ruby-sslyze 0.2.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c04db52b8cef3f43b85dc0eeabd6d54ea8677059
-  data.tar.gz: 945e8f92174305403a57fedbaee3f0e8aef1241b
+  metadata.gz: d7ea99501fa0ae17845721682e514eba2e8215b8
+  data.tar.gz: 7a644cac1658032cfb7db09aeeb6b1afe4b3dc70
 SHA512:
-  metadata.gz: a6c8c76320828ed9b82cc0f512cf07760d14092730acdb5e07e6ff1d0efdcc822b3f9f21904fd5ffd509d804ab3d845a30a2904f9e22e3f6a0288b55f9d423f2
-  data.tar.gz: b8ed037b913ea17bd7f2c583f2e9bd09eb28f4fe3afb53f2ee7e261b61d1e5680241df8b64a5c6b10699b4d77eeecb74e4aea89fd5b80aa30e7a20330e222690
+  metadata.gz: f2b5ee21ec3a517cf2ec415562a4f599973da3aa45b4575d4060cd876e9777a0f3ed8acec69ecc5c36e2535d1a0624d908294de61041415d2bf5f67d41b3a362
+  data.tar.gz: 8e4d491aad4d6468b46c99c1e662201d1d9796d5febd4691f4cc253792de035e02ce986b5db616693a67b605c336428878a7f9c29d69f00ca80c07946bf652eb

data/.gitignore

@@ -1,4 +1,6 @@
-Gemfile.lock
-doc/
-pkg/
-vendor/cache/*.gem
+/Gemfile.lock
+/coverage
+/doc/
+/pkg/
+/vendor/cache/*.gem
+/env

data/.travis.yml

@@ -1,18 +1,26 @@
 language: ruby
 sudo: false
+before_install:
+  - pip install --upgrade --user pip setuptools
+  - pip install --user sslyze
+
 rvm:
-- 2.0
-- 2.1
-- 2.2
-- ruby-head
-- jruby
-- rbx-2
+  - 2.3
+  - 2.4
+  - ruby-head
+  - jruby
+
 matrix:
   allow_failures:
-  - rvm: rbx-2
+    - rvm: jruby
+   
 addons:
   code_climate:
     repo_token: 2a03fa37ce5a5cb21bb117a736be5d83dcf9f1c3ea2b248f7af4c0a7b330d8c8
+
+after_success:
+  - bundle exec codeclimate-test-reporter
+
 notifications:
   slack:
     secure: IfKhtia5nM6KA9nK8jiSkNnVOLN96er6gK5jgjYKFNrVyWAKRUJZ0TB9L+igjUWDq7t+tRvj8yGT2k61xVJgF+ZDlQiWvyazTsgQeqbjieCxCrj/BTGZLyD1hhOLg7vqpyeQvp/34hDahx6XNp6XPvkxeofjc0H6STv2UjJkpQk=

data/ChangeLog.md

@@ -1,3 +1,20 @@
+### 1.0.0 / 2018-03-06
+
+* Require [sslyze] >= 1.3.4.
+* Added {SSLyze::X509::Domain}.
+* Added {SSLyze::X509::Extension}.
+* Added {SSLyze::X509::ExtensionSet}.
+* Added {SSLyze::X509::Extensions::BasicConstraints}.
+* Added {SSLyze::X509::Extensions::CertificatePolicies}.
+* Added {SSLyze::X509::Extensions::CRLDistributionPoints}.
+* Added {SSLyze::X509::Extensions::ExtendedKeyUsage}.
+* Added {SSLyze::X509::Extensions::KeyUsage}.
+* Added {SSLyze::X509::Extensions::SubjectAltName}.
+* Added {SSLyze::X509::Name}.
+* Added {SSLyze::X509::PublicKey}.
+* Moved all XML related classes into {SSLyze::XML}.
+* Updated {SSLyze::XML} and classes to represent the current sslyze 1.3.4 XSD.
+
 ### 0.2.1 / 2017-01-13
 
 * Fix file descriptor leak in {SSLyze::XML.open} by using
@@ -7,23 +24,23 @@
 ### 0.2.0 / 2016-08-16
 
