Don’t fail all check if HSTS fail

2015-09-09 21:37:32 +02:00 · 2015-09-09 21:37:32 +02:00 · 4b680c6eec
parent f75af5a736
commit 4b680c6eec
1 changed files with 8 additions and 2 deletions
--- a/lib/cryptcheck/tls/https/server.rb
+++ b/lib/cryptcheck/tls/https/server.rb
@ -15,7 +15,13 @@ module CryptCheck
 					port = @port == 443 ? '' : ":#{@port}"

 					begin
-						response = ::HTTParty.head "https://#{@hostname}#{port}/", { follow_redirects: false, verify: false, timeout: SSL_TIMEOUT }
+						response = ::HTTParty.head "https://#{@hostname}#{port}/",
+												   {
+														   follow_redirects: false,
+														   verify:           false,
+														   timeout:          SSL_TIMEOUT,
+														   ssl_version:      self.supported_protocols.first
+												   }
 						if header = response.headers['strict-transport-security']
 							name, value = header.split '='
 							if name == 'max-age'
@ -24,7 +30,7 @@ module CryptCheck
 								return
 							end
 						end
-					rescue ::Net::OpenTimeout
+					rescue
 					end

 					Logger.info { 'No HSTS'.colorize :yellow }