Browse Source

3DES is error (sweet32)

new-scoring
aeris 3 years ago
parent
commit
d043c3db4e

+ 2
- 2
lib/cryptcheck/tls/cipher.rb View File

@@ -85,8 +85,8 @@ module CryptCheck
{
success: %i(pfs).select { |n| ok.call n },
warning: %i().select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des rc2 rc4).select { |n| ok.call n }
danger: %i().select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des des3 rc2 rc4 idea).select { |n| ok.call n }
}
end


+ 13
- 10
lib/cryptcheck/tls/grade.rb View File

@@ -46,7 +46,7 @@ module CryptCheck
end

@grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
@grade = [@grade, 'C'].max if @server.des3?
@grade = [@grade, 'F'].max unless @error.empty?
@grade = [@grade, 'F'].max unless @error.empty?

@grade = 'M' unless @server.cert_valid
@@ -58,27 +58,30 @@ module CryptCheck
def calculate_states
ok = Proc.new { |n| @server.send "#{n}?" }
state = {
success: %i().select { |n| ok.call n },
warning: %i(sha1_sig).select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(md5_sig md5 sslv2 sslv3 anonymous dss null export des rc4).select { |n| ok.call n }
success: all_success.select { |n| ok.call n },
warning: all_warning.select { |n| ok.call n },
danger: all_danger.select { |n| ok.call n },
error: all_error.select { |n| ok.call n }
}
state[:success] << :pfs if @server.pfs_only?

@success, @warning, @danger, @error = state[:success], state[:warning], state[:danger], state[:error]
end

ALL_ERROR = %i(md5_sig md5 anonymous dss null export des rc4)
ALL_ERROR = %i(md5_sig md5 anonymous dss null export des des3 rc4)
def all_error
ALL_ERROR
end

ALL_WARNING = %i(sha1_sig des3)
ALL_DANGER = %i()
def all_danger
ALL_DANGER
end

ALL_WARNING = %i(sha1_sig)
def all_warning
ALL_WARNING
end

ALL_SUCCESS = %i(pfs)
ALL_SUCCESS = %i(pfs_only)
def all_success
ALL_SUCCESS
end

+ 0
- 7
lib/cryptcheck/tls/https/grade.rb View File

@@ -2,13 +2,6 @@ module CryptCheck
module Tls
module Https
class Grade < Tls::Grade
private
def calculate_states
super
@success << :hsts if @server.hsts?
@success << :hsts_long if @server.hsts_long?
end

def all_success
super + %i(hsts hsts_long)
end

+ 0
- 5
lib/cryptcheck/tls/xmpp/grade.rb View File

@@ -2,11 +2,6 @@ module CryptCheck
module Tls
module Xmpp
class Grade < Tls::Grade
def calculate_states
super
@success << :required if @server.required?
end

def all_success
super + %i(required)
end

+ 11
- 11
output/https.erb View File

@@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>

<td class="info">PFS</td>
<td class="info">HSTS</td>
@@ -89,7 +89,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end
%>
@@ -136,13 +136,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>

<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@@ -171,8 +171,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>

<td class="info">PFS</td>
<td class="info">HSTS</td>

+ 11
- 11
output/smtp.erb View File

@@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>

<td class="info">PFS</td>
</tr>
@@ -88,7 +88,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end
%>
@@ -138,13 +138,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>

<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@@ -169,8 +169,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>

<td class="info">PFS</td>
</tr>

+ 11
- 11
output/xmpp.erb View File

@@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>

<td class="info">PFS</td>
<td class="success">Required</td>
@@ -88,7 +88,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end %>
<td class="<%= rank_color %>">
@@ -134,13 +134,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>

<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@@ -174,8 +174,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="danger">DES/3DES</td>

<td class="info">PFS</td>
<td class="success">Required</td>

Loading…
Cancel
Save