80 lines
3.7 KiB
Ruby
Executable File
80 lines
3.7 KiB
Ruby
Executable File
#!/usr/bin/env ruby
|
|
#ENV['LD_LIBRARY_PATH'] = '/home/aeris/Workspace/external/sslscan/openssl'
|
|
require 'logging'
|
|
$:.unshift 'lib'
|
|
require 'sslcheck'
|
|
|
|
Logging.logger.root.appenders = Logging.appenders.stdout
|
|
Logging.logger.root.level = :debug
|
|
|
|
# Server = Class.new SSLCheck::Server do
|
|
# def initialize
|
|
# @key = OpenSSL::PKey::RSA.new 2048
|
|
# name = OpenSSL::X509::Name.parse 'CN=nobody/DC=example'
|
|
# @cert = OpenSSL::X509::Certificate.new
|
|
# @cert.version = 3
|
|
# @cert.serial = 0
|
|
# @cert.not_before = Time.now
|
|
# @cert.not_after = Time.now + 3600
|
|
# @cert.public_key = @key.public_key
|
|
# @cert.subject = name
|
|
#
|
|
# @supported_ciphers =
|
|
# {SSLv3: [], TLSv1: [['ECDHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128]], TLSv1_1: [['ECDHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128]], TLSv1_2: [['ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES256-SHA384', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-GCM-SHA384', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-SHA256', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES128-GCM-SHA256', 'TLSv1/SSLv3', 128, 128], ['ECDHE-RSA-AES128-SHA256', 'TLSv1/SSLv3', 128, 128], ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-GCM-SHA256', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-SHA256', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128]]}
|
|
# @prefered_ciphers = {SSLv3: nil, TLSv1: ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], TLSv1_1: ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], TLSv1_2: ['ECDHE-RSA-AES128-GCM-SHA256', 'TLSv1/SSLv3', 128, 128]}
|
|
#
|
|
# @hsts = 31536000
|
|
# end
|
|
# end
|
|
#server = Server.new
|
|
#server = SSLCheck::Server.new 'www.cjn.justice.gouv.fr'
|
|
#server = SSLCheck::Server.new 'www.capitainetrain.com'
|
|
server = SSLCheck::Server.new 'matlink.fr'
|
|
p SSLCheck::Grade.new server
|
|
exit
|
|
|
|
hostname, port = ['www.cjn.justice.gouv.fr', 443]
|
|
tcp_client = TCPSocket.new hostname, port
|
|
ssl_client = OpenSSL::SSL::SSLSocket.new tcp_client
|
|
ssl_client.hostname = hostname
|
|
p ssl_client.connect
|
|
|
|
|
|
#hostname = 'provaping.com'
|
|
#compressions = {}
|
|
# existing_methods.each do |method|
|
|
# next unless supported_methods.include? method
|
|
# socket_context = OpenSSL::SSL::SSLContext.new method
|
|
# socket_context.ciphers = %w(ALL:COMPLEMENTOFALL)
|
|
# tcp_client = TCPSocket.new hostname, port
|
|
# ssl_client = OpenSSL::SSL::SSLSocket.new tcp_client, socket_context
|
|
# ssl_client.hostname = hostname
|
|
# begin
|
|
# ssl = ssl_client.connect
|
|
# data = OpenSSL::ASN1.decode(ssl.session.to_der).value.find { |a| a.tag == 11 }
|
|
# compression = !data.nil?
|
|
# compressions[method] = compression
|
|
# rescue OpenSSL::SSL::SSLError => e
|
|
# end
|
|
# end
|
|
#p "Compressions", compressions
|
|
|
|
#hostname = 'espaceclient.groupama.fr' # not supported
|
|
# hostname = 'ameli.moncompte.mobi'
|
|
# renegociations = {}
|
|
# existing_methods.each do |method|
|
|
# next unless supported_methods.include? method
|
|
# socket_context = OpenSSL::SSL::SSLContext.new method
|
|
# socket_context.ciphers = %w(ALL:COMPLEMENTOFALL)
|
|
# tcp_client = TCPSocket.new hostname, port
|
|
# ssl_client = OpenSSL::SSL::SSLSocket.new tcp_client, socket_context
|
|
# ssl_client.hostname = hostname
|
|
# begin
|
|
# ssl = ssl_client.connect
|
|
# p ssl
|
|
# #data = OpenSSL::ASN1.decode(ssl.session.to_der).value.find { |a| a.tag == 11 }
|
|
# rescue OpenSSL::SSL::SSLError => e
|
|
# end
|
|
# end
|
|
# p "Renegociations", renegociations
|