Переглянути джерело

User agents compatibility from cipher suite

master
Aeris 3 роки тому
джерело
коміт
018f2ba6f5

+ 1
- 0
app/views/application/_headers.erb Переглянути файл

@@ -10,6 +10,7 @@
10 10
 				<li><%= link_to 'SSH', ssh_path %></li>
11 11
 			</ul>
12 12
 			<ul class="nav navbar-nav navbar-right">
13
+				<li><%= link_to 'Cipher suite', suite_path %></li>
13 14
 				<li><%= link_to 'Ciphers', ciphers_path %></li>
14 15
 				<!--
15 16
 				<li class="dropdown">

+ 20
- 0
app/views/site/index.html.erb Переглянути файл

@@ -0,0 +1,20 @@
1
+<div id="check" class="container">
2
+	<div class="row">
3
+		<div class="col-sm-12">
4
+			<h1>Vérifier votre domaine</h1>
5
+			<%= form_tag root_path do %>
6
+				<div class="form-group">
7
+					<div class="col-sm-8">
8
+						<%= text_field_tag :host, nil, class: %i(form-control input-lg), placeholder: 'your-site.com' %>
9
+					</div>
10
+					<div class="col-sm-2">
11
+						<%= select_tag :type, options_for_select({'HTTPS' => :https, 'SMTP' => :smtp, 'XMPP' => :xmpp}), class: %i(form-control input-lg) %>
12
+					</div>
13
+					<div class="col-sm-2">
14
+						<%= submit_tag 'Test-moi !', class: %i(form-control btn btn-primary input-lg pull-right) %>
15
+					</div>
16
+				</div>
17
+			<% end %>
18
+		</div>
19
+	</div>
20
+</div>

+ 57
- 0
app/views/site/suite.html.erb Переглянути файл

@@ -0,0 +1,57 @@
1
+<div class="container">
2
+	<div class="row">
3
+		<div class="col-sm-12">
4
+			<h1>Cipher suite : <%= @suite %></h1>
5
+		</div>
6
+	</div>
7
+	<div class="row">
8
+		<table class="table-bordered table-condensed table-striped col-sm-12">
9
+			<thead>
10
+				<tr>
11
+					<th class="col-sm-4">Navigateur</th>
12
+					<th class="col-sm-8" colspan="3">Cipher</th>
13
+				</tr>
14
+			</thead>
15
+			<tbody>
16
+			<%
17
+			   iana_ciphers = Hash[@ciphers.collect { |c| [Rails.application.config.openssl_ciphers[c.name], c] }]
18
+			   Rails.application.config.user_agents_ciphers.each do |ua, support|
19
+				   cipher = (support['ciphers'].collect(&:first) & iana_ciphers.keys).first
20
+				   cipher = iana_ciphers[cipher] if cipher
21
+			%>
22
+				<tr>
23
+					<th><%= ua %></th>
24
+					<% if cipher %>
25
+					<td><%= cipher_name_label cipher %></td>
26
+					<td><%= cipher_size_label cipher %></td>
27
+					<td><%= cipher_labels cipher %></td>
28
+					<% else %>
29
+					<td colspan="3"><%= label('Non supporté', :error) %></td>
30
+					<% end %>
31
+				</tr>
32
+			<% end %>
33
+			</tbody>
34
+		</table>
35
+	</div>
36
+	<br/>
37
+	<div class="row">
38
+		<table class="table-bordered table-condensed table-striped col-sm-12">
39
+			<thead>
40
+			<tr>
41
+				<th class="col-sm-4">Algorithme</th>
42
+				<th class="col-sm-1">Taille</th>
43
+				<td class="col-sm-7"></td>
44
+			</tr>
45
+			</thead>
46
+			<tbody>
47
+			<% @ciphers.each do |cipher| %>
48
+				<tr>
49
+					<th><%= cipher_name_label cipher %></th>
50
+					<th><%= cipher_size_label cipher %></th>
51
+					<th><%= cipher_labels cipher %></th>
52
+				</tr>
53
+			<% end %>
54
+			</tbody>
55
+		</table>
56
+	</div>
57
+</div>

