Browse Source

3DES is error (sweet32)

master
aeris 2 years ago
parent
commit
d043c3db4e

+ 2
- 2
lib/cryptcheck/tls/cipher.rb View File

@@ -85,8 +85,8 @@ module CryptCheck
85 85
 				{
86 86
 						success: %i(pfs).select { |n| ok.call n },
87 87
 						warning: %i().select { |n| ok.call n },
88
-						danger:  %i(des3).select { |n| ok.call n },
89
-						error:   %i(dss md5 psk srp anonymous null export des rc2 rc4).select { |n| ok.call n }
88
+						danger:  %i().select { |n| ok.call n },
89
+						error:   %i(dss md5 psk srp anonymous null export des des3 rc2 rc4 idea).select { |n| ok.call n }
90 90
 				}
91 91
 			end
92 92
 

+ 13
- 10
lib/cryptcheck/tls/grade.rb View File

@@ -46,7 +46,7 @@ module CryptCheck
46 46
 						 end
47 47
 
48 48
 				@grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
49
-				@grade = [@grade, 'C'].max if @server.des3?
49
+				@grade = [@grade, 'F'].max unless @error.empty?
50 50
 				@grade = [@grade, 'F'].max unless @error.empty?
51 51
 
52 52
 				@grade = 'M' unless @server.cert_valid
@@ -58,27 +58,30 @@ module CryptCheck
58 58
 			def calculate_states
59 59
 				ok = Proc.new { |n| @server.send "#{n}?" }
60 60
 				state = {
61
-						success: %i().select { |n| ok.call n },
62
-						warning: %i(sha1_sig).select { |n| ok.call n },
63
-						danger:  %i(des3).select { |n| ok.call n },
64
-						error:   %i(md5_sig md5 sslv2 sslv3 anonymous dss null export des rc4).select { |n| ok.call n }
61
+						success: all_success.select { |n| ok.call n },
62
+						warning: all_warning.select { |n| ok.call n },
63
+						danger:  all_danger.select { |n| ok.call n },
64
+						error:   all_error.select { |n| ok.call n }
65 65
 				}
66
-				state[:success] << :pfs if @server.pfs_only?
67
-
68 66
 				@success, @warning, @danger, @error = state[:success], state[:warning], state[:danger], state[:error]
69 67
 			end
70 68
 
71
-			ALL_ERROR = %i(md5_sig md5 anonymous dss null export des rc4)
69
+			ALL_ERROR = %i(md5_sig md5 anonymous dss null export des des3 rc4)
72 70
 			def all_error
73 71
 				ALL_ERROR
74 72
 			end
75 73
 
76
-			ALL_WARNING = %i(sha1_sig des3)
74
+			ALL_DANGER = %i()
75
+			def all_danger
76
+				ALL_DANGER
77
+			end
78
+
79
+			ALL_WARNING = %i(sha1_sig)
77 80
 			def all_warning
78 81
 				ALL_WARNING
79 82
 			end
80 83
 
81
-			ALL_SUCCESS = %i(pfs)
84
+			ALL_SUCCESS = %i(pfs_only)
82 85
 			def all_success
83 86
 				ALL_SUCCESS
84 87
 			end

+ 0
- 7
lib/cryptcheck/tls/https/grade.rb View File

@@ -2,13 +2,6 @@ module CryptCheck
2 2
 	module Tls
3 3
 		module Https
4 4
 			class Grade < Tls::Grade
5
-				private
6
-				def calculate_states
7
-					super
8
-					@success << :hsts if @server.hsts?
9
-					@success << :hsts_long if @server.hsts_long?
10
-				end
11
-
12 5
 				def all_success
13 6
 					super + %i(hsts hsts_long)
14 7
 				end

+ 0
- 5
lib/cryptcheck/tls/xmpp/grade.rb View File

@@ -2,11 +2,6 @@ module CryptCheck
2 2
 	module Tls
3 3
 		module Xmpp
4 4
 			class Grade < Tls::Grade
5
-				def calculate_states
6
-					super
7
-					@success << :required if @server.required?
8
-				end
9
-
10 5
 				def all_success
11 6
 					super + %i(required)
12 7
 				end

+ 11
- 11
output/https.erb View File

@@ -66,8 +66,8 @@
66 66
 								<td>Strength (bits)</td>
67 67
 								<td class="critical">MD5</td>
68 68
 								<td class="warning">SHA1</td>
69
-								<td class="critical">DES/RC4</td>
70
-								<td class="danger">3DES</td>
69
+								<td class="critical">RC4</td>
70
+								<td class="critical">DES/3DES</td>
71 71
 
72 72
 								<td class="info">PFS</td>
73 73
 								<td class="info">HSTS</td>
@@ -89,7 +89,7 @@
89 89
 											when 'A+' then :info
90 90
 											when 'A', 'A-' then :success
91 91
 											when 'B', 'C' then :warning
92
-											when 'T', 'M' then :critical
92
+											when 'F', 'T', 'M' then :critical
93 93
 											else :danger
94 94
 										end
95 95
 								%>
@@ -136,13 +136,13 @@
136 136
 									<%= s.sha1? ? '✓' : '✗' %>
137 137
 									<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
138 138
 								</td>
139
-								<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
140
-									<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
141
-									<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
139
+								<td class="<%= s.rc4? ? :critical : :success %>">
140
+									<%= s.rc4? ? '✓' : '✗' %>
141
+									<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
142 142
 								</td>
143
-								<td class="<%= s.des3? ? :danger : :success %>">
144
-									<%= s.des3? ? '✓' : '✗' %>
145
-									<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
143
+								<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
144
+									<%= (s.des? or s.des3?) ? '✓' : '✗' %>
145
+									<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
146 146
 								</td>
147 147
 
