You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

server.rb 1.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. require 'socket'
  2. require 'openssl'
  3. require 'httparty'
  4. module CryptCheck
  5. module Tls
  6. module Https
  7. class Server < Tls::Server
  8. attr_reader :hsts
  9. def initialize(hostname, port=443, methods: EXISTING_METHODS)
  10. super
  11. fetch_hsts
  12. end
  13. def fetch_hsts
  14. port = @port == 443 ? '' : ":#{@port}"
  15. response = nil
  16. @methods.each do |method|
  17. begin
  18. next unless SUPPORTED_METHODS.include? method
  19. @log.debug { "Check HSTS with #{method}" }
  20. response = ::HTTParty.head "https://#{@hostname}#{port}/", { follow_redirects: false, verify: false, ssl_version: method, timeout: SSL_TIMEOUT }
  21. break
  22. rescue Exception => e
  23. @log.debug { "#{method} not supported : #{e}" }
  24. end
  25. end
  26. if response and header = response.headers['strict-transport-security']
  27. name, value = header.split '='
  28. if name == 'max-age'
  29. @hsts = value.to_i
  30. @log.info { "HSTS : #{@hsts}" }
  31. return
  32. end
  33. end
  34. @log.info { 'No HSTS' }
  35. @hsts = nil
  36. end
  37. def hsts?
  38. !@hsts.nil?
  39. end
  40. def hsts_long?
  41. hsts? and @hsts >= 6*30*24*60*60
  42. end
  43. end
  44. end
  45. end
  46. end