+ 17
- 0
app/views/site/suite_index.html.erb Переглянути файл

@@ -0,0 +1,17 @@
1
+<div id="check" class="container">
2
+	<div class="row">
3
+		<div class="col-sm-12">
4
+			<h1>Compatibilités des user agents</h1>
5
+			<%= form_tag suite_path do %>
6
+				<div class="form-group">
7
+					<div class="col-sm-10">
8
+						<%= text_field_tag :suite, nil, class: %i(form-control input-lg), placeholder: 'EECDH+AES' %>
9
+					</div>
10
+					<div class="col-sm-2">
11
+						<%= submit_tag 'Test-moi !', class: %i(form-control btn btn-primary input-lg pull-right) %>
12
+					</div>
13
+				</div>
14
+			<% end %>
15
+		</div>
16
+	</div>
17
+</div>

+ 33
- 0
bin/fetch_ssllabs_useragent Переглянути файл

@@ -0,0 +1,33 @@
1
+#!/usr/bin/env ruby
2
+require 'httparty'
3
+require 'nokogiri'
4
+require 'nokogiri-pretty'
5
+require 'open-uri'
6
+
7
+uas = Nokogiri::HTML open 'https://www.ssllabs.com/ssltest/clients.html'
8
+uas = Hash[uas.css('#multiTable > tr > td:first > a').collect do |ua|
9
+	ua_url = ua.attr :href
10
+	ua = Nokogiri::HTML open "https://www.ssllabs.com/ssltest/#{ua_url}"
11
+
12
+	name = ua.at_css('h1').text.sub('User Agent Capabilities:', '').strip
13
+	puts name
14
+
15
+	reports = ua.css '.reportTable'
16
+	protocols = Hash[reports[0].css('tr').collect do |protocol|
17
+		protocol, support = protocol.css 'td'
18
+		next if protocol.attr(:class) == 'tableHead'
19
+		protocol = protocol.text.sub("\xC2\xA0 INSECURE", '').strip
20
+		support = support.text == 'Yes'
21
+		[protocol, support]
22
+	end.reject &:nil?]
23
+
24
+	ciphers = Hash[reports[1].css('tr').collect do |cipher|
25
+		cipher, size = cipher.css 'td'
26
+		next if cipher.attr(:class) == 'tableHead' or size.nil?
27
+		cipher = /(.*) \(0x(.*)\).*/.match cipher.text
28
+		cipher = ["0x#{cipher[2].upcase.rjust(2, '0')}", cipher[1]]
29
+	end.reject &:nil?]
30
+
31
+	[name, { protocols: protocols, ciphers: ciphers }]
32
+end]
33
+File.write 'config/user-agent.json', JSON.pretty_generate(uas, {indent: "\t"})

+ 6
- 0
config/initializers/ciphers.rb Переглянути файл

@@ -0,0 +1,6 @@
1
+Rails.application.config.tap do |config|
2
+	config.openssl_ciphers = JSON.parse File.read 'config/openssl-ciphers.json'
3
+	config.openssl_ciphers.merge! config.openssl_ciphers.invert
4
+
5
+	config.user_agents_ciphers = JSON.parse File.read 'config/user-agents-ciphers.json'
6
+end

