def get_cipher_suite_and_protocol(ssl_socket: ssl.SSLSocket):
"""
Gather the cipher suite and the protocol from the ssl_socket.
:param ssl_socket: secure socket
:return: negotiated cipher suite and the protocol
"""
cipher_suite = ssl_socket.cipher()[0]
if '-' in cipher_suite:
cipher_suite = convert_openssh_to_iana(cipher_suite)
return cipher_suite, ssl_socket.version()
def _update_results(self, context: ssl.SSLContext, ssock: ssl.SSLSocket,
success: bool):
self.results['ssl.success'] = success
cert = ssock.getpeercert() if success else None
self.results['ssl.con.cert'] = cert
self.results['ssl.con.cipher'], self.results[
'ssl.con.protocol'], self.results[
'ssl.con.secret_bits'] = ssock.cipher() or (None, None, None)
self.results['ssl.con.compression'] = ssock.compression() or None
self.results['ssl.con.alpn_protocol'] = ssock.selected_alpn_protocol(
) or None
self.results['ssl.con.npn_protocol'] = ssock.selected_npn_protocol(
) or None
self.results['ssl.con.ssl_version'] = ssock.version() or None
self.results['ssl.con.server_hostname'] = ssock.server_hostname or None
self.results[
'ssl.con.cert.matches_hostname'] = True if cert is not None and ssl.match_hostname(
cert, self.host) else False
