Browse Source

3DES is error (sweet32)

v1
aeris 6 years ago
parent
commit
d043c3db4e
  1. 4
      lib/cryptcheck/tls/cipher.rb
  2. 23
      lib/cryptcheck/tls/grade.rb
  3. 7
      lib/cryptcheck/tls/https/grade.rb
  4. 5
      lib/cryptcheck/tls/xmpp/grade.rb
  5. 22
      output/https.erb
  6. 22
      output/smtp.erb
  7. 22
      output/xmpp.erb

4
lib/cryptcheck/tls/cipher.rb

@ -85,8 +85,8 @@ module CryptCheck
{
success: %i(pfs).select { |n| ok.call n },
warning: %i().select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des rc2 rc4).select { |n| ok.call n }
danger: %i().select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des des3 rc2 rc4 idea).select { |n| ok.call n }
}
end

23
lib/cryptcheck/tls/grade.rb

@ -46,7 +46,7 @@ module CryptCheck
end
@grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
@grade = [@grade, 'C'].max if @server.des3?
@grade = [@grade, 'F'].max unless @error.empty?
@grade = [@grade, 'F'].max unless @error.empty?
@grade = 'M' unless @server.cert_valid
@ -58,27 +58,30 @@ module CryptCheck
def calculate_states
ok = Proc.new { |n| @server.send "#{n}?" }
state = {
success: %i().select { |n| ok.call n },
warning: %i(sha1_sig).select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(md5_sig md5 sslv2 sslv3 anonymous dss null export des rc4).select { |n| ok.call n }
success: all_success.select { |n| ok.call n },
warning: all_warning.select { |n| ok.call n },
danger: all_danger.select { |n| ok.call n },
error: all_error.select { |n| ok.call n }
}
state[:success] << :pfs if @server.pfs_only?
@success, @warning, @danger, @error = state[:success], state[:warning], state[:danger], state[:error]
end
ALL_ERROR = %i(md5_sig md5 anonymous dss null export des rc4)
ALL_ERROR = %i(md5_sig md5 anonymous dss null export des des3 rc4)
def all_error
ALL_ERROR
end
ALL_WARNING = %i(sha1_sig des3)
ALL_DANGER = %i()
def all_danger
ALL_DANGER
end
ALL_WARNING = %i(sha1_sig)
def all_warning
ALL_WARNING
end
ALL_SUCCESS = %i(pfs)
ALL_SUCCESS = %i(pfs_only)
def all_success
ALL_SUCCESS
end

7
lib/cryptcheck/tls/https/grade.rb

@ -2,13 +2,6 @@ module CryptCheck
module Tls
module Https
class Grade < Tls::Grade
private
def calculate_states
super
@success << :hsts if @server.hsts?
@success << :hsts_long if @server.hsts_long?
end
def all_success
super + %i(hsts hsts_long)
end

5
lib/cryptcheck/tls/xmpp/grade.rb

@ -2,11 +2,6 @@ module CryptCheck
module Tls
module Xmpp
class Grade < Tls::Grade
def calculate_states
super
@success << :required if @server.required?
end
def all_success
super + %i(required)
end

22
output/https.erb

@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
<td class="info">HSTS</td>
@ -89,7 +89,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end
%>
@ -136,13 +136,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@ -171,8 +171,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
<td class="info">HSTS</td>

22
output/smtp.erb

@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
</tr>
@ -88,7 +88,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end
%>
@ -138,13 +138,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@ -169,8 +169,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
</tr>

22
output/xmpp.erb

@ -66,8 +66,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="critical">DES/3DES</td>
<td class="info">PFS</td>
<td class="success">Required</td>
@ -88,7 +88,7 @@
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
when 'F', 'T', 'M' then :critical
else :danger
end %>
<td class="<%= rank_color %>">
@ -134,13 +134,13 @@
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
<td class="<%= s.rc4? ? :critical : :success %>">
<%= s.rc4? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.rc4? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
<td class="<%= (s.des? or s.des3?) ? :critical : :success %>">
<%= (s.des? or s.des3?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.des? or s.des3?) ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
@ -174,8 +174,8 @@
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="critical">RC4</td>
<td class="danger">DES/3DES</td>
<td class="info">PFS</td>
<td class="success">Required</td>

Loading…
Cancel
Save