+ 104
- 0
config/openssl-ciphers.json Переглянути файл

@@ -0,0 +1,104 @@
1
+{
2
+	"0x04": "RC4-MD5",
3
+	"0x05": "RC4-SHA",
4
+	"0x09": "DES-CBC-SHA",
5
+	"0x0A": "DES-CBC3-SHA",
6
+	"0x0C": "DH-DSS-DES-CBC-SHA",
7
+	"0x0D": "DH-DSS-DES-CBC3-SHA",
8
+	"0x0F": "DH-RSA-DES-CBC-SHA",
9
+	"0x10": "DH-RSA-DES-CBC3-SHA",
10
+	"0x12": "EDH-DSS-DES-CBC-SHA",
11
+	"0x13": "EDH-DSS-DES-CBC3-SHA",
12
+	"0x15": "EDH-RSA-DES-CBC-SHA",
13
+	"0x16": "EDH-RSA-DES-CBC3-SHA",
14
+	"0x2F": "AES128-SHA",
15
+	"0x30": "DH-DSS-AES128-SHA",
16
+	"0x31": "DH-RSA-AES128-SHA",
17
+	"0x32": "DHE-DSS-AES128-SHA",
18
+	"0x33": "DHE-RSA-AES128-SHA",
19
+	"0x35": "AES256-SHA",
20
+	"0x36": "DH-DSS-AES256-SHA",
21
+	"0x37": "DH-RSA-AES256-SHA",
22
+	"0x38": "DHE-DSS-AES256-SHA",
23
+	"0x39": "DHE-RSA-AES256-SHA",
24
+	"0x3C": "AES128-SHA256",
25
+	"0x3D": "AES256-SHA256",
26
+	"0x3E": "DH-DSS-AES128-SHA256",
27
+	"0x3F": "DH-RSA-AES128-SHA256",
28
+	"0x40": "DHE-DSS-AES128-SHA256",
29
+	"0x41": "CAMELLIA128-SHA",
30
+	"0x42": "DH-DSS-CAMELLIA128-SHA",
31
+	"0x43": "DH-RSA-CAMELLIA128-SHA",
32
+	"0x44": "DHE-DSS-CAMELLIA128-SHA",
33
+	"0x45": "DHE-RSA-CAMELLIA128-SHA",
34
+	"0x67": "DHE-RSA-AES128-SHA256",
35
+	"0x68": "DH-DSS-AES256-SHA256",
36
+	"0x69": "DH-RSA-AES256-SHA256",
37
+	"0x6A": "DHE-DSS-AES256-SHA256",
38
+	"0x6B": "DHE-RSA-AES256-SHA256",
39
+	"0x84": "CAMELLIA256-SHA",
40
+	"0x85": "DH-DSS-CAMELLIA256-SHA",
41
+	"0x86": "DH-RSA-CAMELLIA256-SHA",
42
+	"0x87": "DHE-DSS-CAMELLIA256-SHA",
43
+	"0x88": "DHE-RSA-CAMELLIA256-SHA",
44
+	"0x8A": "PSK-RC4-SHA",
45
+	"0x8B": "PSK-3DES-EDE-CBC-SHA",
46
+	"0x8C": "PSK-AES128-CBC-SHA",
47
+	"0x8D": "PSK-AES256-CBC-SHA",
48
+	"0x96": "SEED-SHA",
49
+	"0x97": "DH-DSS-SEED-SHA",
50
+	"0x98": "DH-RSA-SEED-SHA",
51
+	"0x99": "DHE-DSS-SEED-SHA",
52
+	"0x9A": "DHE-RSA-SEED-SHA",
53
+	"0x9C": "AES128-GCM-SHA256",
54
+	"0x9D": "AES256-GCM-SHA384",
55
+	"0x9E": "DHE-RSA-AES128-GCM-SHA256",
56
+	"0x9F": "DHE-RSA-AES256-GCM-SHA384",
57
+	"0xA0": "DH-RSA-AES128-GCM-SHA256",
58
+	"0xA1": "DH-RSA-AES256-GCM-SHA384",
59
+	"0xA2": "DHE-DSS-AES128-GCM-SHA256",
60
+	"0xA3": "DHE-DSS-AES256-GCM-SHA384",
61
+	"0xA4": "DH-DSS-AES128-GCM-SHA256",
62
+	"0xA5": "DH-DSS-AES256-GCM-SHA384",
63
+	"0xC002": "ECDH-ECDSA-RC4-SHA",
