def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self._rules.update({
"cipher.bits": [
lambda bits: 6 if bits == 0 else None,
lambda bits: 5 if bits < 128 else None,
lambda bits: 3 if bits < 256 else None,
lambda bits: 0 if bits >= 256 else None
],
"cipher.method": [
lambda method: 6 if method == SSL.SSLv2_METHOD else None,
lambda method: 1 if method == SSL.TLSv1_2_METHOD else None
],
"server.certificate.x509.signature_algorithm": [
lambda algorithm: 6 if algorithm.startswith("md2") else None,
lambda algorithm: 6 if algorithm.startswith("md5") else None,
],
"server.certificate.x509.not_after": [
lambda date: 6 if date < datetime.now() else None
],
"server.certificate.x509.not_before": [
lambda date: 6 if date > datetime.now() else None
],
"server.renegotiation.secure": [
lambda status: 6 if status == False else None,
lambda status: 1 if status == True else None
]
})
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self.add_rule(
RatingRule(
"cipher.bits",
rules=[
lambda v, i, kb: 6 if v == 0 else None,
lambda v, i, kb: 5 if v < 128 else None,
lambda v, i, kb: 2 if v < 256 else None,
lambda v, i, kb: 1 if v >= 256 else None
]
)
)
self.add_rule(
RatingRule(
"cipher.protocol_version",
rules=[
lambda v, i, kb: 6 if v == reg.version.SSLv2 else None,
lambda v, i, kb: 1 if v == reg.version.TLSv12 else None,
]
)
)
self.add_rule(
RatingRule(
"server.renegotiation.secure",
rules=[
lambda v, i, kb: 6 if v == False else None,
lambda v, i, kb: 1 if v == True else None
]
)
)
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self.add_rule(
RatingRule("cipher.bits",
rules=[
lambda v, i, kb: 6
if v == 0 else None, lambda v, i, kb: 5
if v < 128 else None, lambda v, i, kb: 2
if v < 256 else None, lambda v, i, kb: 1
if v >= 256 else None
]))
self.add_rule(
RatingRule("cipher.protocol_version",
rules=[
lambda v, i, kb: 6
if v == reg.version.SSLv2 else None,
lambda v, i, kb: 1
if v == reg.version.TLSv12 else None,
]))
self.add_rule(
RatingRule("server.renegotiation.secure",
rules=[
lambda v, i, kb: 6
if v == False else None, lambda v, i, kb: 1
if v == True else None
]))
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self._rules.update({
"cipher.bits": [
lambda bits: 6 if bits == 0 else None, lambda bits: 5
if bits < 128 else None, lambda bits: 3
if bits < 256 else None, lambda bits: 0
if bits >= 256 else None
],
"cipher.method": [
lambda method: 6
if method == SSL.SSLv2_METHOD else None, lambda method: 1
if method == SSL.TLSv1_2_METHOD else None
],
"server.certificate.x509.signature_algorithm": [
lambda algorithm: 6 if algorithm.startswith("md2") else None,
lambda algorithm: 6 if algorithm.startswith("md5") else None,
],
"server.certificate.x509.not_after":
[lambda date: 6 if date < datetime.now() else None],
"server.certificate.x509.not_before":
[lambda date: 6 if date > datetime.now() else None],
"server.renegotiation.secure": [
lambda status: 6 if status == False else None, lambda status: 1
if status == True else None
]
})
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self.add_rule(
RatingRule("cipher.bits",
rules=[
lambda v, i, kb: 6
if v == 0 else None, lambda v, i, kb: 5
if v < 128 else None, lambda v, i, kb: 3
if v < 256 else None, lambda v, i, kb: 0
if v >= 256 else None
]))
self.add_rule(
RatingRule(
"cipher.protocol_version",
result_descriptions={
"poodle": "",
"sslv2":
"SSLv2 is insecure and has been superseeded by SSLv3",
},
result_refs={
"poodle": ["cve:CVE-2014-3566"],
},
rules=[
lambda v, i, kb: (6, "sslv2")
if v == reg.version.SSLv2 else None,
lambda v, i, kb: (5, "poodle")
if v == reg.version.SSLv3 else None,
lambda v, i, kb: 1 if v == reg.version.TLSv12 else None,
]))
self.add_rule(
RatingRule("server.certificate.x509.signature_algorithm",