 * Requires sslyze 0.12.x.
-* Added {SSLyze::XML#each_invalid_target}.
-* Added {SSLyze::XML#invalid_targets}.
-* Added {SSLyze::InvalidTarget}.
-* Added {SSLyze::Target#ssl_v2} alias.
-* Added {SSLyze::Target#ssl_v3} alias.
-* Added {SSLyze::Target#tls_v1} alias.
-* Added {SSLyze::Target#tls_v1_1} alias.
-* Added {SSLyze::Target#tls_v1_2} alias.
-* Added {SSLyze::CertificateValidation#path?}.
-* Added {SSLyze::CertificateValidation#results}.
-* Fixed a bug in {SSLyze::CertInfo#validation} when the `certificateValidation`
+* Added `SSLyze::XML#each_invalid_target`.
+* Added `SSLyze::XML#invalid_targets`.
+* Added `SSLyze::InvalidTarget`.
+* Added `SSLyze::Target#ssl_v2` alias.
+* Added `SSLyze::Target#ssl_v3` alias.
+* Added `SSLyze::Target#tls_v1` alias.
+* Added `SSLyze::Target#tls_v1_1` alias.
+* Added `SSLyze::Target#tls_v1_2` alias.
+* Added `SSLyze::CertificateValidation#path?`.
+* Added `SSLyze::CertificateValidation#results`.
+* Fixed a bug in `SSLyze::CertInfo#validation` when the `certificateValidation`
   node is omitted.
 
 ### 0.1.1 / 2015-12-08
 
 * `certificateValidation` may be omitted from `certinfo` if an OpenSSL
-  exception occurred. Allow {SSLyze::CertInfo#validation} may return `nil`.
+  exception occurred. Allow `SSLyze::CertInfo#validation` may return `nil`.
 
 ### 0.1.0 / 2015-10-13
 

data/Gemfile

@@ -8,11 +8,12 @@ group :development do
 
   gem 'rspec', '~> 3.0'
 
-  gem 'yard', '~> 0.8'
+  gem 'yard', '~> 0.9'
   gem 'kramdown'
 end
 
 group :test do
   gem 'json'
-  gem 'codeclimate-test-reporter', require: nil
+  gem 'simplecov', require: nil
+  gem 'codeclimate-test-reporter', '~> 1.0.0', require: nil
 end

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2014-2017 Hal Brodigan
+Copyright (c) 2014-2018 Hal Brodigan
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -7,7 +7,6 @@
 * [Homepage](https://github.com/trailofbits/ruby-sslyze#readme)
 * [Issues](https://github.com/trailofbits/ruby-sslyze/issues)
 * [Documentation](http://rubydoc.info/gems/ruby-sslyze/frames)
-* [Email](mailto:hal at trailofbits.com)
 
 ## Description
 
@@ -17,7 +16,7 @@ A Ruby interface to [sslyze] python utility.
 
 * Provides a Ruby interface to `sslyze.py`.
 * Provides a Parser for consuming the sslyze XML output.
-* [sslyze] 0.12.x
+* Supports [sslyze] >= 1.3.4.
 
 ## Examples
 
@@ -51,16 +50,17 @@ Parsing sslyze XML output:
 ## Requirements
 
 * [rprogram] ~> 0.3
-* [nokogiri] ~> 1.0
-* [sslyze] 0.12.x
+* [nokogiri] ~> 1.8
+* [sslyze] >= 1.3.4
 
 ## Install
 
+    $ pip install sslyze
     $ gem install ruby-sslyze
 
 ## Copyright
 
-Copyright (c) 2014-2017 Hal Brodigan
+Copyright (c) 2014-2018 Hal Brodigan
 
 See {file:LICENSE.txt} for details.
 

