ruby-sslyze 0.1.0

data/lib/sslyze/certificate/issuer.rb

@@ -0,0 +1,56 @@
+module SSLyze
+  class Certificate
+    #
+    # Represents the `<issuer>` XML element.
+    #
+    class Issuer
+
+      #
+      # Initializes the issuer.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The `<issuer>` element.
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # Country name.
+      #
+      # @return [String]
+      #
+      def country_name
+        @country_name || @node.at('countryName').inner_text
+      end
+
+      #
+      # Common name.
+      #
+      # @return [String]
+      #
+      def common_name
+        @common_name ||= @node.at('commonName').inner_text
+      end
+
+      #
+      # Organizational unit name.
+      #
+      # @return [String]
+      #
+      def organizational_unit_name
+        @organizational_unit_name ||= @node.at('organizationalUnitName').inner_text
+      end
+
+      #
+      # Organization name.
+      #
+      # @return [String]
+      #
+      def organization_name
+        @organization_name ||= @node.at('organizationName').inner_text
+      end
+
+    end
+  end
+end

data/lib/sslyze/certificate/public_key.rb

@@ -0,0 +1,9 @@
+module SSLyze
+  class Certificate
+    #
+    # Represents the `<publicKey>` XML element.
+    #
+    class PublicKey < Struct.new(:modulus, :exponent)
+    end
+  end
+end

data/lib/sslyze/certificate/subject.rb

@@ -0,0 +1,117 @@
+require 'sslyze/certificate/domain_name'
+
+module SSLyze
+  class Certificate
+    #
+    # Represents the `<subject>` XML element.
+    #
+    class Subject
+
+      #
+      # Initializes the subject.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The `<subject>` XML element.
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # Organizational unit name.
+      #
+      # @return [String]
+      #
+      def organizational_unit_name
+        @organizational_unit_name ||= @node.at('organizationalUnitName').inner_text
+      end
+
+      #
+      # Organization name.
+      #
+      # @return [String]
+      #
+      def organization_name
+        @organization_name ||= @node.at('organizationName').inner_text
+      end
+
+      #
+      # Business category.
+      # 
+      # @return [String]
+      #
+      def business_category
+        @business_category ||= @node.at('businessCategory').inner_text
+      end
+
+      #
+      # Serial number.
+      #
+      # @return [Integer]
+      #
+      def serial_number
+        @serial_number ||= @node.at('serialNumber').inner_text.to_i
+      end
+
+      #
+      # Common name.
+      #
+      # @return [DomainName]
+      #
+      def common_name
+        @common_name ||= if (common_name = @node.at('commonName'))
+                           DomainName.new(common_name.inner_text)
+                         end
+      end
+
+      #
+      # State/province name.
+      #
+      # @return [String]
+      #
+      def state_or_province_name
+        @state_or_province_name ||= @node.at('stateOrProvinceName').inner_text
+      end
+
+      #
+      # Country name.
+      #
+      # @return [String]
+      #
+      def country_name
+        @country_name ||= @node.at('countryName').inner_text
+      end
+
+      #
+      # Street address.
+      #
+      # @return [String]
+      #
+      def street_address
+        @street_address ||= @node.at('streetAddress').inner_text
+      end
+
+      # TODO: oid-1.3.6.1.4.1.311.60.2.1.2
+      # TODO: oid-1.3.6.1.4.1.311.60.2.1.3
+
+      #
+      # Locality name.
+      #
+      # @return [String]
+      #
+      def locality_name
+        @locality_name ||= @node.at('localityName').inner_text
+      end
+
+      #
+      # Postal code.
+      #
+      # @return [String]
+      #
+      def postal_code
+        @postal_code ||= @node.at('postalCode').inner_text
+      end
+
+    end
+  end
+end

data/lib/sslyze/certificate/subject_public_key_info.rb

@@ -0,0 +1,53 @@
+require 'sslyze/certificate/public_key'
+
+module SSLyze
+  class Certificate
+    #
+    # Represents the `<subjectPublicKeyInfo>` XML element.
+    #
+    class SubjectPublicKeyInfo
+
+      #
+      # Initializes the subject public key info.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The `<subjectPublicKeyInfo>` XML element.
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # Public key info.
+      #
+      # @return [PublicKey]
+      #
+      def public_key
+        @public_key ||= PublicKey.new(
+          @node.at('publicKey/modulus').inner_text,
+          @node.at('publicKey/exponent').inner_text.to_i
+        )
+      end
+
+      #
+      # Public key algorithm.
+      #
+      # @return [String]
+      #
+      def public_key_algorithm
+        @public_key_algorithm ||= @node.at('publicKeyAlgorithm').inner_text
+      end
+
+      #
+      # Public key size.
+      #
+      # @return [Integer]
+      #   The key size in bits.
+      #
+      def public_key_size
+        @public_key_size ||= @node.at('publicKeySize').inner_text.chomp(' bits').to_i
+      end
+
+    end
+  end
+end

