aeris
/
cryptcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

3DES is error (sweet32)

Browse Source
new-scoring
aeris 7 years ago
parent adda7570ad
commit d043c3db4e
7 changed files with 48 additions and 57 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      lib/cryptcheck/tls/cipher.rb
  2. 23
      lib/cryptcheck/tls/grade.rb
  3. 7
      lib/cryptcheck/tls/https/grade.rb
  4. 5
      lib/cryptcheck/tls/xmpp/grade.rb
  5. 22
      output/https.erb
  6. 22
      output/smtp.erb
  7. 22
      output/xmpp.erb

4
lib/cryptcheck/tls/cipher.rb
Unescape View File

@ -85,8 +85,8 @@ module CryptCheck
{
success: %i(pfs).select { |n| ok.call n },
warning: %i().select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des rc2 rc4).select { |n| ok.call n }
danger: %i().select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des des3 rc2 rc4 idea).select { |n| ok.call n }
}
end

23
lib/cryptcheck/tls/grade.rb
Unescape View File

@ -46,7 +46,7 @@ module CryptCheck
end
@grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
@grade = [@grade, 'C'].max if @server.des3?
@grade = [@grade, 'F'].max unless @error.empty?
@grade = [@grade, 'F'].max unless @error.empty?
@grade = 'M' unless @server.cert_valid
@ -58,27 +58,30 @@ module CryptCheck
def calculate_states
ok = Proc.new { |n| @server.send "#{n}?" }
state = {
success: %i().select { |n| ok.call n },
warning: %i(sha1_sig).select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(md5_sig md5 sslv2 sslv3 anonymous dss null export des rc4).select { |n| ok.call n }
success: all_success.select { |n| ok.call n },
warning: all_warning.select { |n| ok.call n },
danger: all_danger.select { |n| ok.call n },
error: all_error.select { |n| ok.call n }
}
state[:success] << :pfs if @server.pfs_only?
@success, @warning, @danger, @error = state[:success], state[:warning], state[:danger], state[:error]
end
ALL_ERROR = %i(md5_sig md5 anonymous dss null export des rc4)
ALL_ERROR = %i(md5_sig md5 anonymous dss null export des des3 rc4)
def all_error
ALL_ERROR
end
ALL_WARNING = %i(sha1_sig des3)
ALL_DANGER = %i()
def all_danger
ALL_DANGER
end
ALL_WARNING = %i(sha1_sig)
def all_warning
ALL_WARNING
end
ALL_SUCCESS = %i(pfs)
ALL_SUCCESS = %i(pfs_only)
def all_success
ALL_SUCCESS
end

7
lib/cryptcheck/tls/https/grade.rb
Unescape View File

@ -2,13 +2,6 @@ module CryptCheck
module Tls
module Https
class Grade < Tls::Grade
private
def calculate_states
super
@success << :hsts if @server.hsts?
@success << :hsts_long if @server.hsts_long?
end
def all_success
super + %i(hsts hsts_long)
end

5
lib/cryptcheck/tls/xmpp/grade.rb
Unescape View File

@ -2,11 +2,6 @@ module CryptCheck
module Tls
module Xmpp
class Grade < Tls::Grade
def calculate_states
super
@success << :required if @server.required?
end
def all_success
super + %i(required)
end

22
output/https.erb
Unescape View File

@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
<td class="info">HSTS</td>
@ -89,7 +89,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end
%>
@ -136,13 +136,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@ -171,8 +171,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
<td class="info">HSTS</td>

22
output/smtp.erb
Unescape View File

@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
</tr>
@ -88,7 +88,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end
%>
@ -138,13 +138,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@ -169,8 +169,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
</tr>

22
output/xmpp.erb
Unescape View File

@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
<td class="success">Required</td>
@ -88,7 +88,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end %>
<td class="<%= rank_color %>">
@ -134,13 +134,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@ -174,8 +174,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="danger">DES/3DES</td>
<td class="info">PFS</td>
<td class="success">Required</td>

Write Preview
Loading…
Cancel
Save