You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

94 lines
2.3KB

  1. module SSLCheck
  2. class Grade
  3. attr_reader :server, :score, :grade, :warning, :good
  4. def initialize(server)
  5. @server = server
  6. protocol_score
  7. key_exchange_score
  8. cipher_strengths_score
  9. @score = @protocol_score*0.3 + @key_exchange_score*0.3 + @cipher_strengths_score*0.4
  10. calculate_grade
  11. warning
  12. success
  13. perfect
  14. end
  15. private
  16. def calculate_grade
  17. @grade = case @score
  18. when 0...20 then 'F'
  19. when 20...35 then 'E'
  20. when 35...50 then 'D'
  21. when 50...65 then 'C'
  22. when 65...80 then 'B'
  23. else 'A'
  24. end
  25. @grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
  26. @grade = [@grade, 'D'].max if @server.rc4?
  27. @grade = [@grade, 'E'].max if @server.des3?
  28. @grade = [@grade, 'F'].max if @server.ssl? or @server.key_size < 1024
  29. end
  30. def warning
  31. @warning = []
  32. @warning << :md5_sig if @server.md5_sig?
  33. @warning << :sha1_sig if @server.sha1_sig?
  34. @warning << :md5 if @server.md5?
  35. #@warning << :sha1 if @server.sha1?
  36. @warning << :rc4 if @server.rc4?
  37. @warning << :des if @server.des?
  38. @warning << :des3 if @server.des3?
  39. end
  40. def success
  41. @success = []
  42. @success << :pfs if @server.pfs_only?
  43. @success << :hsts if @server.hsts?
  44. @success << :hsts_long if @server.hsts_long?
  45. end
  46. ALL_SUCCESS = %i(pfs hsts hsts_long)
  47. def perfect
  48. @grade = 'A+' if @grade == 'A' and @warning.empty? and (ALL_SUCCESS & @success) == ALL_SUCCESS
  49. end
  50. METHODS_SCORES = { SSLv2: 0, SSLv3: 80, TLSv1: 90, TLSv1_1: 95, TLSv1_2: 100 }
  51. def protocol_score
  52. methods = @server.supported_methods
  53. worst, best = methods[:worst], methods[:best]
  54. @protocol_score = (METHODS_SCORES[worst] + METHODS_SCORES[best]) / 2
  55. end
  56. def key_exchange_score
  57. @key_exchange_score = case @server.key_size
  58. when 0 then 0
  59. when 0...512 then 20
  60. when 512...1024 then 40
  61. when 1024...2048 then 80
  62. when 2048...4096 then 90
  63. else 100
  64. end
  65. end
  66. def cipher_strength_score(cipher_strength)
  67. case cipher_strength
  68. when 0 then 0
  69. when 0...128 then 20
  70. when 128...256 then 80
  71. else 100
  72. end
  73. end
  74. def cipher_strengths_score
  75. strength = @server.cipher_size
  76. worst, best = strength[:min], strength[:max]
  77. @cipher_strengths_score = (cipher_strength_score(worst) + cipher_strength_score(best)) / 2
  78. end
  79. end
  80. end