data/lib/sslyze/certificate/validity.rb

@@ -0,0 +1,9 @@
+module SSLyze
+  class Certificate
+    #
+    # Represents the `<validity>` XML element.
+    #
+    class Validity < Struct.new(:not_after, :not_before)
+    end
+  end
+end

data/lib/sslyze/certificate_chain.rb

@@ -0,0 +1,89 @@
+require 'sslyze/certificate'
+
+module SSLyze
+  #
+  # Represents the `<certificateChain>` XML element.
+  #
+  class CertificateChain
+
+    include Enumerable
+
+    #
+    # Initializes the certificate chain.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<certificateChain>` XML element.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # Enumerates over each certificate in the chain.
+    #
+    # @yield [certificate]
+    # 
+    # @yieldparam [Certificate] certificate
+    #
+    # @return [Enumerator]
+    #
+    def each
+      return enum_for(__method__) unless block_given?
+
+      @node.search('certificate').each do |certificate|
+        yield Certificate.new(certificate)
+      end
+    end
+
+    #
+    # The leaf certificate in the chain.
+    #
+    # @return [Certificate, nil]
+    #
+    def leaf
+      @leaf ||= if (certificate = @node.at('certificate[@position="leaf"]'))
+                  Certificate.new(certificate)
+                end
+    end
+
+    #
+    # Enumerates over the intermediate certificates in the chain.
+    #
+    # @yield [certificate]
+    #
+    # @yieldparam [Certificate] certificate
+    #
+    # @return [Enumerator]
+    #
+    def each_intermediate
+      return enum_for(__method__) unless block_given?
+
+      @node.search('certificate[@position="intermediate"]').each do |certificate|
+        yield Certificate.new(certificate)
+      end
+    end
+
+    #
+    # The intermediate certificates.
+    #
+    # @return [Array<Certificate>]
+    #
+    # @see #each_intermediate
+    #
+    def intermediate
+      each_intermediate.to_a
+    end
+
+    #
+    # The root certificate.
+    #
+    # @return [Certificate, nil]
+    #
+    def root
+      if (certificate = @node.at('certificate[@position="intermediate"]:last-child'))
+        Certificate.new(certificate)
+      end
+    end
+
+  end
+end

data/lib/sslyze/certificate_validation.rb

@@ -0,0 +1,44 @@
+require 'sslyze/types'
+
+module SSLyze
+  #
+  # Represents the `<certificateValidation>` XML element.
+  #
+  class CertificateValidation
+
+    include Types
+
+    #
+    # Initializes the certificate validation.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<certificateValidation>` XMl element.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # Specifies whether the hostname was validated.
+    #
+    # @return [Boolean]
+    #
+    def hostname?
+      Boolean[@node.at('hostnameValidation/@certificateMatchesServerHostname').value]
+    end
+
+    #
+    # Specifies whether the certificate path was validated against various
+    # certificate stores.
+    #
+    # @return [Hash{String => Boolean}]
+    #   The certificate store name and validation result.
+    #
+    def path
+      @path ||= Hash[@node.search('pathValidation').map { |path|
+        [path['usingTrustStore'], path['validationResult'] == 'ok']
+      }]
+    end
+
+  end
+end

