECDHE-ECDSA-AES256-SHA384",
"0xC025": "ECDH-ECDSA-AES128-SHA256",
"0xC026": "ECDH-ECDSA-AES256-SHA384",
"0xC027": "ECDHE-RSA-AES128-SHA256",
"0xC028": "ECDHE-RSA-AES256-SHA384",
"0xC029": "ECDH-RSA-AES128-SHA256",
"0xC02A": "ECDH-RSA-AES256-SHA384",
"0xC02B": "ECDHE-ECDSA-AES128-GCM-SHA256",
"0xC02C": "ECDHE-ECDSA-AES256-GCM-SHA384",
"0xC02D": "ECDH-ECDSA-AES128-GCM-SHA256",
"0xC02E": "ECDH-ECDSA-AES256-GCM-SHA384",
"0xC02F": "ECDHE-RSA-AES128-GCM-SHA256",
"0xC030": "ECDHE-RSA-AES256-GCM-SHA384",
"0xC031": "ECDH-RSA-AES128-GCM-SHA256",
"0xC032": "ECDH-RSA-AES256-GCM-SHA384"
}

@ -26,6 +26,9 @@ Rails.application.routes.draw do
get ':id/refresh', action: :refresh, as: :refresh
end
root 'https#index'
get '/ciphers' => 'site#ciphers'
get 'ciphers' => 'site#ciphers'
get 'suite' => 'site#suite_index'
post 'suite' => 'site#suite'
root 'site#index'
post '/' => 'site#check'
end

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save