|
// ruby -v => ruby 1.9.3p448 (2013-06-27 revision 41675) [x86_64-darwin13.0.0] |
|
|
|
{ |
|
"given_cipher_suites": [ |
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", |
|
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", |
|
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", |
|
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", |
|
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", |
|
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", |
|
"TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", |
|
"TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", |
|
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", |
|
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", |
|
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", |
|
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA", |
|
"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", |
|
"TLS_ECDH_anon_WITH_AES_256_CBC_SHA", |
|
"TLS_SRP_SHA_WITH_AES_256_CBC_SHA", |
|
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", |
|
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", |
|
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", |
|
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", |
|
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", |
|
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", |
|
"TLS_RSA_WITH_AES_256_GCM_SHA384", |
|
"TLS_RSA_WITH_AES_256_CBC_SHA256", |
|
"TLS_RSA_WITH_AES_256_CBC_SHA", |
|
"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", |
|
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_RSA_WITH_3DES_EDE_CBC_SHA", |
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", |
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", |
|
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", |
|
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", |
|
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", |
|
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", |
|
"TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", |
|
"TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", |
|
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", |
|
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", |
|
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", |
|
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA", |
|
"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", |
|
"TLS_ECDH_anon_WITH_AES_128_CBC_SHA", |
|
"TLS_SRP_SHA_WITH_AES_128_CBC_SHA", |
|
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", |
|
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", |
|
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", |
|
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", |
|
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", |
|
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", |
|
"TLS_RSA_WITH_AES_128_GCM_SHA256", |
|
"TLS_RSA_WITH_AES_128_CBC_SHA256", |
|
"TLS_RSA_WITH_AES_128_CBC_SHA", |
|
"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", |
|
"TLS_DHE_RSA_WITH_SEED_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_SEED_CBC_SHA", |
|
"TLS_RSA_WITH_SEED_CBC_SHA", |
|
"TLS_RSA_WITH_IDEA_CBC_SHA", |
|
"TLS_ECDHE_RSA_WITH_RC4_128_SHA", |
|
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", |
|
"TLS_ECDH_anon_WITH_RC4_128_SHA", |
|
"TLS_ECDH_RSA_WITH_RC4_128_SHA", |
|
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA", |
|
"TLS_RSA_WITH_RC4_128_SHA", |
|
"TLS_RSA_WITH_RC4_128_MD5", |
|
"TLS_DHE_RSA_WITH_DES_CBC_SHA", |
|
"TLS_DHE_DSS_WITH_DES_CBC_SHA", |
|
"TLS_RSA_WITH_DES_CBC_SHA", |
|
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV" |
|
], |
|
"ephemeral_keys_supported": true, |
|
"session_ticket_supported": true, |
|
"tls_compression_supported": true, |
|
"unknown_cipher_suite_supported": false, |
|
"beast_vuln": false, |
|
"insecure_cipher_suites": { |
|
"TLS_DHE_DSS_WITH_DES_CBC_SHA": [ |
|
"uses keys smaller than 128 bits in its encryption" |
|
], |
|
"TLS_DHE_RSA_WITH_DES_CBC_SHA": [ |
|
"uses keys smaller than 128 bits in its encryption" |
|
], |
|
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA": [ |
|
"is open to man-in-the-middle attacks because it does not authenticate the server" |
|
], |
|
"TLS_ECDH_anon_WITH_AES_128_CBC_SHA": [ |
|
"is open to man-in-the-middle attacks because it does not authenticate the server" |
|
], |
|
"TLS_ECDH_anon_WITH_AES_256_CBC_SHA": [ |
|
"is open to man-in-the-middle attacks because it does not authenticate the server" |
|
], |
|
"TLS_ECDH_anon_WITH_RC4_128_SHA": [ |
|
"is open to man-in-the-middle attacks because it does not authenticate the server" |
|
], |
|
"TLS_RSA_WITH_DES_CBC_SHA": [ |
|
"uses keys smaller than 128 bits in its encryption" |
|
], |
|
"TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA": [ |
|
"is open to man-in-the-middle attacks because it does not authenticate the server" |
|
], |
|
"TLS_SRP_SHA_WITH_AES_128_CBC_SHA": [ |
|
"is open to man-in-the-middle attacks because it does not authenticate the server" |
|
], |
|
"TLS_SRP_SHA_WITH_AES_256_CBC_SHA": [ |
|
"is open to man-in-the-middle attacks because it does not authenticate the server" |
|
] |
|
}, |
|
"tls_version": "TLS 1.2", |
|
"rating": "Bad" |
|
} |
This comment has been minimized.
kapishmalik commentedDec 13, 2017
U r using Ruby 1.9.3 to run this sample program. OpenSSL of this version won't support ssl version to tlsv1_2. It's default is sslv23. How net/http is able to connect via tlsv1_2. Could you please explain.