data/lib/sslyze/cipher_suite.rb

@@ -0,0 +1,237 @@
+require 'sslyze/types'
+require 'sslyze/key_exchange'
+
+module SSLyze
+  #
+  # Represents the `<cipherSuite>` XML element.
+  #
+  class CipherSuite
+
+    include Types
+
+    # Mapping of OpenSSL cipher names to RFC cipher names
+    RFC_NAMES = {
+      "NULL-MD5" => "TLS_RSA_WITH_NULL_MD5",
+      "NULL-SHA" => "TLS_RSA_WITH_NULL_SHA",
+      "EXP-RC4-MD5" => "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
+      "RC4-MD5" => "TLS_RSA_WITH_RC4_128_MD5",
+      "RC4-SHA" => "TLS_RSA_WITH_RC4_128_SHA",
+      "EXP-RC2-CBC-MD5" => "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+      "IDEA-CBC-SHA" => "TLS_RSA_WITH_IDEA_CBC_SHA",
+      "EXP-DES-CBC-SHA" => "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
+      "DES-CBC-SHA" => "TLS_RSA_WITH_DES_CBC_SHA",
+      "DES-CBC3-SHA" => "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+      "EXP-DH-DSS-DES-CBC-SHA" => "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+      "DH-DSS-DES-CBC-SHA" => "TLS_DH_DSS_WITH_DES_CBC_SHA",
+      "DH-DSS-DES-CBC3-SHA" => "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+      "EXP-DH-RSA-DES-CBC-SHA" => "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+      "DH-RSA-DES-CBC-SHA" => "TLS_DH_RSA_WITH_DES_CBC_SHA",
+      "DH-RSA-DES-CBC3-SHA" => "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+      "EXP-EDH-DSS-DES-CBC-SHA" => "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+      "EDH-DSS-DES-CBC-SHA" => "TLS_DHE_DSS_WITH_DES_CBC_SHA",
+      "EDH-DSS-DES-CBC3-SHA" => "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+      "EXP-EDH-RSA-DES-CBC-SHA" => "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+      "EDH-RSA-DES-CBC-SHA" => "TLS_DHE_RSA_WITH_DES_CBC_SHA",
+      "EDH-RSA-DES-CBC3-SHA" => "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+      "EXP-ADH-RC4-MD5" => "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
+      "ADH-RC4-MD5" => "TLS_DH_anon_WITH_RC4_128_MD5",
+      "EXP-ADH-DES-CBC-SHA" => "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+      "ADH-DES-CBC-SHA" => "TLS_DH_anon_WITH_DES_CBC_SHA",
+      "ADH-DES-CBC3-SHA" => "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+      "KRB5-DES-CBC-SHA" => "TLS_KRB5_WITH_DES_CBC_SHA",
+      "KRB5-DES-CBC3-SHA" => "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+      "KRB5-RC4-SHA" => "TLS_KRB5_WITH_RC4_128_SHA",
+      "KRB5-IDEA-CBC-SHA" => "TLS_KRB5_WITH_IDEA_CBC_SHA",
+      "KRB5-DES-CBC-MD5" => "TLS_KRB5_WITH_DES_CBC_MD5",
+      "KRB5-DES-CBC3-MD5" => "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+      "KRB5-RC4-MD5" => "TLS_KRB5_WITH_RC4_128_MD5",
+      "KRB5-IDEA-CBC-MD5" => "TLS_KRB5_WITH_IDEA_CBC_MD5",
+      "EXP-KRB5-DES-CBC-SHA" => "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+      "EXP-KRB5-RC2-CBC-SHA" => "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
+      "EXP-KRB5-RC4-SHA" => "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+      "EXP-KRB5-DES-CBC-MD5" => "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+      "EXP-KRB5-RC2-CBC-MD5" => "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
+      "EXP-KRB5-RC4-MD5" => "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
+      "AES128-SHA" => "TLS_RSA_WITH_AES_128_CBC_SHA",
+      "DH-DSS-AES128-SHA" => "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+      "DH-RSA-AES128-SHA" => "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+      "DHE-DSS-AES128-SHA" => "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+      "DHE-RSA-AES128-SHA" => "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+      "ADH-AES128-SHA" => "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+      "AES256-SHA" => "TLS_RSA_WITH_AES_256_CBC_SHA",
+      "DH-DSS-AES256-SHA" => "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+      "DH-RSA-AES256-SHA" => "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+      "DHE-DSS-AES256-SHA" => "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+      "DHE-RSA-AES256-SHA" => "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+      "ADH-AES256-SHA" => "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+      "NULL-SHA256" => "TLS_RSA_WITH_NULL_SHA256",
+      "AES128-SHA256" => "TLS_RSA_WITH_AES_128_CBC_SHA256",
+      "AES256-SHA256" => "TLS_RSA_WITH_AES_256_CBC_SHA256",
+      "DH-DSS-AES128-SHA256" => "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
+      "DH-RSA-AES128-SHA256" => "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
+      "DHE-DSS-AES128-SHA256" => "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+      "CAMELLIA128-SHA" => "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
+      "DH-DSS-CAMELLIA128-SHA" => "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