64
+	"0xC003": "ECDH-ECDSA-DES-CBC3-SHA",
65
+	"0xC004": "ECDH-ECDSA-AES128-SHA",
66
+	"0xC005": "ECDH-ECDSA-AES256-SHA",
67
+	"0xC007": "ECDHE-ECDSA-RC4-SHA",
68
+	"0xC008": "ECDHE-ECDSA-DES-CBC3-SHA",
69
+	"0xC009": "ECDHE-ECDSA-AES128-SHA",
70
+	"0xC00A": "ECDHE-ECDSA-AES256-SHA",
71
+	"0xC00C": "ECDH-RSA-RC4-SHA",
72
+	"0xC00D": "ECDH-RSA-DES-CBC3-SHA",
73
+	"0xC00E": "ECDH-RSA-AES128-SHA",
74
+	"0xC00F": "ECDH-RSA-AES256-SHA",
75
+	"0xC011": "ECDHE-RSA-RC4-SHA",
76
+	"0xC012": "ECDHE-RSA-DES-CBC3-SHA",
77
+	"0xC013": "ECDHE-RSA-AES128-SHA",
78
+	"0xC014": "ECDHE-RSA-AES256-SHA",
79
+	"0xC01A": "SRP-3DES-EDE-CBC-SHA",
80
+	"0xC01B": "SRP-RSA-3DES-EDE-CBC-SHA",
81
+	"0xC01C": "SRP-DSS-3DES-EDE-CBC-SHA",
82
+	"0xC01D": "SRP-AES-128-CBC-SHA",
83
+	"0xC01E": "SRP-RSA-AES-128-CBC-SHA",
84
+	"0xC01F": "SRP-DSS-AES-128-CBC-SHA",
85
+	"0xC020": "SRP-AES-256-CBC-SHA",
86
+	"0xC021": "SRP-RSA-AES-256-CBC-SHA",
87
+	"0xC022": "SRP-DSS-AES-256-CBC-SHA",
88
+	"0xC023": "ECDHE-ECDSA-AES128-SHA256",
89
+	"0xC024": "ECDHE-ECDSA-AES256-SHA384",
90
+	"0xC025": "ECDH-ECDSA-AES128-SHA256",
91
+	"0xC026": "ECDH-ECDSA-AES256-SHA384",
92
+	"0xC027": "ECDHE-RSA-AES128-SHA256",
93
+	"0xC028": "ECDHE-RSA-AES256-SHA384",
94
+	"0xC029": "ECDH-RSA-AES128-SHA256",
95
+	"0xC02A": "ECDH-RSA-AES256-SHA384",
96
+	"0xC02B": "ECDHE-ECDSA-AES128-GCM-SHA256",
97
+	"0xC02C": "ECDHE-ECDSA-AES256-GCM-SHA384",
98
+	"0xC02D": "ECDH-ECDSA-AES128-GCM-SHA256",
99
+	"0xC02E": "ECDH-ECDSA-AES256-GCM-SHA384",
100
+	"0xC02F": "ECDHE-RSA-AES128-GCM-SHA256",
101
+	"0xC030": "ECDHE-RSA-AES256-GCM-SHA384",
102
+	"0xC031": "ECDH-RSA-AES128-GCM-SHA256",
103
+	"0xC032": "ECDH-RSA-AES256-GCM-SHA384"
104
+}

+ 5
- 2
config/routes.rb Переглянути файл

@@ -26,6 +26,9 @@ Rails.application.routes.draw do
26 26
 		get ':id/refresh', action: :refresh, as: :refresh
27 27
 	end
28 28
 
29
-	root 'https#index'
30
-	get '/ciphers' => 'site#ciphers'
29
+	get 'ciphers' => 'site#ciphers'
30
+	get 'suite' => 'site#suite_index'
31
+	post 'suite' => 'site#suite'
32
+	root 'site#index'
33
+	post '/' => 'site#check'
31 34
 end

+ 1839
- 0
config/user-agents-ciphers.json
Різницю між файлами не показано, бо вона завелика
Переглянути файл


Завантаження…
Відмінити
Зберегти