aeris
/
cryptcheck
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
3 Branches
875KB
Tree: 777d220b28
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '777d220b28'
${ noResults }
cryptcheck/lib/cryptcheck/tls/https/server.rb

55 lines
1.1KB
Raw Blame History 

  1. require 'socket'

  2. require 'openssl'

  3. require 'httparty'

  4. 

  5. module CryptCheck

  6. 	module Tls

  7. 		module Https

  8. 			class Server < Tls::Server

  9. 				attr_reader :hsts

  10. 

  11. 				def initialize(hostname, port=443, methods: EXISTING_METHODS)

  12. 					super

  13. 					fetch_hsts

  14. 				end

  15. 

  16. 				def fetch_hsts

  17. 					port = @port == 443 ? '' : ":#{@port}"

  18. 

  19. 					response = nil

  20. 					@methods.each do |method|

  21. 						begin

  22. 							next unless SUPPORTED_METHODS.include? method

  23. 							@log.debug { "Check HSTS with #{method}" }

  24. 							response = ::HTTParty.head "https://#{@hostname}#{port}/", { follow_redirects: false, verify: false, ssl_version: method, timeout: SSL_TIMEOUT }

  25. 							break

  26. 						rescue Exception => e

  27. 							@log.debug { "#{method} not supported : #{e}" }

  28. 						end

  29. 					end

  30. 

  31. 					if response and header = response.headers['strict-transport-security']

  32. 						name, value = header.split '='

  33. 						if name == 'max-age'

  34. 							@hsts = value.to_i

  35. 							@log.info { "HSTS : #{@hsts}" }

  36. 							return

  37. 						end

  38. 					end

  39. 

  40. 					@log.info { 'No HSTS' }

  41. 					@hsts = nil

  42. 				end

  43. 

  44. 				def hsts?

  45. 					!@hsts.nil?

  46. 				end

  47. 

  48. 				def hsts_long?

  49. 					hsts? and @hsts >= 6*30*24*60*60

  50. 				end

  51. 			end

  52. 		end

  53. 	end

  54. end