最快的方法来确定SSL服务器支持的最差/最佳协议,最弱/最强的密码?

时间:2014-06-03 15:56:30

标签: python ssl encryption protocols

我正在编写Nagios插件,根据Qualys服务器评级指南计算SSL分数:https://www.ssllabs.com/projects/rating-guide/

要做到这一点,我需要找出哪个是服务器支持的最差/最佳协议和最弱/最强的密码。

这是我使用sslyze的代码:

from plugins import PluginOpenSSLCipherSuites
from nassl import SSLV2, SSLV3, TLSV1, TLSV1_1, TLSV1_2


shared_settings = {'certinfo': 'basic', 'starttls': None, 'resum': True, 'resum_rate': None, 'http_get': True, 'xml_file': '/tmp/example.com_443.xml', 'compression': True, 'tlsv1': True, 'targets_in': None, 'keyform': 1, 'hsts': None, 'sslv3': True, 'sslv2': True, 'https_tunnel': None, 'nb_retries': 4, 'heartbleed': True, 'sni': None, 'https_tunnel_host': None, 'regular': False, 'key': None, 'reneg': True, 'tlsv1_2': True, 'tlsv1_1': True, 'hide_rejected_ciphers': True, 'keypass': '', 'cert': None, 'certform': 1, 'timeout': 5, 'xmpp_to': None}

target = ('example.com', '1.2.3.4', 443, TLSV1_2)

cipher_plugin = PluginOpenSSLCipherSuites.PluginOpenSSLCipherSuites()
cipher_plugin._shared_settings = shared_settings

protocols = ['sslv2', 'sslv3', 'tlsv1', 'tlsv1_1', 'tlsv1_2']
for p in protocols:
    cipher_result = cipher_plugin.process_task(target, p, None)
    cipher_result = cipher_plugin.process_task

    if any('Accepted' in c for c in cipher_result.get_txt_result()):
        worst_protocol = p
        break

for p in reversed(protocols):
    cipher_result = cipher_plugin.process_task(target, p, None)
    if any('Accepted' in c for c in cipher_result.get_txt_result()):
        best_protocol = p
        break

print(worst_protocol)
print(best_protocol)

ciphers = []
for protocol in ('sslv2', 'sslv3', 'tlsv1', 'tlsv1_1', 'tlsv1_2'):
    cipher_result = cipher_plugin.process_task(target, protocol, None)
    for e in cipher_result.get_txt_result():
        if 'bits' in e:
            ciphers.append(e.split()[1])

print(sorted(ciphers)[0])
print(sorted(ciphers)[-1])

但由于有一些循环,因此需要一些时间才能完成。

使用以下代码,执行时间从~50s减少到~40s。还有什么我可以转向让它跑得更快吗?

protocols = ['sslv2', 'sslv3', 'tlsv1', 'tlsv1_1', 'tlsv1_2']

ciphers = []

for p in protocols[:]:
    cipher_result = cipher_plugin.process_task(target, p, None)

    for c in cipher_result.get_txt_result():
        if 'rejected' in c:
            protocols.remove(p)
        if 'bits' in c:
            ciphers.append(c.split()[1])

worst_protocol = protocols[0]
best_protocol = protocols[-1]

weakest_cipher_strength = min(ciphers)
strongest_cipher_strength = max(ciphers)

0 个答案:

没有答案
相关问题
最新问题