+      "DH-RSA-CAMELLIA128-SHA" => "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
+      "DHE-DSS-CAMELLIA128-SHA" => "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
+      "DHE-RSA-CAMELLIA128-SHA" => "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
+      "ADH-CAMELLIA128-SHA" => "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
+      "EXP1024-DES-CBC-SHA" => "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
+      "EXP1024-DHE-DSS-DES-CBC-SHA" => "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
+      "EXP1024-RC4-SHA" => "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
+      "EXP1024-DHE-DSS-RC4-SHA" => "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
+      "DHE-DSS-RC4-SHA" => "TLS_DHE_DSS_WITH_RC4_128_SHA",
+      "DHE-RSA-AES128-SHA256" => "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+      "DH-DSS-AES256-SHA256" => "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
+      "DH-RSA-AES256-SHA256" => "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
+      "DHE-DSS-AES256-SHA256" => "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+      "DHE-RSA-AES256-SHA256" => "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+      "ADH-AES128-SHA256" => "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+      "ADH-AES256-SHA256" => "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+      "GOST94-GOST89-GOST89" => "TLS_GOSTR341094_WITH_28147_CNT_IMIT",
+      "GOST2001-GOST89-GOST89" => "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
+      "CAMELLIA256-SHA" => "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
+      "DH-DSS-CAMELLIA256-SHA" => "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
+      "DH-RSA-CAMELLIA256-SHA" => "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
+      "DHE-DSS-CAMELLIA256-SHA" => "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
+      "DHE-RSA-CAMELLIA256-SHA" => "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
+      "ADH-CAMELLIA256-SHA" => "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
+      "PSK-RC4-SHA" => "TLS_PSK_WITH_RC4_128_SHA",
+      "PSK-3DES-EDE-CBC-SHA" => "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
+      "PSK-AES128-CBC-SHA" => "TLS_PSK_WITH_AES_128_CBC_SHA",
+      "PSK-AES256-CBC-SHA" => "TLS_PSK_WITH_AES_256_CBC_SHA",
+      "SEED-SHA" => "TLS_RSA_WITH_SEED_CBC_SHA",
+      "DH-DSS-SEED-SHA" => "TLS_DH_DSS_WITH_SEED_CBC_SHA",
+      "DH-RSA-SEED-SHA" => "TLS_DH_RSA_WITH_SEED_CBC_SHA",
+      "DHE-DSS-SEED-SHA" => "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
+      "DHE-RSA-SEED-SHA" => "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
+      "ADH-SEED-SHA" => "TLS_DH_anon_WITH_SEED_CBC_SHA",
+      "AES128-GCM-SHA256" => "TLS_RSA_WITH_AES_128_GCM_SHA256",
+      "AES256-GCM-SHA384" => "TLS_RSA_WITH_AES_256_GCM_SHA384",
+      "DHE-RSA-AES128-GCM-SHA256" => "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+      "DHE-RSA-AES256-GCM-SHA384" => "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+      "DH-RSA-AES128-GCM-SHA256" => "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
+      "DH-RSA-AES256-GCM-SHA384" => "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
+      "DHE-DSS-AES128-GCM-SHA256" => "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+      "DHE-DSS-AES256-GCM-SHA384" => "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+      "DH-DSS-AES128-GCM-SHA256" => "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
+      "DH-DSS-AES256-GCM-SHA384" => "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
+      "ADH-AES128-GCM-SHA256" => "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+      "ADH-AES256-GCM-SHA384" => "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+      "TLS_FALLBACK_SCSV" => "TLS_FALLBACK_SCSV",
+      "ECDH-ECDSA-NULL-SHA" => "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+      "ECDH-ECDSA-RC4-SHA" => "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+      "ECDH-ECDSA-DES-CBC3-SHA" => "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+      "ECDH-ECDSA-AES128-SHA" => "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+      "ECDH-ECDSA-AES256-SHA" => "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+      "ECDHE-ECDSA-NULL-SHA" => "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+      "ECDHE-ECDSA-RC4-SHA" => "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+      "ECDHE-ECDSA-DES-CBC3-SHA" => "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+      "ECDHE-ECDSA-AES128-SHA" => "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+      "ECDHE-ECDSA-AES256-SHA" => "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+      "ECDH-RSA-NULL-SHA" => "TLS_ECDH_RSA_WITH_NULL_SHA",
