You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

80 lines
3.7KB

  1. #!/usr/bin/env ruby
  2. #ENV['LD_LIBRARY_PATH'] = '/home/aeris/Workspace/external/sslscan/openssl'
  3. require 'logging'
  4. $:.unshift 'lib'
  5. require 'sslcheck'
  6. Logging.logger.root.appenders = Logging.appenders.stdout
  7. Logging.logger.root.level = :debug
  8. # Server = Class.new SSLCheck::Server do
  9. # def initialize
  10. # @key = OpenSSL::PKey::RSA.new 2048
  11. # name = OpenSSL::X509::Name.parse 'CN=nobody/DC=example'
  12. # @cert = OpenSSL::X509::Certificate.new
  13. # @cert.version = 3
  14. # @cert.serial = 0
  15. # @cert.not_before = Time.now
  16. # @cert.not_after = Time.now + 3600
  17. # @cert.public_key = @key.public_key
  18. # @cert.subject = name
  19. #
  20. # @supported_ciphers =
  21. # {SSLv3: [], TLSv1: [['ECDHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128]], TLSv1_1: [['ECDHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128]], TLSv1_2: [['ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES256-SHA384', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-GCM-SHA384', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-SHA256', 'TLSv1/SSLv3', 256, 256], ['DHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256, 256], ['ECDHE-RSA-AES128-GCM-SHA256', 'TLSv1/SSLv3', 128, 128], ['ECDHE-RSA-AES128-SHA256', 'TLSv1/SSLv3', 128, 128], ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-GCM-SHA256', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-SHA256', 'TLSv1/SSLv3', 128, 128], ['DHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128]]}
  22. # @prefered_ciphers = {SSLv3: nil, TLSv1: ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], TLSv1_1: ['ECDHE-RSA-AES128-SHA', 'TLSv1/SSLv3', 128, 128], TLSv1_2: ['ECDHE-RSA-AES128-GCM-SHA256', 'TLSv1/SSLv3', 128, 128]}
  23. #
  24. # @hsts = 31536000
  25. # end
  26. # end
  27. #server = Server.new
  28. #server = SSLCheck::Server.new 'www.cjn.justice.gouv.fr'
  29. #server = SSLCheck::Server.new 'www.capitainetrain.com'
  30. server = SSLCheck::Server.new 'matlink.fr'
  31. p SSLCheck::Grade.new server
  32. exit
  33. hostname, port = ['www.cjn.justice.gouv.fr', 443]
  34. tcp_client = TCPSocket.new hostname, port
  35. ssl_client = OpenSSL::SSL::SSLSocket.new tcp_client
  36. ssl_client.hostname = hostname
  37. p ssl_client.connect
  38. #hostname = 'provaping.com'
  39. #compressions = {}
  40. # existing_methods.each do |method|
  41. # next unless supported_methods.include? method
  42. # socket_context = OpenSSL::SSL::SSLContext.new method
  43. # socket_context.ciphers = %w(ALL:COMPLEMENTOFALL)
  44. # tcp_client = TCPSocket.new hostname, port
  45. # ssl_client = OpenSSL::SSL::SSLSocket.new tcp_client, socket_context
  46. # ssl_client.hostname = hostname
  47. # begin
  48. # ssl = ssl_client.connect
  49. # data = OpenSSL::ASN1.decode(ssl.session.to_der).value.find { |a| a.tag == 11 }
  50. # compression = !data.nil?
  51. # compressions[method] = compression
  52. # rescue OpenSSL::SSL::SSLError => e
  53. # end
  54. # end
  55. #p "Compressions", compressions
  56. #hostname = 'espaceclient.groupama.fr' # not supported
  57. # hostname = 'ameli.moncompte.mobi'
  58. # renegociations = {}
  59. # existing_methods.each do |method|
  60. # next unless supported_methods.include? method
  61. # socket_context = OpenSSL::SSL::SSLContext.new method
  62. # socket_context.ciphers = %w(ALL:COMPLEMENTOFALL)
  63. # tcp_client = TCPSocket.new hostname, port
  64. # ssl_client = OpenSSL::SSL::SSLSocket.new tcp_client, socket_context
  65. # ssl_client.hostname = hostname
  66. # begin
  67. # ssl = ssl_client.connect
  68. # p ssl
  69. # #data = OpenSSL::ASN1.decode(ssl.session.to_der).value.find { |a| a.tag == 11 }
  70. # rescue OpenSSL::SSL::SSLError => e
  71. # end
  72. # end
  73. # p "Renegociations", renegociations