148 148
 								<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@@ -171,8 +171,8 @@
171 171
 								<td>Strength (bits)</td>
172 172
 								<td class="critical">MD5</td>
173 173
 								<td class="warning">SHA1</td>
174
-								<td class="critical">DES/RC4</td>
175
-								<td class="danger">3DES</td>
174
+								<td class="critical">RC4</td>
175
+								<td class="critical">DES/3DES</td>
176 176
 
177 177
 								<td class="info">PFS</td>
178 178
 								<td class="info">HSTS</td>

+ 11
- 11
output/smtp.erb View File

@@ -66,8 +66,8 @@
66 66
 								<td>Strength (bits)</td>
67 67
 								<td class="critical">MD5</td>
68 68
 								<td class="warning">SHA1</td>
69
-								<td class="critical">DES/RC4</td>
70
-								<td class="danger">3DES</td>
69
+								<td class="critical">RC4</td>
70
+								<td class="critical">DES/3DES</td>
71 71
 
72 72
 								<td class="info">PFS</td>
73 73
 							</tr>
@@ -88,7 +88,7 @@
88 88
 											when 'A+' then :info
89 89
 											when 'A', 'A-' then :success
90 90
 											when 'B', 'C' then :warning
91
-											when 'T', 'M' then :critical
91
+											when 'F', 'T', 'M' then :critical
92 92
 											else :danger
93 93
 										end
94 94
 								%>
@@ -138,13 +138,13 @@
138 138
 									<%= s.sha1? ? '✓' : '✗' %>
139 139
 									<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
140 140
 								</td>
141
-								<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
142
-									<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
143
-									<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
141
+								<td class="<%= s.rc4? ? :critical : :success %>">
142
+									<%= s.rc4? ? '✓' : '✗' %>
143
+									<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
144 144
 								</td>
145
-								<td class="<%= s.des3? ? :danger : :success %>">
146
-									<%= s.des3? ? '✓' : '✗' %>
147
-									<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
145
+								<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
146
+									<%= (s.des? or s.des3?) ? '✓' : '✗' %>
147
+									<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
148 148
 								</td>
149 149
 
150 150
 								<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@@ -169,8 +169,8 @@
169 169
 								<td>Strength (bits)</td>
170 170
 								<td class="critical">MD5</td>
171 171
 								<td class="warning">SHA1</td>
172
-								<td class="critical">DES/RC4</td>
173
-								<td class="danger">3DES</td>
172
+								<td class="critical">RC4</td>
173
+								<td class="critical">DES/3DES</td>
174 174
 
175 175
 								<td class="info">PFS</td>
176 176
 							</tr>

+ 11
- 11
output/xmpp.erb View File

@@ -66,8 +66,8 @@
66 66
 								<td>Strength (bits)</td>
67 67
 								<td class="critical">MD5</td>
68 68
 								<td class="warning">SHA1</td>
69
-								<td class="critical">DES/RC4</td>
70
-								<td class="danger">3DES</td>
69
+								<td class="critical">RC4</td>
70
+								<td class="critical">DES/3DES</td>
71 71
 
72 72
 								<td class="info">PFS</td>
73 73
 								<td class="success">Required</td>
@@ -88,7 +88,7 @@
88 88
 														when 'A+' then :info
89 89
 														when 'A', 'A-' then :success
90 90
 														when 'B', 'C' then :warning
91
-														when 'T', 'M' then :critical
91
+														when 'F', 'T', 'M' then :critical
92 92
 														else :danger
93 93
 													end %>
94 94
 									<td class="<%= rank_color %>">
@@ -134,13 +134,13 @@
134 134
 										<%= s.sha1? ? '✓' : '✗' %>
135 135
 										<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
136 136
 									</td>
137
-									<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
138
-										<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
139
-										<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
137
+									<td class="<%= s.rc4? ? :critical : :success %>">
138
+										<%= s.rc4? ? '✓' : '✗' %>
139
+										<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
140 140
 									</td>
141
-									<td class="<%= s.des3? ? :danger : :success %>">
142
-										<%= s.des3? ? '✓' : '✗' %>
143
-										<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
141
+									<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
142
+										<%= (s.des? or s.des3?) ? '✓' : '✗' %>
143
+										<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
144 144
 									</td>
145 145
 
146 146
 									<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@@ -174,8 +174,8 @@
174 174
 								<td>Strength (bits)</td>
175 175
 								<td class="critical">MD5</td>
176 176
 								<td class="warning">SHA1</td>
177
-								<td class="critical">DES/RC4</td>
178
-								<td class="danger">3DES</td>
177
+								<td class="critical">RC4</td>
178
+								<td class="danger">DES/3DES</td>
179 179
 
180 180
 								<td class="info">PFS</td>
181 181
 								<td class="success">Required</td>

Loading…
Cancel
Save