Browse Source

Order ciphers by strength

master
Aeris 4 years ago
parent
commit
f75af5a736
1 changed files with 37 additions and 4 deletions
  1. 37
    4
      lib/cryptcheck/tls/cipher.rb

+ 37
- 4
lib/cryptcheck/tls/cipher.rb View File

@@ -67,12 +67,45 @@ module CryptCheck

def state
ok = Proc.new { |n| self.send "#{n}?" }
{ success: %i(pfs).select { |n| ok.call n },
warning: %i(sha1).select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des rc2 rc4).select { |n| ok.call n }
{
success: %i(pfs).select { |n| ok.call n },
warning: %i(sha1).select { |n| ok.call n },
danger: %i(des3).select { |n| ok.call n },
error: %i(dss md5 psk srp anonymous null export des rc2 rc4).select { |n| ok.call n }
}
end

def score
state = self.state
return :error unless state[:error].empty?
return :danger unless state[:danger].empty?
return :warning unless state[:warning].empty?
return :success unless state[:success].empty?
:none
end

PRIORITY = { success: 1, none: 2, warning: 3, danger: 4, error: 5 }
def self.sort(ciphers)
ciphers.sort do |a, b|
error_a, error_b = PRIORITY[a.score], PRIORITY[b.score]
compare = error_a <=> error_b
next compare unless compare == 0

size_a, size_b = a.size, b.size
compare = size_b <=> size_a
next compare unless compare == 0

dh_a, dh_b = a.dh, b.dh
next -1 if not dh_a and dh_b
next 1 if dh_a and not dh_b
next a.name <=> b.name if not dh_a and not dh_b

compare = b.dh.size <=> a.dh.size
next compare unless compare == 0

a.name <=> b.name
end
end
end
end
end

Loading…
Cancel
Save