Browse Source

Don't check for supported curves if cipher not supported at all

new-scoring
aeris 2 years ago
parent
commit
0c3bda1467
1 changed files with 14 additions and 8 deletions
  1. 14
    8
      lib/cryptcheck/tls/server.rb

+ 14
- 8
lib/cryptcheck/tls/server.rb View File

@@ -343,18 +343,24 @@ module CryptCheck
343 343
 				@supported_ciphers = {}
344 344
 				EXISTING_METHODS.each do |method|
345 345
 					next unless SUPPORTED_METHODS.include? method and @prefered_ciphers[method]
346
+					supported_ciphers = []
347
+
346 348
 					available_ciphers = available_ciphers method
347
-					available_ciphers = available_ciphers.inject [] do |cs, c|
349
+					available_ciphers.each do |c|
348 350
 						cipher = Cipher.new method, c
349
-						if cipher.ecdhe?
350
-							c = SUPPORTED_CURVES.collect { |ec| [method, c.first, [ec]] }
351
-						else
352
-							c = [[method, c.first]]
351
+						supported = supported_cipher? method, c.first
352
+						if supported
353
+							if cipher.ecdhe?
354
+								SUPPORTED_CURVES.each do |curve|
355
+									supported = supported_cipher? method, c.first, [curve]
356
+									supported_ciphers << supported if supported
357
+								end
358
+							else
359
+								supported_ciphers << supported
360
+							end
353 361
 						end
354
-						cs + c
355 362
 					end
356 363
 
357
-					supported_ciphers = available_ciphers.collect { |c| supported_cipher? *c }.reject { |c| c.nil? }
358 364
 					Logger.info { '' } unless supported_ciphers.empty?
359 365
 					@supported_ciphers[method] = supported_ciphers
360 366
 				end
@@ -363,7 +369,7 @@ module CryptCheck
363 369
 			def check_fallback_scsv
364 370
 				@fallback_scsv = false
365 371
 
366
-				methods = @supported_ciphers.keys
372
+				methods = @prefered_ciphers.reject { |_, v| v.nil? }.keys
367 373
 				if methods.size > 1
368 374
 					# We will try to connect to the not better supported method
369 375
 					method = methods[1]

Loading…
Cancel
Save