data/Rakefile

@@ -19,5 +19,5 @@ YARD::Rake::YardocTask.new
 task :doc => :yard
 
 file 'spec/sslyze.xml' do
-  sh 'sslyze.py --xml_out spec/sslyze.xml --regular --timeout 5 twitter.com github.com:443 yahoo.com:443'
+  sh 'sslyze --xml_out spec/sslyze.xml --regular --resum_rate --http_headers --timeout 5 twitter.com github.com:443 www.yahoo.com:443 foo bar'
 end

data/lib/sslyze/cipher_suites.rb

@@ -0,0 +1,176 @@
+module SSLyze
+  module CipherSuites
+    # Mapping of RFC cipher suite names to their OpenSSL equivalents
+    #
+    # @note Source https://testssl.sh/openssl-rfc.mapping.html
+    OPENSSL_NAMES = {
+      "TLS_RSA_WITH_NULL_MD5"=>"NULL-MD5",
+      "TLS_RSA_WITH_NULL_SHA"=>"NULL-SHA",
+      "TLS_RSA_EXPORT_WITH_RC4_40_MD5"=>"EXP-RC4-MD5",
+      "TLS_RSA_WITH_RC4_128_MD5"=>"RC4-MD5",
+      "TLS_RSA_WITH_RC4_128_SHA"=>"RC4-SHA",
+      "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"=>"EXP-RC2-CBC-MD5",
+      "TLS_RSA_WITH_IDEA_CBC_SHA"=>"IDEA-CBC-SHA",
+      "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"=>"EXP-DES-CBC-SHA",
+      "TLS_RSA_WITH_DES_CBC_SHA"=>"DES-CBC-SHA",
+      "TLS_RSA_WITH_3DES_EDE_CBC_SHA"=>"DES-CBC3-SHA",
+      "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"=>"EXP-DH-DSS-DES-CBC-SHA",
+      "TLS_DH_DSS_WITH_DES_CBC_SHA"=>"DH-DSS-DES-CBC-SHA",
+      "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"=>"DH-DSS-DES-CBC3-SHA",
+      "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"=>"EXP-DH-RSA-DES-CBC-SHA",
+      "TLS_DH_RSA_WITH_DES_CBC_SHA"=>"DH-RSA-DES-CBC-SHA",
+      "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"=>"DH-RSA-DES-CBC3-SHA",
+      "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"=>"EXP-EDH-DSS-DES-CBC-SHA",
+      "TLS_DHE_DSS_WITH_DES_CBC_SHA"=>"EDH-DSS-DES-CBC-SHA",
+      "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"=>"EDH-DSS-DES-CBC3-SHA",
+      "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"=>"EXP-EDH-RSA-DES-CBC-SHA",
+      "TLS_DHE_RSA_WITH_DES_CBC_SHA"=>"EDH-RSA-DES-CBC-SHA",
+      "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"=>"EDH-RSA-DES-CBC3-SHA",
+      "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"=>"EXP-ADH-RC4-MD5",
+      "TLS_DH_anon_WITH_RC4_128_MD5"=>"ADH-RC4-MD5",
+      "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"=>"EXP-ADH-DES-CBC-SHA",
+      "TLS_DH_anon_WITH_DES_CBC_SHA"=>"ADH-DES-CBC-SHA",
+      "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"=>"ADH-DES-CBC3-SHA",
+      "TLS_KRB5_WITH_DES_CBC_SHA"=>"KRB5-DES-CBC-SHA",
+      "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"=>"KRB5-DES-CBC3-SHA",
+      "TLS_KRB5_WITH_RC4_128_SHA"=>"KRB5-RC4-SHA",
+      "TLS_KRB5_WITH_IDEA_CBC_SHA"=>"KRB5-IDEA-CBC-SHA",
+      "TLS_KRB5_WITH_DES_CBC_MD5"=>"KRB5-DES-CBC-MD5",
+      "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"=>"KRB5-DES-CBC3-MD5",
+      "TLS_KRB5_WITH_RC4_128_MD5"=>"KRB5-RC4-MD5",
+      "TLS_KRB5_WITH_IDEA_CBC_MD5"=>"KRB5-IDEA-CBC-MD5",
+      "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"=>"EXP-KRB5-DES-CBC-SHA",
+      "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"=>"EXP-KRB5-RC2-CBC-SHA",
+      "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"=>"EXP-KRB5-RC4-SHA",
+      "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"=>"EXP-KRB5-DES-CBC-MD5",
