You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

53 lines
1.1KB

  1. require 'httparty'
  2. module CryptCheck
  3. module Tls
  4. module Https
  5. class Server < Tls::TcpServer
  6. attr_reader :hsts
  7. def initialize(hostname, port=443)
  8. super
  9. fetch_hsts
  10. end
  11. def fetch_hsts
  12. port = @port == 443 ? '' : ":#{@port}"
  13. response = nil
  14. EXISTING_METHODS.each do |method|
  15. begin
  16. next unless SUPPORTED_METHODS.include? method
  17. @log.debug { "Check HSTS with #{method}" }
  18. response = ::HTTParty.head "https://#{@hostname}#{port}/", { follow_redirects: false, verify: false, ssl_version: method, timeout: SSL_TIMEOUT }
  19. break
  20. rescue Exception => e
  21. @log.debug { "#{method} not supported : #{e}" }
  22. end
  23. end
  24. if response and header = response.headers['strict-transport-security']
  25. name, value = header.split '='
  26. if name == 'max-age'
  27. @hsts = value.to_i
  28. @log.info { "HSTS : #{@hsts}" }
  29. return
  30. end
  31. end
  32. @log.info { 'No HSTS' }
  33. @hsts = nil
  34. end
  35. def hsts?
  36. !@hsts.nil?
  37. end
  38. def hsts_long?
  39. hsts? and @hsts >= 6*30*24*60*60
  40. end
  41. end
  42. end
  43. end
  44. end