You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

55 lines
1.1KB

  1. require 'socket'
  2. require 'openssl'
  3. require 'httparty'
  4. module CryptCheck
  5. module Tls
  6. module Https
  7. class Server < Tls::Server
  8. attr_reader :hsts
  9. def initialize(hostname, port=443)
  10. super
  11. fetch_hsts
  12. end
  13. def fetch_hsts
  14. port = @port == 443 ? '' : ":#{@port}"
  15. response = nil
  16. @methods.each do |method|
  17. begin
  18. next unless SUPPORTED_METHODS.include? method
  19. @log.debug { "Check HSTS with #{method}" }
  20. response = ::HTTParty.head "https://#{@hostname}#{port}/", { follow_redirects: false, verify: false, ssl_version: method, timeout: SSL_TIMEOUT }
  21. break
  22. rescue Exception => e
  23. @log.debug { "#{method} not supported : #{e}" }
  24. end
  25. end
  26. if response and header = response.headers['strict-transport-security']
  27. name, value = header.split '='
  28. if name == 'max-age'
  29. @hsts = value.to_i
  30. @log.info { "HSTS : #{@hsts}" }
  31. return
  32. end
  33. end
  34. @log.info { 'No HSTS' }
  35. @hsts = nil
  36. end
  37. def hsts?
  38. !@hsts.nil?
  39. end
  40. def hsts_long?
  41. hsts? and @hsts >= 6*30*24*60*60
  42. end
  43. end
  44. end
  45. end
  46. end