+      "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"=>"EXP-KRB5-RC2-CBC-MD5",
+      "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"=>"EXP-KRB5-RC4-MD5",
+      "TLS_RSA_WITH_AES_128_CBC_SHA"=>"AES128-SHA",
+      "TLS_DH_DSS_WITH_AES_128_CBC_SHA"=>"DH-DSS-AES128-SHA",
+      "TLS_DH_RSA_WITH_AES_128_CBC_SHA"=>"DH-RSA-AES128-SHA",
+      "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"=>"DHE-DSS-AES128-SHA",
+      "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"=>"DHE-RSA-AES128-SHA",
+      "TLS_DH_anon_WITH_AES_128_CBC_SHA"=>"ADH-AES128-SHA",
+      "TLS_RSA_WITH_AES_256_CBC_SHA"=>"AES256-SHA",
+      "TLS_DH_DSS_WITH_AES_256_CBC_SHA"=>"DH-DSS-AES256-SHA",
+      "TLS_DH_RSA_WITH_AES_256_CBC_SHA"=>"DH-RSA-AES256-SHA",
+      "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"=>"DHE-DSS-AES256-SHA",
+      "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"=>"DHE-RSA-AES256-SHA",
+      "TLS_DH_anon_WITH_AES_256_CBC_SHA"=>"ADH-AES256-SHA",
+      "TLS_RSA_WITH_NULL_SHA256"=>"NULL-SHA256",
+      "TLS_RSA_WITH_AES_128_CBC_SHA256"=>"AES128-SHA256",
+      "TLS_RSA_WITH_AES_256_CBC_SHA256"=>"AES256-SHA256",
+      "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"=>"DH-DSS-AES128-SHA256",
+      "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"=>"DH-RSA-AES128-SHA256",
+      "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"=>"DHE-DSS-AES128-SHA256",
+      "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"=>"CAMELLIA128-SHA",
+      "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"=>"DH-DSS-CAMELLIA128-SHA",
+      "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"=>"DH-RSA-CAMELLIA128-SHA",
+      "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"=>"DHE-DSS-CAMELLIA128-SHA",
+      "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"=>"DHE-RSA-CAMELLIA128-SHA",
+      "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"=>"ADH-CAMELLIA128-SHA",
+      "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"=>"EXP1024-DES-CBC-SHA",
+      "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"=>"EXP1024-DHE-DSS-DES-CBC-SHA",
+      "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"=>"EXP1024-RC4-SHA",
+      "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"=>"EXP1024-DHE-DSS-RC4-SHA",
+      "TLS_DHE_DSS_WITH_RC4_128_SHA"=>"DHE-DSS-RC4-SHA",
+      "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"=>"DHE-RSA-AES128-SHA256",
+      "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"=>"DH-DSS-AES256-SHA256",
+      "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"=>"DH-RSA-AES256-SHA256",
+      "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"=>"DHE-DSS-AES256-SHA256",
+      "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"=>"DHE-RSA-AES256-SHA256",
+      "TLS_DH_anon_WITH_AES_128_CBC_SHA256"=>"ADH-AES128-SHA256",
+      "TLS_DH_anon_WITH_AES_256_CBC_SHA256"=>"ADH-AES256-SHA256",
+      "TLS_GOSTR341094_WITH_28147_CNT_IMIT"=>"GOST94-GOST89-GOST89",
+      "TLS_GOSTR341001_WITH_28147_CNT_IMIT"=>"GOST2001-GOST89-GOST89",
+      "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"=>"CAMELLIA256-SHA",
+      "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"=>"DH-DSS-CAMELLIA256-SHA",
+      "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"=>"DH-RSA-CAMELLIA256-SHA",
