class SSL
Custom resource based on the InSpec resource DSL
def initialize(opts = {})
def initialize(opts = {}) @host = opts[:host] || inspec.backend.instance_variable_get(:@hostname) # FIXME: This can be removed when/if @hostname is available as a property for 'Train::Transports::WinRM::Connection' # Train enhancement request for this here: https://github.com/chef/train/issues/128 if @host.nil? && inspec.backend.class.to_s == 'Train::Transports::WinRM::Connection' @host = URI.parse(inspec.backend.instance_variable_get(:@options)[:endpoint]).hostname end if @host.nil? && inspec.backend.class.to_s == 'Train::Transports::Local::Connection' @host = 'localhost' end if @host.nil? fail 'Cannot determine host for SSL test. Please specify it or use a different target.' end @port = opts[:port] || 443 @timeout = opts[:timeout] @retries = opts[:retries] end
def scan_config
def scan_config [ { 'protocol' => 'ssl2', 'ciphers' => SSLShake::SSLv2::CIPHERS.keys }, { 'protocol' => 'ssl3', 'ciphers' => SSLShake::TLS::SSL3_CIPHERS.keys }, { 'protocol' => 'tls1.0', 'ciphers' => SSLShake::TLS::TLS10_CIPHERS.keys }, { 'protocol' => 'tls1.1', 'ciphers' => SSLShake::TLS::TLS10_CIPHERS.keys }, { 'protocol' => 'tls1.2', 'ciphers' => SSLShake::TLS::TLS_CIPHERS.keys }, ].map do |line| line['ciphers'].map do |cipher| { 'protocol' => line['protocol'], 'cipher' => cipher } end end.flatten end
def to_s
def to_s "SSL/TLS on #{@host}:#{@port}" end