def get_cipher_suite_and_protocol(ssl_socket: ssl.SSLSocket): """ Gather the cipher suite and the protocol from the ssl_socket. :param ssl_socket: secure socket :return: negotiated cipher suite and the protocol """ cipher_suite = ssl_socket.cipher()[0] if '-' in cipher_suite: cipher_suite = convert_openssh_to_iana(cipher_suite) return cipher_suite, ssl_socket.version()
def _update_results(self, context: ssl.SSLContext, ssock: ssl.SSLSocket, success: bool): self.results['ssl.success'] = success cert = ssock.getpeercert() if success else None self.results['ssl.con.cert'] = cert self.results['ssl.con.cipher'], self.results[ 'ssl.con.protocol'], self.results[ 'ssl.con.secret_bits'] = ssock.cipher() or (None, None, None) self.results['ssl.con.compression'] = ssock.compression() or None self.results['ssl.con.alpn_protocol'] = ssock.selected_alpn_protocol( ) or None self.results['ssl.con.npn_protocol'] = ssock.selected_npn_protocol( ) or None self.results['ssl.con.ssl_version'] = ssock.version() or None self.results['ssl.con.server_hostname'] = ssock.server_hostname or None self.results[ 'ssl.con.cert.matches_hostname'] = True if cert is not None and ssl.match_hostname( cert, self.host) else False