Browse Source

Don't check for supported curves if cipher not supported at all

new-scoring
aeris 2 years ago
parent
commit
0c3bda1467
1 changed files with 14 additions and 8 deletions
  1. 14
    8
      lib/cryptcheck/tls/server.rb

+ 14
- 8
lib/cryptcheck/tls/server.rb View File

@@ -343,18 +343,24 @@ module CryptCheck
@supported_ciphers = {}
EXISTING_METHODS.each do |method|
next unless SUPPORTED_METHODS.include? method and @prefered_ciphers[method]
supported_ciphers = []

available_ciphers = available_ciphers method
available_ciphers = available_ciphers.inject [] do |cs, c|
available_ciphers.each do |c|
cipher = Cipher.new method, c
if cipher.ecdhe?
c = SUPPORTED_CURVES.collect { |ec| [method, c.first, [ec]] }
else
c = [[method, c.first]]
supported = supported_cipher? method, c.first
if supported
if cipher.ecdhe?
SUPPORTED_CURVES.each do |curve|
supported = supported_cipher? method, c.first, [curve]
supported_ciphers << supported if supported
end
else
supported_ciphers << supported
end
end
cs + c
end

supported_ciphers = available_ciphers.collect { |c| supported_cipher? *c }.reject { |c| c.nil? }
Logger.info { '' } unless supported_ciphers.empty?
@supported_ciphers[method] = supported_ciphers
end
@@ -363,7 +369,7 @@ module CryptCheck
def check_fallback_scsv
@fallback_scsv = false

methods = @supported_ciphers.keys
methods = @prefered_ciphers.reject { |_, v| v.nil? }.keys
if methods.size > 1
# We will try to connect to the not better supported method
method = methods[1]

Loading…
Cancel
Save