#!/usr/bin/perl
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
use CGI qw(:standard);
# Replace this will the full path to the sslstrength executable.
$sslstrength = "./sslstrength";
# Replace this with the name of this CGI.
$sslcgi = "sslstr.cgi";
$query = new CGI;
print header;
print "
\n";
print "SSLStrength\n";
print "\n";
print "SSLStrength
\n";
if ($query->param('dotest')) {
print "Output from sslstrength: \n";
print "\n";
$cs = "";
@ssl2ciphers = $query->param('ssl2ciphers');
for $cipher (@ssl2ciphers) {
if ($cipher eq "SSL_EN_RC2_128_WITH_MD5") { $cs .= "a"; }
if ($cipher eq "SSL_EN_RC2_128_CBC_WITH_MD5") { $cs .= "b"; }
if ($cipher eq "SSL_EN_DES_192_EDE3_CBC_WITH_MD5") { $cs .= "c"; }
if ($cipher eq "SSL_EN_DES_64_CBC_WITH_MD5") { $cs .= "d"; }
if ($cipher eq "SSL_EN_RC4_128_EXPORT40_WITH_MD5") { $cs .= "e"; }
if ($cipher eq "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5") { $cs .= "f"; }
}
@ssl3ciphers = $query->param('ssl3ciphers');
for $cipher (@ssl3ciphers) {
if ($cipher eq "SSL_RSA_WITH_RC4_128_MD5") { $cs .= "i"; }
if ($cipher eq "SSL_RSA_WITH_3DES_EDE_CBC_SHA") { $cs .= "j"; }
if ($cipher eq "SSL_RSA_WITH_DES_CBC_SHA") { $cs .= "k"; }
if ($cipher eq "SSL_RSA_EXPORT_WITH_RC4_40_MD5") { $cs .= "l"; }
if ($cipher eq "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5") { $cs .= "m"; }
if ($cipher eq "SSL_RSA_WITH_NULL_MD5") { $cs .= "o"; }
if ($cipher eq "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA") { $cs .= "p"; }
if ($cipher eq "SSL_RSA_FIPS_WITH_DES_CBC_SHA") { $cs .= "q"; }
}
$hs = $query->param('host');
if ($hs eq "") {
print "You must specify a host to connect to.
\n";
exit(0);
}
$ps = $query->param('policy');
$cmdstring = "$sslstrength $hs policy=$ps ciphers=$cs";
print "running sslstrength:\n";
print "$cmdstring\n";
$r = open(SSLS, "$cmdstring |");
if ($r == 0) {
print "There was a problem starting $cmdstring
\n";
exit(0);
}
while () {
print "$_";
}
close(SSLS);
print "
\n";
}
else {
print "
\n";
}
exit(0);
__END__
id CipherName Domestic Export
a SSL_EN_RC4_128_WITH_MD5 (ssl2) Yes No
b SSL_EN_RC2_128_CBC_WITH_MD5 (ssl2) Yes No
c SSL_EN_DES_192_EDE3_CBC_WITH_MD5 (ssl2) Yes No
d SSL_EN_DES_64_CBC_WITH_MD5 (ssl2) Yes No
e SSL_EN_RC4_128_EXPORT40_WITH_MD5 (ssl2) Yes Yes
f SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2) Yes Yes
i SSL_RSA_WITH_RC4_128_MD5 (ssl3) Yes Step-up only
j SSL_RSA_WITH_3DES_EDE_CBC_SHA (ssl3) Yes Step-up only
k SSL_RSA_WITH_DES_CBC_SHA (ssl3) Yes No
l SSL_RSA_EXPORT_WITH_RC4_40_MD5 (ssl3) Yes Yes
m SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (ssl3) Yes Yes
o SSL_RSA_WITH_NULL_MD5 (ssl3) Yes Yes