Browse Source

Order ciphers by strength

v1
Aeris 7 years ago
parent
commit
f75af5a736
  1. 41
      lib/cryptcheck/tls/cipher.rb

41
lib/cryptcheck/tls/cipher.rb

@ -67,12 +67,45 @@ module CryptCheck
def state
ok = Proc.new { |n| self.send "#{n}?" }
{ success: %i(pfs).select { |n| ok.call n },
warning: %i(sha1).select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des rc2 rc4).select { |n| ok.call n }
{
success: %i(pfs).select { |n| ok.call n },
warning: %i(sha1).select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des rc2 rc4).select { |n| ok.call n }
}
end
def score
state = self.state
return :error unless state[:error].empty?
return :danger unless state[:danger].empty?
return :warning unless state[:warning].empty?
return :success unless state[:success].empty?
:none
end
PRIORITY = { success: 1, none: 2, warning: 3, danger: 4, error: 5 }
def self.sort(ciphers)
ciphers.sort do |a, b|
error_a, error_b = PRIORITY[a.score], PRIORITY[b.score]
compare = error_a <=> error_b
next compare unless compare == 0
size_a, size_b = a.size, b.size
compare = size_b <=> size_a
next compare unless compare == 0
dh_a, dh_b = a.dh, b.dh
next -1 if not dh_a and dh_b
next 1 if dh_a and not dh_b
next a.name <=> b.name if not dh_a and not dh_b
compare = b.dh.size <=> a.dh.size
next compare unless compare == 0
a.name <=> b.name
end
end
end
end
end

Loading…
Cancel
Save