Fetch ciphers from cipher suite

7 years ago · f5bedc0e8f
parent 2967cd9d39
commit f5bedc0e8f
3 changed files with 10 additions and 3 deletions
--- a/lib/cryptcheck/ssh/server.rb
+++ b/lib/cryptcheck/ssh/server.rb
@ -89,7 +89,7 @@ module CryptCheck
 					'ssh-dss-cert-v00@openssh.com'             => :red,		# DSA
 			}

-			def initialize(hostname, port)
+			def initialize(hostname, port=22)
 				@hostname, @port = hostname, port

 				Logger.info { "#{hostname}:#{port}".colorize :blue }
--- a/lib/cryptcheck/tls/cipher.rb
+++ b/lib/cryptcheck/tls/cipher.rb
@ -106,6 +106,13 @@ module CryptCheck
 					a.name <=> b.name
 				end
 			end
+
+			def self.list(cipher_suite = 'ALL:COMPLEMENTOFALL', protocol: :TLSv1_2)
+				context = OpenSSL::SSL::SSLContext.new protocol
+				context.ciphers = cipher_suite
+				ciphers = context.ciphers.collect { |c| self.new protocol, c }
+				self.sort ciphers
+			end
 		end
 	end
 end
--- a/lib/cryptcheck/tls/server.rb
+++ b/lib/cryptcheck/tls/server.rb
@ -280,8 +280,8 @@ module CryptCheck
 				store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
 				store.set_default_paths

-				%w(cacert mozilla).each do |directory|
-					::Dir.glob(::File.join '/usr/share/ca-certificates', directory, '*').each do |file|
+				%w(/etc/ssl/certs).each do |directory|
+					::Dir.glob(::File.join directory, '*.pem').each do |file|
 						cert = ::OpenSSL::X509::Certificate.new ::File.read file
 						begin
 							store.add_cert cert