|
@@ -68,7 +68,7 @@ def certificate(key)
|
68
|
68
|
end
|
69
|
69
|
|
70
|
70
|
key = OpenSSL::PKey::RSA.new File.read 'config/rsa-2048.pem'
|
71
|
|
-#key = OpenSSL::PKey::EC.new('secp521r1').generate_key
|
|
71
|
+# key = OpenSSL::PKey::EC.new('prime256v1').generate_key
|
72
|
72
|
cert = certificate key
|
73
|
73
|
|
74
|
74
|
CryptCheck::Logger.info 'Starting server'
|
|
@@ -78,13 +78,13 @@ context = OpenSSL::SSL::SSLContext.new
|
78
|
78
|
#context = OpenSSL::SSL::SSLContext.new :TLSv1_1
|
79
|
79
|
context.cert = cert
|
80
|
80
|
context.key = key
|
81
|
|
-context.ciphers = ARGV[0] || 'ECDHE+AESGCM'
|
|
81
|
+context.ciphers = ARGV[0] || 'EECDH+AESGCM'
|
82
|
82
|
|
83
|
|
-dh = OpenSSL::PKey::DH.new File.read 'config/dh-4096.pem'
|
84
|
|
-context.tmp_dh_callback = proc { dh }
|
|
83
|
+#dh = OpenSSL::PKey::DH.new File.read 'config/dh-4096.pem'
|
|
84
|
+#context.tmp_dh_callback = proc { dh }
|
85
|
85
|
#context.ecdh_curves = CryptCheck::Tls::Server::SUPPORTED_CURVES.join ':'
|
86
|
86
|
#context.ecdh_curves = 'secp384r1:secp521r1:sect571r1'
|
87
|
|
-context.ecdh_curves = 'secp384r1'
|
|
87
|
+#context.ecdh_curves = 'prime256v1'
|
88
|
88
|
#ecdh = OpenSSL::PKey::EC.new('secp384r1').generate_key
|
89
|
89
|
#context.tmp_ecdh_callback = proc { ecdh }
|
90
|
90
|
|
|
@@ -92,6 +92,9 @@ host, port = '::', 5000
|
92
|
92
|
tcp_server = TCPServer.new host, port
|
93
|
93
|
tls_server = OpenSSL::SSL::SSLServer.new tcp_server, context
|
94
|
94
|
::CryptCheck::Logger.info "Server started on #{host}:#{port}"
|
|
95
|
+# ::CryptCheck::Logger.info "Supported ciphers:"
|
|
96
|
+# context.ciphers.each { |c| ::CryptCheck::Logger.info c.first }
|
|
97
|
+
|
95
|
98
|
|
96
|
99
|
loop do
|
97
|
100
|
begin
|
|
@@ -101,15 +104,18 @@ loop do
|
101
|
104
|
|
102
|
105
|
dh = connection.tmp_key
|
103
|
106
|
cipher = connection.cipher
|
104
|
|
- cipher = CryptCheck::Tls::Cipher.new method, cipher, dh
|
|
107
|
+ cipher = CryptCheck::Tls::Cipher.new method, cipher.first
|
105
|
108
|
states = cipher.states
|
106
|
|
- text = %i(critical error warning good perfect best).collect do |s|
|
107
|
|
- states[s].collect { |t| t.to_s.colorize s }.join ' '
|
108
|
|
- end.reject &:empty?
|
109
|
|
- text = text.join ' '
|
|
109
|
+ # p states
|
|
110
|
+ # text = %i(critical error warning good perfect best).collect do |s|
|
|
111
|
+ # states[s].collect { |t| t.to_s.colorize s }.join ' '
|
|
112
|
+ # end.reject &:empty?
|
|
113
|
+ # text = []
|
|
114
|
+ # text = text.join ' '
|
|
115
|
+ # text = ''
|
110
|
116
|
|
111
|
117
|
dh = dh ? " (#{'PFS'.colorize :good} : #{CryptCheck::Tls.key_to_s dh})" : ''
|
112
|
|
- CryptCheck::Logger.info { "#{CryptCheck::Tls.colorize method} / #{cipher.colorize}#{dh} [#{text}]" }
|
|
118
|
+ CryptCheck::Logger.info { "#{cipher}#{dh}" }
|
113
|
119
|
|
114
|
120
|
data = connection.gets
|
115
|
121
|
if data
|