Explorar el Código

Manage SSLv2

new-scoring
aeris hace 2 años
padre
commit
318356c9ec
Se han modificado 3 ficheros con 32 adiciones y 13 borrados
  1. 1
    0
      .gitignore
  2. 6
    0
      Gemfile
  3. 25
    13
      spec/helpers.rb

+ 1
- 0
.gitignore Ver fichero

@@ -4,6 +4,7 @@
4 4
 .rakeTasks
5 5
 .idea/
6 6
 /build/
7
+/coverage/
7 8
 /db/*.sqlite3
8 9
 /db/schema.rb
9 10
 /output/*.html

+ 6
- 0
Gemfile Ver fichero

@@ -1,2 +1,8 @@
1 1
 source 'https://rubygems.org'
2
+
2 3
 gemspec
4
+
5
+group :test do
6
+	gem 'simplecov', require: false
7
+end
8
+

+ 25
- 13
spec/helpers.rb Ver fichero

@@ -5,11 +5,16 @@ Bundler.require :default, :development
5 5
 require 'cryptcheck'
6 6
 Dir['./spec/**/support/**/*.rb'].sort.each { |f| require f }
7 7
 
8
+require 'simplecov'
9
+SimpleCov.start do
10
+	add_filter 'spec/'
11
+end
12
+
8 13
 CryptCheck::Logger.level = ENV['LOG'] || :none
9 14
 
10 15
 module Helpers
11 16
 	DEFAULT_METHODS  = %i(TLSv1_2)
12
-	DEFAULT_CIPHERS  = %i(ECDHE+AES)
17
+	DEFAULT_CIPHERS  = %i(ECDHE-ECDSA-AES128-GCM-SHA256)
13 18
 	DEFAULT_CURVES   = %i(prime256v1)
14 19
 	DEFAULT_DH       = [:rsa, 4096]
15 20
 	DEFAULT_MATERIAL = [[:ecdsa, :prime256v1]]
@@ -39,7 +44,7 @@ module Helpers
39 44
 		OpenSSL::PKey::DH.new File.read "spec/resources/dh-#{name}.pem"
40 45
 	end
41 46
 
42
-	def serv(server, process, &block)
47
+	def serv(server, process)
43 48
 		IO.pipe do |stop_pipe_r, stop_pipe_w|
44 49
 			threads = []
45 50
 
@@ -68,7 +73,7 @@ module Helpers
68 73
 
69 74
 			mutex.synchronize { started.wait mutex }
70 75
 			begin
71
-				block.call if block
76
+				yield if block_given?
72 77
 			ensure
73 78
 				stop_pipe_w.close
74 79
 				threads.each &:join
@@ -79,22 +84,29 @@ module Helpers
79 84
 	def context(certs, keys, chain=[],
80 85
 				methods: DEFAULT_METHODS, ciphers: DEFAULT_CIPHERS,
81 86
 				dh:, curves: DEFAULT_CURVES, server_preference: true)
82
-		context         = OpenSSL::SSL::SSLContext.new
83
-
84
-		context.options |= OpenSSL::SSL::OP_NO_SSLv2 unless methods.include? :SSLv2
85
-		context.options |= OpenSSL::SSL::OP_NO_SSLv3 unless methods.include? :SSLv3
86
-		context.options |= OpenSSL::SSL::OP_NO_TLSv1 unless methods.include? :TLSv1
87
-		context.options |= OpenSSL::SSL::OP_NO_TLSv1_1 unless methods.include? :TLSv1_1
88
-		context.options |= OpenSSL::SSL::OP_NO_TLSv1_2 unless methods.include? :TLSv1_2
87
+		# Can't find a way to support SSLv2 with others
88
+		context         = if methods == :SSLv2
89
+							  OpenSSL::SSL::SSLContext.new :SSLv2
90
+						  else
91
+							  context = OpenSSL::SSL::SSLContext.new
92
+							  context.options |= OpenSSL::SSL::OP_NO_SSLv2 unless methods.include? :SSLv2
93
+							  context.options |= OpenSSL::SSL::OP_NO_SSLv3 unless methods.include? :SSLv3
94
+							  context.options |= OpenSSL::SSL::OP_NO_TLSv1 unless methods.include? :TLSv1
95
+							  context.options |= OpenSSL::SSL::OP_NO_TLSv1_1 unless methods.include? :TLSv1_1
96
+							  context.options |= OpenSSL::SSL::OP_NO_TLSv1_2 unless methods.include? :TLSv1_2
97
+							  context
98
+						  end
89 99
 		context.options |= OpenSSL::SSL::OP_CIPHER_SERVER_PREFERENCE if server_preference
90 100
 
91 101
 		context.certs            = certs
92 102
 		context.keys             = keys
93
-		context.extra_chain_cert = chain if chain
103
+		context.extra_chain_cert = chain unless chain.empty?
94 104
 
95 105
 		context.ciphers         = ciphers.join ':'
96
-		context.tmp_dh_callback = proc { dh } if dh
97
-		context.ecdh_curves     = curves.join ':' if curves
106
+		if methods != :SSLv2
107
+			context.tmp_dh_callback = proc { dh } if dh
108
+			context.ecdh_curves     = curves.join ':' if curves
109
+		end
98 110
 
99 111
 		context
100 112
 	end

Loading…
Cancelar
Guardar