You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

104 lines
2.4KB

  1. require 'timeout'
  2. module SSLCheck
  3. class NoSslTlsGrade
  4. attr_reader :server, :score, :grade
  5. def initialize(server)
  6. @server, @score, @grade = server, -1, 'X'
  7. end
  8. end
  9. class Grade
  10. attr_reader :server, :score, :grade, :warning, :success
  11. def initialize(server)
  12. @server = server
  13. protocol_score
  14. key_exchange_score
  15. cipher_strengths_score
  16. @score = @protocol_score*0.3 + @key_exchange_score*0.3 + @cipher_strengths_score*0.4
  17. calculate_grade
  18. warning
  19. success
  20. perfect
  21. end
  22. private
  23. def calculate_grade
  24. @grade = case @score
  25. when 0...20 then 'F'
  26. when 20...35 then 'E'
  27. when 35...50 then 'D'
  28. when 50...65 then 'C'
  29. when 65...80 then 'B'
  30. else 'A'
  31. end
  32. @grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
  33. @grade = [@grade, 'D'].max if @server.rc4?
  34. @grade = [@grade, 'E'].max if @server.des3?
  35. @grade = [@grade, 'F'].max if @server.ssl? or @server.key_size < 1024
  36. end
  37. def warning
  38. @warning = []
  39. @warning << :md5_sig if @server.md5_sig?
  40. @warning << :sha1_sig if @server.sha1_sig?
  41. @warning << :md5 if @server.md5?
  42. #@warning << :sha1 if @server.sha1?
  43. @warning << :rc4 if @server.rc4?
  44. @warning << :des if @server.des?
  45. @warning << :des3 if @server.des3?
  46. end
  47. def success
  48. @success = []
  49. @success << :pfs if @server.pfs_only?
  50. @success << :hsts if @server.hsts?
  51. @success << :hsts_long if @server.hsts_long?
  52. end
  53. ALL_SUCCESS = %i(pfs hsts hsts_long)
  54. def perfect
  55. @grade = 'A+' if @grade == 'A' and @warning.empty? and (ALL_SUCCESS & @success) == ALL_SUCCESS
  56. end
  57. METHODS_SCORES = { SSLv2: 0, SSLv3: 80, TLSv1: 90, TLSv1_1: 95, TLSv1_2: 100 }
  58. def protocol_score
  59. methods = @server.supported_methods
  60. worst, best = methods[:worst], methods[:best]
  61. @protocol_score = (METHODS_SCORES[worst] + METHODS_SCORES[best]) / 2
  62. end
  63. def key_exchange_score
  64. @key_exchange_score = case @server.key_size
  65. when 0 then 0
  66. when 0...512 then 20
  67. when 512...1024 then 40
  68. when 1024...2048 then 80
  69. when 2048...4096 then 90
  70. else 100
  71. end
  72. end
  73. def cipher_strength_score(cipher_strength)
  74. case cipher_strength
  75. when 0 then 0
  76. when 0...128 then 20
  77. when 128...256 then 80
  78. else 100
  79. end
  80. end
  81. def cipher_strengths_score
  82. strength = @server.cipher_size
  83. worst, best = strength[:min], strength[:max]
  84. @cipher_strengths_score = (cipher_strength_score(worst) + cipher_strength_score(best)) / 2
  85. end
  86. end
  87. end