+      "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"=>"DHE-DSS-CAMELLIA256-SHA",
+      "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"=>"DHE-RSA-CAMELLIA256-SHA",
+      "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"=>"ADH-CAMELLIA256-SHA",
+      "TLS_PSK_WITH_RC4_128_SHA"=>"PSK-RC4-SHA",
+      "TLS_PSK_WITH_3DES_EDE_CBC_SHA"=>"PSK-3DES-EDE-CBC-SHA",
+      "TLS_PSK_WITH_AES_128_CBC_SHA"=>"PSK-AES128-CBC-SHA",
+      "TLS_PSK_WITH_AES_256_CBC_SHA"=>"PSK-AES256-CBC-SHA",
+      "TLS_RSA_WITH_SEED_CBC_SHA"=>"SEED-SHA",
+      "TLS_DH_DSS_WITH_SEED_CBC_SHA"=>"DH-DSS-SEED-SHA",
+      "TLS_DH_RSA_WITH_SEED_CBC_SHA"=>"DH-RSA-SEED-SHA",
+      "TLS_DHE_DSS_WITH_SEED_CBC_SHA"=>"DHE-DSS-SEED-SHA",
+      "TLS_DHE_RSA_WITH_SEED_CBC_SHA"=>"DHE-RSA-SEED-SHA",
+      "TLS_DH_anon_WITH_SEED_CBC_SHA"=>"ADH-SEED-SHA",
+      "TLS_RSA_WITH_AES_128_GCM_SHA256"=>"AES128-GCM-SHA256",
+      "TLS_RSA_WITH_AES_256_GCM_SHA384"=>"AES256-GCM-SHA384",
+      "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"=>"DHE-RSA-AES128-GCM-SHA256",
+      "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"=>"DHE-RSA-AES256-GCM-SHA384",
+      "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"=>"DH-RSA-AES128-GCM-SHA256",
+      "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"=>"DH-RSA-AES256-GCM-SHA384",
+      "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"=>"DHE-DSS-AES128-GCM-SHA256",
+      "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"=>"DHE-DSS-AES256-GCM-SHA384",
+      "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"=>"DH-DSS-AES128-GCM-SHA256",
+      "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"=>"DH-DSS-AES256-GCM-SHA384",
+      "TLS_DH_anon_WITH_AES_128_GCM_SHA256"=>"ADH-AES128-GCM-SHA256",
+      "TLS_DH_anon_WITH_AES_256_GCM_SHA384"=>"ADH-AES256-GCM-SHA384",
+      "TLS_FALLBACK_SCSV"=>"TLS_FALLBACK_SCSV",
+      "TLS_ECDH_ECDSA_WITH_NULL_SHA"=>"ECDH-ECDSA-NULL-SHA",
+      "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"=>"ECDH-ECDSA-RC4-SHA",
+      "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"=>"ECDH-ECDSA-DES-CBC3-SHA",
+      "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"=>"ECDH-ECDSA-AES128-SHA",
+      "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"=>"ECDH-ECDSA-AES256-SHA",
+      "TLS_ECDHE_ECDSA_WITH_NULL_SHA"=>"ECDHE-ECDSA-NULL-SHA",
+      "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"=>"ECDHE-ECDSA-RC4-SHA",
+      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"=>"ECDHE-ECDSA-DES-CBC3-SHA",
+      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"=>"ECDHE-ECDSA-AES128-SHA",
+      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"=>"ECDHE-ECDSA-AES256-SHA",
+      "TLS_ECDH_RSA_WITH_NULL_SHA"=>"ECDH-RSA-NULL-SHA",
+      "TLS_ECDH_RSA_WITH_RC4_128_SHA"=>"ECDH-RSA-RC4-SHA",
+      "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"=>"ECDH-RSA-DES-CBC3-SHA",
+      "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"=>"ECDH-RSA-AES128-SHA",
+      "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"=>"ECDH-RSA-AES256-SHA",
+      "TLS_ECDHE_RSA_WITH_NULL_SHA"=>"ECDHE-RSA-NULL-SHA",
+      "TLS_ECDHE_RSA_WITH_RC4_128_SHA"=>"ECDHE-RSA-RC4-SHA",
+      "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"=>"ECDHE-RSA-DES-CBC3-SHA",
+      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"=>"ECDHE-RSA-AES128-SHA",
