Browse Source

Refactor FALLBACK_SCSV

new-scoring
aeris 5 years ago
parent
commit
bd67ce8347
  1. 9
      lib/cryptcheck/tls/server.rb

9
lib/cryptcheck/tls/server.rb

@ -259,10 +259,9 @@ module CryptCheck
sect283r1 secp384r1 sect409k1 sect409r1 secp521r1 sect571k1
sect571r1 X25519)
def ssl_client(method, ciphers = nil, curves = nil, fallback: false, &block)
ssl_context = ::OpenSSL::SSL::SSLContext.new method
ssl_context.enable_fallback_scsv if fallback
ssl_context.ciphers = ciphers.join ':' if ciphers
def ssl_client(method, ciphers = %w(ALL COMPLEMENTOFALL), curves = nil, fallback: false, &block)
ssl_context = ::OpenSSL::SSL::SSLContext.new method, fallback_scsv: fallback
ssl_context.ciphers = ciphers.join ':'
ssl_context.ecdh_curves = curves.join ':' if curves
#ssl_context.ecdh_auto = false
@ -295,7 +294,7 @@ module CryptCheck
end
def prefered_cipher(method)
cipher = ssl_client(method, %w(ALL COMPLEMENTOFALL)) { |s| Cipher.new method, s.cipher, s.tmp_key }
cipher = ssl_client(method) { |s| Cipher.new method, s.cipher, s.tmp_key }
Logger.info { "Prefered cipher for #{Tls.colorize method} : #{cipher.colorize}" }
cipher
rescue => e

Loading…
Cancel
Save