+      "ECDH-RSA-RC4-SHA" => "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+      "ECDH-RSA-DES-CBC3-SHA" => "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+      "ECDH-RSA-AES128-SHA" => "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+      "ECDH-RSA-AES256-SHA" => "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+      "ECDHE-RSA-NULL-SHA" => "TLS_ECDHE_RSA_WITH_NULL_SHA",
+      "ECDHE-RSA-RC4-SHA" => "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+      "ECDHE-RSA-DES-CBC3-SHA" => "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+      "ECDHE-RSA-AES128-SHA" => "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+      "ECDHE-RSA-AES256-SHA" => "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+      "AECDH-NULL-SHA" => "TLS_ECDH_anon_WITH_NULL_SHA",
+      "AECDH-RC4-SHA" => "TLS_ECDH_anon_WITH_RC4_128_SHA",
+      "AECDH-DES-CBC3-SHA" => "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+      "AECDH-AES128-SHA" => "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+      "AECDH-AES256-SHA" => "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+      "SRP-3DES-EDE-CBC-SHA" => "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
+      "SRP-RSA-3DES-EDE-CBC-SHA" => "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
+      "SRP-DSS-3DES-EDE-CBC-SHA" => "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
+      "SRP-AES-128-CBC-SHA" => "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
+      "SRP-RSA-AES-128-CBC-SHA" => "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
+      "SRP-DSS-AES-128-CBC-SHA" => "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
+      "SRP-AES-256-CBC-SHA" => "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
+      "SRP-RSA-AES-256-CBC-SHA" => "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
+      "SRP-DSS-AES-256-CBC-SHA" => "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
+      "ECDHE-ECDSA-AES128-SHA256" => "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+      "ECDHE-ECDSA-AES256-SHA384" => "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+      "ECDH-ECDSA-AES128-SHA256" => "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+      "ECDH-ECDSA-AES256-SHA384" => "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+      "ECDHE-RSA-AES128-SHA256" => "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+      "ECDHE-RSA-AES256-SHA384" => "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+      "ECDH-RSA-AES128-SHA256" => "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+      "ECDH-RSA-AES256-SHA384" => "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+      "ECDHE-ECDSA-AES128-GCM-SHA256" => "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+      "ECDHE-ECDSA-AES256-GCM-SHA384" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+      "ECDH-ECDSA-AES128-GCM-SHA256" => "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+      "ECDH-ECDSA-AES256-GCM-SHA384" => "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+      "ECDHE-RSA-AES128-GCM-SHA256" => "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+      "ECDHE-RSA-AES256-GCM-SHA384" => "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+      "ECDH-RSA-AES128-GCM-SHA256" => "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+      "ECDH-RSA-AES256-GCM-SHA384" => "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+      "ECDHE-RSA-CHACHA20-POLY1305" => "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+      "ECDHE-ECDSA-CHACHA20-POLY1305" => "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+      "DHE-RSA-CHACHA20-POLY1305" => "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+      "RC2-CBC-MD5" => "SSL_CK_RC2_128_CBC_WITH_MD5",
+      "IDEA-CBC-MD5" => "SSL_CK_IDEA_128_CBC_WITH_MD5",
+      "DES-CBC-MD5" => "SSL_CK_DES_64_CBC_WITH_MD5",
+      "DES-CBC3-MD5" => "SSL_CK_DES_192_EDE3_CBC_WITH_MD5",
+      "RC4-64-MD5" => "SSL_CK_RC4_64_WITH_MD5"
+    }
+
+    #
+    # Initializes the cipher suite.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<cipherSuite>` XML element.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # The cipher suite name.
+    #
+    # @return [String]
+    #
+    def name
+      @name ||= @node['name']
+    end
+
+    alias openssl_name name
+
+    #
+    # Maps the OpenSSL cipher name to it's RFC name.
+    #
+    # @return [String, nil]
+    #
+    def rfc_name
+      RFC_NAMES[name]
+    end
+
+    #
+    # The connection status when the cipher suite was used.
+    #
+    def connection_status
+      @connection_status ||= @node['connectionStatus']
+    end
+
+    def anonymous?
+      Boolean[@node['anonymous']]
+    end
+
+    #
+    # Key exchange information.
+    #
+    # @return [KeyExchange, nil]
+    #
+    def key_exchange
+      @key_exchange ||= if (key_exchange_node = @node.at('keyExchange'))
+                          KeyExchange.new(key_exchange_node)
+                        end
+    end
+
+    alias to_s name
+
+  end
+end