+      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"=>"ECDHE-RSA-AES256-SHA",
+      "TLS_ECDH_anon_WITH_NULL_SHA"=>"AECDH-NULL-SHA",
+      "TLS_ECDH_anon_WITH_RC4_128_SHA"=>"AECDH-RC4-SHA",
+      "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"=>"AECDH-DES-CBC3-SHA",
+      "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"=>"AECDH-AES128-SHA",
+      "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"=>"AECDH-AES256-SHA",
+      "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"=>"SRP-3DES-EDE-CBC-SHA",
+      "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"=>"SRP-RSA-3DES-EDE-CBC-SHA",
+      "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"=>"SRP-DSS-3DES-EDE-CBC-SHA",
+      "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"=>"SRP-AES-128-CBC-SHA",
+      "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"=>"SRP-RSA-AES-128-CBC-SHA",
+      "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"=>"SRP-DSS-AES-128-CBC-SHA",
+      "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"=>"SRP-AES-256-CBC-SHA",
+      "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"=>"SRP-RSA-AES-256-CBC-SHA",
+      "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"=>"SRP-DSS-AES-256-CBC-SHA",
+      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"=>"ECDHE-ECDSA-AES128-SHA256",
+      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"=>"ECDHE-ECDSA-AES256-SHA384",
+      "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"=>"ECDH-ECDSA-AES128-SHA256",
+      "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"=>"ECDH-ECDSA-AES256-SHA384",
+      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"=>"ECDHE-RSA-AES128-SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"=>"ECDHE-RSA-AES256-SHA384",
+      "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"=>"ECDH-RSA-AES128-SHA256",
+      "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"=>"ECDH-RSA-AES256-SHA384",
+      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"=>"ECDHE-ECDSA-AES128-GCM-SHA256",
+      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"=>"ECDHE-ECDSA-AES256-GCM-SHA384",
+      "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"=>"ECDH-ECDSA-AES128-GCM-SHA256",
+      "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"=>"ECDH-ECDSA-AES256-GCM-SHA384",
+      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"=>"ECDHE-RSA-AES128-GCM-SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"=>"ECDHE-RSA-AES256-GCM-SHA384",
+      "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"=>"ECDH-RSA-AES128-GCM-SHA256",
+      "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"=>"ECDH-RSA-AES256-GCM-SHA384",
+      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"=>"ECDHE-RSA-CHACHA20-POLY1305",
+      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"=>
+      "ECDHE-ECDSA-CHACHA20-POLY1305",
+      "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"=>"DHE-RSA-CHACHA20-POLY1305",
+      "SSL_CK_RC2_128_CBC_WITH_MD5"=>"RC2-CBC-MD5",
+      "SSL_CK_IDEA_128_CBC_WITH_MD5"=>"IDEA-CBC-MD5",
+      "SSL_CK_DES_64_CBC_WITH_MD5"=>"DES-CBC-MD5",
+      "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"=>"DES-CBC3-MD5",
+      "SSL_CK_RC4_64_WITH_MD5"=>"RC4-64-MD5"
+    }
+  end
+end