rules=[
lambda v, i, kb: 6 if v.startswith("md2") else None,
lambda v, i, kb: 6 if v.startswith("md5") else None,
]))
self.add_rule(
RatingRule(
"server.certificate.x509.not_after",
rules=[lambda v, i, kb: 6 if v < datetime.now() else None],
))
self.add_rule(
RatingRule(
"server.certificate.x509.not_before",
rules=[lambda v, i, kb: 6 if v > datetime.now() else None],
))
self.add_rule(
RatingRule("server.renegotiation.secure",
rules=[
lambda v, i, kb: 6
if v == False else None, lambda v, i, kb: 1
if v == True else None
]))
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self.add_rule(
RatingRule("cipher.bits",
rules=[
lambda v, i, kb: 6
if v == 0 else None, lambda v, i, kb: 5
if v < 128 else None, lambda v, i, kb: 3
if v < 256 else None, lambda v, i, kb: 0
if v >= 256 else None
]))
self.add_rule(
RatingRule("cipher.protocol_version",
rules=[
lambda v, i, kb: 6
if v == reg.version.SSLv2 else None,
lambda v, i, kb: 1
if v == reg.version.TLSv12 else None,
]))
self.add_rule(
RatingRule("server.certificate.x509.signature_algorithm",
rules=[
lambda v, i, kb: 6 if v.startswith("md2") else None,
lambda v, i, kb: 6 if v.startswith("md5") else None,
]))
self.add_rule(
RatingRule(
"server.certificate.x509.not_after",
rules=[lambda v, i, kb: 6 if v < datetime.now() else None],
))
self.add_rule(
RatingRule(
"server.certificate.x509.not_before",
rules=[lambda v, i, kb: 6 if v > datetime.now() else None],
))
self.add_rule(
RatingRule("server.renegotiation.secure",
rules=[
lambda v, i, kb: 6
if v == False else None, lambda v, i, kb: 1
if v == True else None
]))
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self._rules.update({
"cipher.bits": [
lambda bits: 6 if bits == 0 else None,
lambda bits: 5 if bits < 128 else None,
lambda bits: 2 if bits < 256 else None,
lambda bits: 1 if bits >= 256 else None
],
"cipher.method": [
lambda method: 6 if method == SSL.SSLv2_METHOD else None,
lambda method: 1 if method == SSL.TLSv1_2_METHOD else None
],
"server.renegotiation.secure": [
lambda status: 6 if status == False else None,
lambda status: 1 if status == True else None
]
})
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self._rules.update({
"cipher.bits": [
lambda bits: 1 if bits > 56 else None, lambda bits: 3
if bits > 40 else None, lambda bits: 5
],
"cipher.method":
[lambda method: 6 if method == SSL.SSLv2_METHOD else None],
"cipher.name": [
lambda name: 5 if "EXP" in name else None, lambda name: 3
if "RC" in name else None, lambda name: 5
if "ADH" in name else None
],
"server.renegotiation.secure": [
lambda status: 6 if status == False else None, lambda status: 1
if status == True else None
]
})
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self.add_rule(
RatingRule(
"cipher.bits",
rules=[
lambda v, i, kb: 1 if v > 56 else None,
lambda v, i, kb: 3 if v > 40 else None,
lambda v, i, kb: 5
]
)
)
self.add_rule(
RatingRule(
"cipher.protocol_version",
rules=[
lambda v, i, kb: 6 if v == reg.version.SSLv2 else None,
]
)
)
self.add_rule(
RatingRule(
"cipher.name",
rules=[
lambda v, i, kb: 5 if "EXP" in v else None,
lambda v, i, kb: 3 if "RC" in v else None,
lambda v, i, kb: 5 if "ADH" in v else None
],
)
)
self.add_rule(
RatingRule(
"server.renegotiation.secure",
rules=[
lambda v, i, kb: 6 if v == False else None,
lambda v, i, kb: 1 if v == True else None
]
)
)
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self._rules.update({
"cipher.bits": [
lambda bits: 6 if bits == 0 else None, lambda bits: 5
if bits < 128 else None, lambda bits: 2
if bits < 256 else None, lambda bits: 1
if bits >= 256 else None
],
"cipher.method": [
lambda method: 6
if method == SSL.SSLv2_METHOD else None, lambda method: 1
if method == SSL.TLSv1_2_METHOD else None
