aeris
/
cryptcheck
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
3 Branches
875KB
Tree: a0a2dc8813
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a0a2dc8813'
${ noResults }
cryptcheck/lib/sslcheck/grade.rb

108 lines
2.6KB
Raw Blame History 

  1. require 'timeout'

  2. 

  3. module SSLCheck

  4. 	class NoSslTlsGrade

  5. 		attr_reader :server, :score, :grade

  6. 

  7. 		def initialize(server)

  8. 			@server, @score, @grade = server, -1, 'X'

  9. 		end

  10. 	end

  11. 

  12. 	class Grade

  13. 		attr_reader :server, :score, :grade, :warning, :success

  14. 

  15. 		def initialize(server)

  16. 			@server = server

  17. 			protocol_score

  18. 			key_exchange_score

  19. 			cipher_strengths_score

  20. 			@score = @protocol_score*0.3 +  @key_exchange_score*0.3 + @cipher_strengths_score*0.4

  21. 			calculate_grade

  22. 			warning

  23. 			success

  24. 			perfect

  25. 		end

  26. 

  27. 		private

  28. 		def calculate_grade

  29. 			@grade = case @score

  30. 				when 0...20 then 'F'

  31. 				when 20...35 then 'E'

  32. 				when 35...50 then 'D'

  33. 				when 50...65 then 'C'

  34. 				when 65...80 then 'B'

  35. 				else 'A'

  36. 			end

  37. 

  38. 			@grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048

  39. 			@grade = [@grade, 'C'].max if @server.des3?

  40. 			@grade = [@grade, 'E'].max if @server.rc4? or @server.des?

  41. 			@grade = [@grade, 'F'].max if @server.ssl? or @server.key_size < 1024

  42. 

  43. 			@grade = 'M' unless @server.cert_valid

  44. 			@grade = 'T' unless @server.cert_trusted

  45. 		end

  46. 

  47. 		def warning

  48. 			@warning = []

  49. 

  50. 			@warning << :md5_sig if @server.md5_sig?

  51. 			@warning << :sha1_sig if @server.sha1_sig?

  52. 

  53. 			@warning << :md5 if @server.md5?

  54. 			#@warning << :sha1 if @server.sha1?

  55. 

  56. 			@warning << :rc4 if @server.rc4?

  57. 			@warning << :des if @server.des?

  58. 			@warning << :des3 if @server.des3?

  59. 		end

  60. 

  61. 		def success

  62. 			@success = []

  63. 			@success << :pfs if @server.pfs_only?

  64. 			@success << :hsts if @server.hsts?

  65. 			@success << :hsts_long if @server.hsts_long?

  66. 		end

  67. 

  68. 		ALL_WARNING = %i(md5_sig md5 rc4 des)

  69. 		ALL_SUCCESS = %i(pfs hsts hsts_long)

  70. 		def perfect

  71. 			@grade = 'A+' if @grade == 'A' and (ALL_WARNING & @warning).empty? and (ALL_SUCCESS & @success) == ALL_SUCCESS

  72. 		end

  73. 

  74. 		METHODS_SCORES = { SSLv2: 0, SSLv3: 80, TLSv1: 90, TLSv1_1: 95, TLSv1_2: 100 }

  75. 		def protocol_score

  76. 			methods = @server.supported_methods

  77. 			worst, best = methods[:worst], methods[:best]

  78. 			@protocol_score = (METHODS_SCORES[worst] + METHODS_SCORES[best]) / 2

  79. 		end

  80. 

  81. 		def key_exchange_score

  82. 			@key_exchange_score = case @server.key_size

  83. 				when 0 then 0

  84. 				when 0...512 then 20

  85. 				when 512...1024 then 40

  86. 				when 1024...2048 then 80

  87. 				when 2048...4096 then 90

  88. 				else 100

  89. 			end

  90. 		end

  91. 

  92. 		def cipher_strength_score(cipher_strength)

  93. 			case cipher_strength

  94. 				when 0 then 0

  95. 				when 0...128 then 20

  96. 				when 128...256 then 80

  97. 				else 100

  98. 			end

  99. 		end

  100. 

  101. 		def cipher_strengths_score

  102. 			strength = @server.cipher_size

  103. 			worst, best = strength[:min], strength[:max]

  104. 			@cipher_strengths_score = (cipher_strength_score(worst) + cipher_strength_score(best)) / 2

  105. 		end

  106. 	end

  107. end