|
|
|
|
@ -1,14 +1,10 @@ |
|
|
|
|
module CryptCheck |
|
|
|
|
module Tls |
|
|
|
|
class Grade |
|
|
|
|
attr_reader :server, :protocol_score, :key_exchange_score, :cipher_strengths_score, :score, :grade, :error, :danger, :warning, :success |
|
|
|
|
attr_reader :server, :score, :grade, :error, :danger, :warning, :success |
|
|
|
|
|
|
|
|
|
def initialize(server) |
|
|
|
|
@server = server |
|
|
|
|
calculate_protocol_score |
|
|
|
|
calculate_key_exchange_score |
|
|
|
|
calculate_cipher_strengths_score |
|
|
|
|
@score = @protocol_score*0.3 + @key_exchange_score*0.3 + @cipher_strengths_score*0.4 |
|
|
|
|
calculate_states |
|
|
|
|
calculate_grade |
|
|
|
|
end |
|
|
|
|
@ -24,11 +20,6 @@ module CryptCheck |
|
|
|
|
|
|
|
|
|
Logger.info { "Grade : #{self.grade.colorize color }" } |
|
|
|
|
Logger.info { '' } |
|
|
|
|
Logger.info { "Protocole : #{self.protocol_score} / 100" } |
|
|
|
|
Logger.info { "Key exchange : #{self.key_exchange_score} / 100" } |
|
|
|
|
Logger.info { "Ciphers strength : #{self.cipher_strengths_score} / 100" } |
|
|
|
|
Logger.info { "Overall score : #{self.score} / 100" } |
|
|
|
|
Logger.info { '' } |
|
|
|
|
Logger.info { "Errors : #{self.error.join(' ').colorize :red }" } unless self.error.empty? |
|
|
|
|
Logger.info { "Warnings : #{self.warning.join(' ').colorize :yellow }" } unless self.warning.empty? |
|
|
|
|
Logger.info { "Best practices : #{self.success.join(' ').colorize :green }" } unless self.success.empty? |
|
|
|
|
@ -45,7 +36,7 @@ module CryptCheck |
|
|
|
|
else 'A' |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
@grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048 |
|
|
|
|
@grade = [@grade, 'B'].max if !@server.tlsv1_2? or %i(error warning).include? @server.key.status |
|
|
|
|
@grade = [@grade, 'F'].max unless @error.empty? |
|
|
|
|
@grade = [@grade, 'F'].max unless @error.empty? |
|
|
|
|
|
|
|
|
|
@ -85,32 +76,6 @@ module CryptCheck |
|
|
|
|
def all_success |
|
|
|
|
ALL_SUCCESS |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
METHODS_SCORES = { SSLv2: 0, SSLv3: 20, TLSv1: 60, TLSv1_1: 80, TLSv1_2: 100 } |
|
|
|
|
def calculate_protocol_score |
|
|
|
|
@protocol_score = @server.supported_protocols.collect { |p| METHODS_SCORES[p] }.min |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
def calculate_key_exchange_score |
|
|
|
|
@key_exchange_score = case @server.key_size |
|
|
|
|
when 0 then 0 |
|
|
|
|
when 0...512 then 10 |
|
|
|
|
when 512...1024 then 20 |
|
|
|
|
when 1024...3072 then 50 |
|
|
|
|
when 3072...4096 then 90 |
|
|
|
|
else 100 |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
def calculate_cipher_strengths_score |
|
|
|
|
@cipher_strengths_score = case @server.cipher_size |
|
|
|
|
when 0 then 0 |
|
|
|
|
when 0...112 then 10 |
|
|
|
|
when 112...128 then 50 |
|
|
|
|
when 128...256 then 90 |
|
|
|
|
else 100 |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
