如何使用Ruby验证Web服务器支持的密码套件?

gcuhipw9  于 2023-10-18  发布在  Ruby
关注(0)|答案(2)|浏览(165)

我想在Ruby中创建一个自动检查器,用于验证针对目标主机使用的TLS密码套件。我不介意使用内置库或外部gem,但到目前为止我还没有找到任何东西。
我想得到一个支持的密码套件的简单列表。

kt06eoxx

kt06eoxx1#

我的第一个答案是错误的,因为我误解了问题。我相信这将做你想要的,如果不是一个好的起点。* 我没有对它进行清理或重构。*

require 'openssl'
require 'socket'

# it doesn't matter that this would give a 301, this isn't HTTP
hostname = 'google.co.uk'
port = 443

# we cannot directly get to the SSL socket using net/http because
# it is already gone when we get the response back and it doesn't
# remember it, so we have to interact with OpenSSL directly like you
# would with the CLI version: `openssl s_client -cipher "TLSv1.2" -host google.co.uk -port 443`

# keep track of which ones work
success = []

# get a list of our ciphers we know about
ciphers = OpenSSL::Cipher.ciphers

# try each one
ciphers.each do |cipher|
  puts "Trying: #{cipher} ..."

  begin
    context = OpenSSL::SSL::SSLContext.new
    context.ciphers = [cipher.upcase]
    socket = TCPSocket.new(hostname, port)
    ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, context)
    ssl_socket.connect

    puts "Negotiated Cipher: #{ssl_socket.cipher[0]}"
    puts "Remote Ciphers:"
    puts ssl_socket.ssl_version
    ssl_socket.close

    # if we get this far, it worked
    success << cipher.upcase
  rescue OpenSSL::SSL::SSLError => e
    # do nothing
  end
end

puts "All the ones that worked:"
puts success

我会把这个和你知道答案的主机进行比较。

yuvru6vn

yuvru6vn2#

这个答案是不正确的,因为我读错了,但在我的编辑使用

openssl gem附带了Ruby标准库。这里有一个例子,说明如何在不安装Ruby以外的任何东西的情况下获得你想要的东西。

require 'openssl'

# returns an array, I am just printing here
# you could filter, map or transform
# this relies heavily on the native openssl installation of the host or image
# so really, this is a Ruby interface to OpenSSL

ciphers = OpenSSL::Cipher.ciphers
puts ciphers

puts "We seem to have #{ciphers.length} ciphers available."

相关问题