You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

server.rb 1.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. module CryptCheck
  2. module Tls
  3. class Server
  4. Method.each do |method|
  5. class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
  6. def #{method.to_sym.downcase}?
  7. @supported_methods.detect { |m| m == :#{method.to_sym} }
  8. end
  9. RUBY_EVAL
  10. end
  11. Cipher::TYPES.each do |type, _|
  12. class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
  13. def #{type}?
  14. uniq_supported_ciphers.any? { |c| c.#{type}? }
  15. end
  16. RUBY_EVAL
  17. end
  18. def ssl?
  19. sslv2? or sslv3?
  20. end
  21. def tls?
  22. tlsv1? or tlsv1_1? or tlsv1_2?
  23. end
  24. def tls_only?
  25. tls? and !ssl?
  26. end
  27. def tlsv1_2_only?
  28. tlsv1_2? and not ssl? and not tlsv1? and not tlsv1_1?
  29. end
  30. def pfs_only?
  31. uniq_supported_ciphers.all? { |c| c.pfs? }
  32. end
  33. def ecdhe_only?
  34. uniq_supported_ciphers.all? { |c| c.ecdhe? }
  35. end
  36. def aead_only?
  37. uniq_supported_ciphers.all? { |c| c.aead? }
  38. end
  39. def fallback_scsv?
  40. @fallback_scsv
  41. end
  42. def must_staple?
  43. @cert.extensions.any? { |e| e.oid == '1.3.6.1.5.5.7.1.24' }
  44. end
  45. def valid?
  46. @valid
  47. end
  48. def trusted?
  49. @trusted
  50. end
  51. include State
  52. CHECKS = [
  53. [:tlsv1_2_only, -> (s) { s.tlsv1_2_only? }, :perfect],
  54. [:pfs_only, -> (s) { s.pfs_only? }, :perfect],
  55. [:ecdhe_only, -> (s) { s.ecdhe_only? }, :perfect],
  56. #[:aead_only, -> (s) { s.aead_only? }, :best],
  57. ].freeze
  58. def checks
  59. checks = CHECKS
  60. unless self.fallback_scsv? == nil
  61. checks += [
  62. [:no_fallback_scsv, -> (s) { not s.fallback_scsv? }, :error],
  63. [:fallback_scsv, -> (s) { s.fallback_scsv? }, :good]
  64. ]
  65. end
  66. checks
  67. end
  68. def children
  69. @certs + @dh + @supported_methods + uniq_supported_ciphers
  70. end
  71. include Engine
  72. end
  73. class TcpServer < Server
  74. private
  75. def sock_type
  76. ::Socket::SOCK_STREAM
  77. end
  78. end
  79. class UdpServer < Server
  80. private
  81. def sock_type
  82. ::Socket::SOCK_DGRAM
  83. end
  84. end
  85. end
  86. end