You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

server.rb 1.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. module CryptCheck
  2. module Tls
  3. class Server
  4. Method.each do |method|
  5. class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
  6. def #{method.to_sym.downcase}?
  7. @supported_methods.detect { |m| m == :#{method.to_sym} }
  8. end
  9. RUBY_EVAL
  10. end
  11. Cipher::TYPES.each do |type, _|
  12. class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
  13. def #{type}?
  14. uniq_supported_ciphers.any? { |c| c.#{type}? }
  15. end
  16. RUBY_EVAL
  17. end
  18. def ssl?
  19. sslv2? or sslv3?
  20. end
  21. def tls?
  22. tlsv1? or tlsv1_1? or tlsv1_2?
  23. end
  24. def tls_only?
  25. tls? and !ssl?
  26. end
  27. def tlsv1_2_only?
  28. tlsv1_2? and not ssl? and not tlsv1? and not tlsv1_1?
  29. end
  30. def pfs_only?
  31. uniq_supported_ciphers.all? { |c| c.pfs? }
  32. end
  33. def ecdhe_only?
  34. uniq_supported_ciphers.all? { |c| c.ecdhe? }
  35. end
  36. def aead_only?
  37. uniq_supported_ciphers.all? { |c| c.aead? }
  38. end
  39. def fallback_scsv?
  40. @fallback_scsv
  41. end
  42. def must_staple?
  43. @cert.extensions.any? { |e| e.oid == '1.3.6.1.5.5.7.1.24' }
  44. end
  45. def valid?
  46. @valid
  47. end
  48. def trusted?
  49. @trusted
  50. end
  51. def to_h
  52. end
  53. protected
  54. include State
  55. CHECKS = [
  56. [:fallback_scsv, :good, -> (s) { s.fallback_scsv? }]
  57. # [:tlsv1_2_only, -> (s) { s.tlsv1_2_only? }, :great],
  58. # [:pfs_only, -> (s) { s.pfs_only? }, :great],
  59. # [:ecdhe_only, -> (s) { s.ecdhe_only? }, :great],
  60. #[:aead_only, -> (s) { s.aead_only? }, :best],
  61. ].freeze
  62. def available_checks
  63. CHECKS
  64. end
  65. def children
  66. @certs + @dh + @supported_methods + uniq_supported_ciphers
  67. end
  68. include Engine
  69. include Grade
  70. end
  71. class TcpServer < Server
  72. private
  73. def sock_type
  74. ::Socket::SOCK_STREAM
  75. end
  76. end
  77. class UdpServer < Server
  78. private
  79. def sock_type
  80. ::Socket::SOCK_DGRAM
  81. end
  82. end
  83. end
  84. end