require 'openssl'
require 'socket'
# it doesn't matter that this would give a 301, this isn't HTTP
hostname = 'google.co.uk'
port = 443
# we cannot directly get to the SSL socket using net/http because
# it is already gone when we get the response back and it doesn't
# remember it, so we have to interact with OpenSSL directly like you
# would with the CLI version: `openssl s_client -cipher "TLSv1.2" -host google.co.uk -port 443`
# keep track of which ones work
success = []
# get a list of our ciphers we know about
ciphers = OpenSSL::Cipher.ciphers
# try each one
ciphers.each do |cipher|
puts "Trying: #{cipher} ..."
begin
context = OpenSSL::SSL::SSLContext.new
context.ciphers = [cipher.upcase]
socket = TCPSocket.new(hostname, port)
ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, context)
ssl_socket.connect
puts "Negotiated Cipher: #{ssl_socket.cipher[0]}"
puts "Remote Ciphers:"
puts ssl_socket.ssl_version
ssl_socket.close
# if we get this far, it worked
success << cipher.upcase
rescue OpenSSL::SSL::SSLError => e
# do nothing
end
end
puts "All the ones that worked:"
puts success
require 'openssl'
# returns an array, I am just printing here
# you could filter, map or transform
# this relies heavily on the native openssl installation of the host or image
# so really, this is a Ruby interface to OpenSSL
ciphers = OpenSSL::Cipher.ciphers
puts ciphers
puts "We seem to have #{ciphers.length} ciphers available."
2条答案
按热度按时间kt06eoxx1#
我的第一个答案是错误的,因为我误解了问题。我相信这将做你想要的,如果不是一个好的起点。* 我没有对它进行清理或重构。*
我会把这个和你知道答案的主机进行比较。
yuvru6vn2#
这个答案是不正确的,因为我读错了,但在我的编辑使用
openssl gem附带了Ruby标准库。这里有一个例子,说明如何在不安装Ruby以外的任何东西的情况下获得你想要的东西。