],
"server.renegotiation.secure": [
lambda status: 6 if status == False else None, lambda status: 1
if status == True else None
]
})
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self._rules.update({
"cipher.bits": [
lambda bits: 1 if bits > 56 else None,
lambda bits: 3 if bits > 40 else None,
lambda bits: 5
],
"cipher.method": [
lambda method: 6 if method == SSL.SSLv2_METHOD else None
],
"cipher.name": [
lambda name: 5 if "EXP" in name else None,
lambda name: 3 if "RC" in name else None,
lambda name: 5 if "ADH" in name else None
],
"server.renegotiation.secure": [
lambda status: 6 if status == False else None,
lambda status: 1 if status == True else None
]
})
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self.add_rule(
RatingRule("cipher.bits",
rules=[
lambda v, i, kb: 1
if v > 56 else None, lambda v, i, kb: 3
if v > 40 else None, lambda v, i, kb: 5
]))
self.add_rule(
RatingRule("cipher.protocol_version",
rules=[
lambda v, i, kb: 6
if v == reg.version.SSLv2 else None,
]))
self.add_rule(
RatingRule(
"cipher.name",
rules=[
lambda v, i, kb: 5
if "EXP" in v else None, lambda v, i, kb: 3
if "RC" in v else None, lambda v, i, kb: 5
if "ADH" in v else None
],
))
self.add_rule(
RatingRule("server.renegotiation.secure",
rules=[
lambda v, i, kb: 6
if v == False else None, lambda v, i, kb: 1
if v == True else None
]))
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self.add_rule(
RatingRule(
"cipher.bits",
rules=[
lambda v, i, kb: 6 if v == 0 else None,
lambda v, i, kb: 5 if v < 128 else None,
lambda v, i, kb: 3 if v < 256 else None,
lambda v, i, kb: 0 if v >= 256 else None
]
)
)
self.add_rule(
RatingRule(
"cipher.protocol_version",
result_descriptions={
"poodle": "",
"sslv2": "SSLv2 is insecure and has been superseeded by SSLv3",
},
result_refs={
"poodle": ["cve:CVE-2014-3566"],
},
rules=[
lambda v, i, kb: (6, "sslv2") if v == reg.version.SSLv2 else None,
lambda v, i, kb: (5, "poodle") if v == reg.version.SSLv3 else None,
lambda v, i, kb: 1 if v == reg.version.TLSv12 else None,
]
)
)
self.add_rule(
RatingRule(
"server.certificate.x509.signature_algorithm",
rules=[
lambda v, i, kb: 6 if v.startswith("md2") else None,
lambda v, i, kb: 6 if v.startswith("md5") else None,
]
)
)
self.add_rule(
RatingRule(
"server.certificate.x509.not_after",
rules=[
lambda v, i, kb: 6 if v < datetime.now() else None
],
)
)
self.add_rule(
RatingRule(
"server.certificate.x509.not_before",
rules=[
lambda v, i, kb: 6 if v > datetime.now() else None
],
)
)
self.add_rule(
RatingRule(
"server.renegotiation.secure",
rules=[
lambda v, i, kb: 6 if v == False else None,
lambda v, i, kb: 1 if v == True else None
]
)
)
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self.add_rule(
RatingRule(
"cipher.bits",
rules=[
lambda v, i, kb: 6 if v == 0 else None,
lambda v, i, kb: 5 if v < 128 else None,
lambda v, i, kb: 3 if v < 256 else None,
lambda v, i, kb: 0 if v >= 256 else None
]
)
)
self.add_rule(
RatingRule(
"cipher.protocol_version",
rules=[
lambda v, i, kb: 6 if v == reg.version.SSLv2 else None,
lambda v, i, kb: 1 if v == reg.version.TLSv12 else None,
]
)
)
self.add_rule(
RatingRule(
"server.certificate.x509.signature_algorithm",
rules=[
lambda v, i, kb: 6 if v.startswith("md2") else None,
lambda v, i, kb: 6 if v.startswith("md5") else None,
]
)
)
self.add_rule(
RatingRule(
"server.certificate.x509.not_after",
rules=[
lambda v, i, kb: 6 if v < datetime.now() else None
],
)
)
self.add_rule(
RatingRule(
"server.certificate.x509.not_before",
rules=[
lambda v, i, kb: 6 if v > datetime.now() else None
],
)
)
self.add_rule(
RatingRule(
"server.renegotiation.secure",
rules=[
lambda v, i, kb: 6 if v == False else None,
lambda v, i, kb: 1 if v == True else None
]
)
)
