class SSLScan::Result

Attributes

ciphers[R]
openssl_sslv2[RW]
peer_verified[R]
supported_versions[R]

Public Class Methods

new() click to toggle source
# File lib/ssl_scan/result.rb, line 12
def initialize()
  @cert = nil
  @ciphers = Set.new
  @peer_verified = false
  @supported_versions = [:SSLv2, :SSLv3, :TLSv1]
end

Public Instance Methods

accepted(version = :all) click to toggle source

Returns all accepted ciphers matching the supplied version @param version [Symbol, Array] The SSL Version to filter on @raise [ArgumentError] if the version supplied is invalid @return [Array] An array of accepted cipher details matching the supplied versions

# File lib/ssl_scan/result.rb, line 54
def accepted(version = :all)
  enum_ciphers(:accepted, version)
end
add_cipher(version, cipher, key_length, status) click to toggle source

Adds the details of a cipher test to the Result object. @param version [Symbol] the SSL Version @param cipher [String] the SSL cipher @param key_length [Fixnum] the length of encryption key @param status [Symbol] :accepted or :rejected

# File lib/ssl_scan/result.rb, line 115
def add_cipher(version, cipher, key_length, status)
  unless @supported_versions.include? version
    raise ArgumentError, "Must be a supported SSL Version"
  end
  unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include? cipher
    raise ArgumentError, "Must be a valid SSL Cipher for #{version}!"
  end
  unless key_length.kind_of? Fixnum
    raise ArgumentError, "Must supply a valid key length"
  end
  unless [:accepted, :rejected, :failed].include? status
    raise ArgumentError, "Status must be either :accepted or :rejected"
  end

  strong_cipher_ctx = OpenSSL::SSL::SSLContext.new(version)
  # OpenSSL Directive For Strong Ciphers
  # See: http://www.rapid7.com/vulndb/lookup/ssl-weak-ciphers
  strong_cipher_ctx.ciphers = "ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"

  if strong_cipher_ctx.ciphers.flatten.include? cipher
    weak = false
  else
    weak = true
  end

  cipher_details = {:version => version, :cipher => cipher, :key_length => key_length, :weak => weak, :status => status}
  @ciphers << cipher_details
end
cert() click to toggle source
# File lib/ssl_scan/result.rb, line 19
def cert
  @cert
end
cert=(input) click to toggle source
# File lib/ssl_scan/result.rb, line 23
def cert=(input)
  unless input.kind_of? OpenSSL::X509::Certificate or input.nil?
    raise ArgumentError, "Must be an X509 Cert!"
  end
  @cert = input
end
each_accepted(version = :all) { |cipher_result| ... } click to toggle source
# File lib/ssl_scan/result.rb, line 70
def each_accepted(version = :all)
  accepted(version).each do |cipher_result|
    yield cipher_result
  end
end
each_rejected(version = :all) { |cipher_result| ... } click to toggle source
# File lib/ssl_scan/result.rb, line 76
def each_rejected(version = :all)
  rejected(version).each do |cipher_result|
    yield cipher_result
  end
end
failed(version = :all) click to toggle source
# File lib/ssl_scan/result.rb, line 66
def failed(version = :all)
  enum_ciphers(:failed, version)
end
rejected(version = :all) click to toggle source

Returns all rejected ciphers matching the supplied version @param version [Symbol, Array] The SSL Version to filter on @raise [ArgumentError] if the version supplied is invalid @return [Array] An array of rejected cipher details matching the supplied versions

# File lib/ssl_scan/result.rb, line 62
def rejected(version = :all)
  enum_ciphers(:rejected, version)
end
sslv2() click to toggle source
# File lib/ssl_scan/result.rb, line 30
def sslv2
  @ciphers.reject{|cipher| cipher[:version] != :SSLv2 }
end
sslv3() click to toggle source
# File lib/ssl_scan/result.rb, line 34
def sslv3
  @ciphers.reject{|cipher| cipher[:version] != :SSLv3 }
end
standards_compliant?() click to toggle source
# File lib/ssl_scan/result.rb, line 102
def standards_compliant?
  if supports_ssl?
    return false if supports_sslv2?
    return false if supports_weak_ciphers?
  end
  true
end
strong_ciphers() click to toggle source
# File lib/ssl_scan/result.rb, line 46
def strong_ciphers
  accepted.reject{|cipher| cipher[:weak] }
end
supports_ssl?() click to toggle source
# File lib/ssl_scan/result.rb, line 94
def supports_ssl?
  supports_sslv2? or supports_sslv3? or supports_tlsv1?
end
supports_sslv2?() click to toggle source
# File lib/ssl_scan/result.rb, line 82
def supports_sslv2?
  !(accepted(:SSLv2).empty?)
end
supports_sslv3?() click to toggle source
# File lib/ssl_scan/result.rb, line 86
def supports_sslv3?
  !(accepted(:SSLv3).empty?)
end
supports_tlsv1?() click to toggle source
# File lib/ssl_scan/result.rb, line 90
def supports_tlsv1?
  !(accepted(:TLSv1).empty?)
end
supports_weak_ciphers?() click to toggle source
# File lib/ssl_scan/result.rb, line 98
def supports_weak_ciphers?
  !(weak_ciphers.empty?)
end
tlsv1() click to toggle source
# File lib/ssl_scan/result.rb, line 38
def tlsv1
  @ciphers.reject{|cipher| cipher[:version] != :TLSv1 }
end
weak_ciphers() click to toggle source
# File lib/ssl_scan/result.rb, line 42
def weak_ciphers
  accepted.reject{|cipher| cipher[:weak] == false }
end

Protected Instance Methods

enum_ciphers(state, version = :all) click to toggle source

@param state [Symbol] Either :accepted or :rejected @param version [Symbol, Array] The SSL Version to filter on (:SSLv2, :SSLv3, :TLSv1, :all) @return [Set] The Set of cipher results matching the filter criteria

# File lib/ssl_scan/result.rb, line 149
def enum_ciphers(state, version = :all)
  case version
  when Symbol
    case version
    when :all
      return @ciphers.select { |cipher| cipher[:status] == state }
    when :SSLv2, :SSLv3, :TLSv1
      return @ciphers.select { |cipher| cipher[:status] == state and cipher[:version] == version }
    else
      raise ArgumentError, "Invalid SSL Version Supplied: #{version}"
    end
  when Array
    version = version.reject{|v| !(@supported_versions.include? v)}
    if version.empty?
      return @ciphers.select{|cipher| cipher[:status] == state}
    else
      return @ciphers.select{|cipher| cipher[:status] == state and version.include? cipher[:version]}
    end
  else
    raise ArgumentError, "Was expecting Symbol or Array and got #{version.class}"
  end
end