Created
April 19, 2022 15:57
-
-
Save IMSoP/e42409bac4a2891257bfa35fa34c4639 to your computer and use it in GitHub Desktop.
Check cipher suite policies against the SSLLabs User Agent support data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php declare(strict_types=1); | |
$sslLabsData = json_decode(file_get_contents('https://api.ssllabs.com/api/v3/getClients'), true); | |
$comparisonPolicies = []; | |
$comparisonPolicies['EC2 FS-1-2-Res-2020-10'] = [ | |
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', | |
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', | |
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', | |
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', | |
]; | |
$comparisonPolicies['EC2 FS-1-2-Res-2019-08'] = array_merge( | |
$comparisonPolicies['EC2 FS-1-2-Res-2020-10'], | |
[ | |
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', | |
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', | |
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', | |
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', | |
] | |
); | |
$comparisonPolicies['CloudFront TLSv1.2_2021'] = array_merge( | |
$comparisonPolicies['EC2 FS-1-2-Res-2020-10'], | |
[ | |
'TLS_AES_128_GCM_SHA256', | |
'TLS_AES_256_GCM_SHA384', | |
'TLS_CHACHA20_POLY1305_SHA256', | |
'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256', | |
'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256', | |
] | |
); | |
$comparisonPolicies['CloudFront TLSv1.2_2019'] = array_merge( | |
$comparisonPolicies['CloudFront TLSv1.2_2021'], | |
[ | |
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', | |
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384', | |
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', | |
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', | |
] | |
); | |
$comparisonPolicies['Tenable Recommendation'] = array_merge( | |
$comparisonPolicies['CloudFront TLSv1.2_2021'], | |
[ | |
'TLS_RSA_WITH_AES_128_GCM_SHA256', | |
'TLS_RSA_WITH_AES_256_GCM_SHA384', | |
] | |
); | |
echo 'User Agent,Version,', implode(',', array_keys($comparisonPolicies)), "\n"; | |
foreach ( $sslLabsData as $userAgent ) { | |
// The "@@@" is a hack to stop Excel trying to be helpful and interpret "8-10" as a date | |
// Use find-and-replace in Excel to replace with ' and it will force text format | |
// I'm sure there's a better way, but I don't care right now | |
echo "{$userAgent['name']},@@@{$userAgent['version']}"; | |
$uaSuiteNames = array_combine($userAgent['suiteNames'], $userAgent['suiteNames']); | |
foreach ($comparisonPolicies as $policyName => $policySuiteNames) { | |
$policyMatched = false; | |
foreach ( $policySuiteNames as $policySuiteName ) { | |
if ( isset($uaSuiteNames[$policySuiteName]) ) { | |
$policyMatched = true; | |
break; | |
} | |
} | |
echo ',', $policyMatched ? 'Yes' : 'No'; | |
} | |
echo "\n"; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment