def scan_jobs_for_scan_command(
cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArgument] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError("This plugin does not take extra arguments")
if server_info.network_configuration.tls_opportunistic_encryption:
raise ScanCommandWrongUsageError("Cannot scan for HTTP headers against a non-HTTP server.")
return [ScanJob(function_to_call=_retrieve_and_analyze_http_response, function_arguments=[server_info])]
def scan_jobs_for_scan_command(
cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError("This plugin does not take extra arguments")
return [ScanJob(function_to_call=_test_early_data_support, function_arguments=[server_info])]
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
# Run one job per cipher suite to test for
all_cipher_suites_to_test = CipherSuitesRepository.get_all_cipher_suites(
cls._tls_version)
scan_jobs = [
ScanJob(
function_to_call=connect_with_cipher_suite,
function_arguments=[
server_info, cls._tls_version, cipher_suite
],
) for cipher_suite in all_cipher_suites_to_test
]
# Run an additional job to find the preferred cipher suite
scan_jobs.append(
ScanJob(function_to_call=get_preferred_cipher_suite,
function_arguments=[server_info, cls._tls_version]))
return scan_jobs
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
return _create_resume_with_session_id_scan_jobs(
server_info, cls._SESSION_ID_RESUMPTION_ATTEMPTS_NB)
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
# Run the test three times to ensure the results are consistent
return [
ScanJob(function_to_call=test_robot,
function_arguments=[server_info])
for _ in range(cls._TEST_ATTEMPTS_NB)
]
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArgument] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
return [
ScanJob(function_to_call=_test_secure_renegotiation,
function_arguments=[server_info]),
ScanJob(function_to_call=_test_client_renegotiation,
function_arguments=[server_info]),
]
def scan_jobs_for_scan_command(
cls, server_info: ServerConnectivityInfo, extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError("This plugin does not take extra arguments")
if not server_info.tls_probing_result.supports_ecdh_key_exchange:
# Nothing to test: the server doesn't support EC key exchange
return [ScanJob(function_to_call=_raise_elliptic_curve_not_supported, function_arguments=[])]
# List of curves are in https://tools.ietf.org/html/rfc4492#section-5.1.1 and
# https://tools.ietf.org/html/rfc8446#section-4.2.7
return [
ScanJob(function_to_call=_test_curve, function_arguments=[server_info, curve_nid])
for curve_nid in OpenSslEcNidEnum
]
def scan_jobs_for_scan_command(
cls,
server_info: ServerConnectivityInfo,
extra_arguments: Optional[ScanCommandExtraArguments] = None
) -> List[ScanJob]:
if extra_arguments:
raise ScanCommandWrongUsageError(
"This plugin does not take extra arguments")
# Try with TLS 1.2 even if the server supports TLS 1.3 or higher as there is no reneg with TLS 1.3
if server_info.tls_probing_result.highest_tls_version_supported.value >= TlsVersionEnum.TLS_1_3.value:
tls_version_to_use = TlsVersionEnum.TLS_1_2
else:
tls_version_to_use = server_info.tls_probing_result.highest_tls_version_supported
return [
ScanJob(function_to_call=_test_secure_renegotiation,
function_arguments=[server_info, tls_version_to_use]),
ScanJob(function_to_call=_test_client_renegotiation,
function_arguments=[server_info, tls_version_to_use]),
]