data/lib/sslyze/program.rb

@@ -4,24 +4,24 @@ require 'rprogram/program'
 
 module SSLyze
   #
-  # Represents the `sslyze.py` command line utility.
+  # Represents the `sslyze` command line utility.
   #
   class Program < RProgram::Program
 
-    name_program 'sslyze.py'
+    name_program 'sslyze'
 
     #
-    # Finds the `sslyze.py` script and runs it.
+    # Finds the `sslyze` script and runs it.
     #
     # @param [Hash{Symbol => Object}] options
-    #   Additional options for `sslyze.py`.
+    #   Additional options for `sslyze`.
     #
     # @param [Hash{Symbol => Object}] exec_options
     #   Additional exec-options.
     #
     # @yield [task]
     #   If a block is given, it will be passed a task object
-    #   used to specify options for `sslyze.py`.
+    #   used to specify options for `sslyze`.
     #
     # @yieldparam [Task] task
     #   The sslyze task object.
@@ -37,17 +37,17 @@ module SSLyze
     end
 
     #
-    # Runs `sslyze.py`.
+    # Runs `sslyze`.
     #
     # @param [Hash{Symbol => Object}] options
-    #   Additional options for `sslyze.py`.
+    #   Additional options for `sslyze`.
     #
     # @param [Hash{Symbol => Object}] exec_options
     #   Additional exec-options.
     #
     # @yield [task]
     #   If a block is given, it will be passed a task object
-    #   used to specify options for `sslyze.py`.
+    #   used to specify options for `sslyze`.
     #
     # @yieldparam [Task] task
     #   The sslyze task object.

data/lib/sslyze/task.rb

@@ -9,56 +9,63 @@ module SSLyze
     # Options:
     long_option flag: '--version'
     long_option flag: '--help'
-    long_option flag: '--xml_out'
-    long_option flag: '--targets_in'
-    long_option flag: '--timeout'
-    long_option flag: '--nb_retries'
-    long_option flag: '--https_tunnel'
-    long_option flag: '--starttls'
-    long_option flag: '--xmpp_to'
-    long_option flag: '--sni'
     long_option flag: '--regular'
 
     # Client certificate support:
-    long_option flag: '--cert'
-    long_option flag: '--certfrom'
-    long_option flag: '--key'
-    long_option flag: '--keyfrom'
-    long_option flag: '--pass'
+    long_option flag: '--cert', equals: true
+    long_option flag: '--key', equals: true
+    long_option flag: '--keyform', equals: true
+    long_option flag: '--pass', equals: true
 
-    # PluginHeartbleed:
+    # Input and output options:
+    long_option flag: '--xml_out', equals: true
+    long_option flag: '--json_out', equals: true
+    long_option flag: '--targets_in', equals: true
+    long_option flag: '--quiet'
+
+    # Connectivity options:
+    long_option flag: '--timeout', equals: true
+    long_option flag: '--nb_retries', equals: true
+    long_option flag: '--https_tunnel', equals: true
+    long_option flag: '--starttls', equals: true
+    long_option flag: '--xmpp_to', equals: true
+    long_option flag: '--sni', equals: true
+
+    # HeartbleedPlugin:
     long_option flag: '--heartbleed'
 
-    # PluginOpenSSLCipherSuites:
-    #   Scans the server(s) for supported OpenSSL cipher suites.
-    long_option flag: '--sslv2'
-    long_option flag: '--sslv3'
-    long_option flag: '--tlsv1'
-    long_option flag: '--tlsv1_1'
-    long_option flag: '--tlsv1_2'
-    long_option flag: '--http_get'
-    long_option flag: '--hide_rejected_ciphers'
+    # OpenSslCcsInjectionPlugin:
+    long_option flag: '--openssl_ccs'
+
+    # FallbackScsvPlugin:
+    long_option flag: '--fallback'
 
-    # PluginSessionRenegotiation:
+    # SessionRenegotiationPlugin:
     long_option flag: '--reneg'
 
-    # PluginCertInfo:
+    # CertificateInfoPlugin:
     long_option flag: '--certinfo'
+    long_option flag: '--ca_file', equals: true
 
-    # PluginHSTS:
-    long_option flag: '--hsts'
+    # HttpHeadersPlugin:
+    long_option flag: '--http_headers'
 
-    # PluginSessionResumption:
-    #   Analyzes the target server's SSL session resumption capabilities.
+    # SessionResumptionPlugin:
     long_option flag: '--resum'
     long_option flag: '--resum_rate'
 
-    # PluginChromeSha1Deprecation:
-    long_option flag: '--chrome_sha1'
-
-    # PluginCompression:
+    # CompressionPlugin:
     long_option flag: '--compression'
 
+    # OpenSslCipherSuitesPlugin:
+    long_option flag: '--sslv2'
+    long_option flag: '--sslv3'
+    long_option flag: '--tlsv1'
+    long_option flag: '--tlsv1_1'
+    long_option flag: '--tlsv1_2'
+    long_option flag: '--http_get'
+    long_option flag: '--hide_rejected_ciphers'
+
     non_option name: :targets, tailing: true
 
   end