sslshake 1.0.12

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 73fea6614c1a8dac99abcc7e97607e4e33a2f4e1
+  data.tar.gz: 8ffbb4598f29d65b3b03c574641404f76f9ed85c
+SHA512:
+  metadata.gz: c6ee7096edd757778e9b13a8a4090ce4f3982762373132213cc8b605bf7129032a63c44351ccebcaf11a2f5f9f32766269e7c2713703f8fcc0164a77f3be9ca7
+  data.tar.gz: 278ea0a3d288c0d636fe4bb12c34f36bf5be30859e09636932bc45ded810cf8aefd38b8c04a5a3d62b5aad46184a739f3fbaf480aed3c57f227c79ec8f7405ea

data/.gitignore

@@ -0,0 +1,3 @@
+performance
+.ssldummies
+.testssl

data/README.md

@@ -0,0 +1,18 @@
+# sslshake
+
+Tiny Ruby library to simulate SSL and TLS handshakes. Independent of OpenSSL. Supports SSLv2, SSLv3, TLS 1.0 - 1.2.
+
+## Requirements
+
+* Ruby v1.9.3+
+
+## Usage
+
+```ruby
+require 'sslshake'
+SSLShake.hello('my.host', port: 4443, protocol: 'tls1.2')
+```
+
+## License
+
+MPLv2, see [https://www.mozilla.org/en-US/MPL/2.0/](https://www.mozilla.org/en-US/MPL/2.0/)

data/lib/sslshake.rb

@@ -0,0 +1,73 @@
+# encoding: utf-8
+# copyright: 2016, Dominik Richter
+# license: MPLv2
+
+require 'socket'
+require 'securerandom'
+require 'io/wait'
+require 'sslshake/version'
+require 'sslshake/ciphers'
+require 'sslshake/sslv2'
+require 'sslshake/tls'
+
+module SSLShake
+  def self.socket(host, opts = {})
+    return [opts[:socket], nil] unless opts[:socket].nil?
+
+    port = opts[:port] || 443
+    timeout = opts[:timeout] || 2
+
+    addr = Socket.getaddrinfo(host, nil)[0] ||
+           fail("Cannot determine address for socket to #{host}:#{port}")
+    family = addr[4]
+
+    sockaddr = Socket.pack_sockaddr_in(port, addr[2])
+    socket = Socket.new(family, Socket::SOCK_STREAM, 0)
+    socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+
+    begin
+      socket.connect_nonblock(sockaddr)
+    rescue IO::WaitWritable
+      if IO.select(nil, [socket], nil, timeout)
+        begin
+          socket.connect_nonblock(sockaddr)
+        rescue Errno::EISCONN
+          true # done, it's connected
+        rescue => err
+          socket.close
+          return [nil, "Connection error #{err.class}, can't connect to #{host}:#{port}."]
+        end
+      else
+        socket.close
+        return [nil, "Connection timeout after #{timeout}, can't connect to #{host}:#{port}."]
+      end
+    end
+
+    [socket, nil]
+  rescue SystemCallError, Alert => _
+    return [nil, "Connection refused, can't connect to #{host}:#{port}."]
+  end
+
+  def self.hello(host, opts = {})
+    cur_socket = opts[:socket]
+    if cur_socket.nil?
+      cur_socket, error = socket(host, opts)
+      return { 'error' => error } unless error.nil?
+    end
+
+    protocol = opts[:protocol] || 'tls1.2'
+    if protocol == 'ssl2'
+      ssl = SSLShake::SSLv2.new
+      cur_socket.send(ssl.hello(opts[:ciphers]), 0)
+    else
+      ssl = SSLShake::TLS.new
+      cur_socket.send(ssl.hello(protocol, opts[:ciphers]), 0)
+    end
+
+    res = ssl.parse_hello(cur_socket, opts)
+    cur_socket.close if opts[:socket].nil?
+    res
+  rescue SystemCallError => _
+    return { 'error' => 'Failed to send hello. Socket closed.' }
+  end
+end

data/lib/sslshake/ciphers.rb

@@ -0,0 +1,360 @@
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# license: MPLv2
+
+module SSLShake # rubocop:disable Metrics/ModuleLength
+  CIPHERS = {
+    '010080' => 'SSL_CK_RC4_128_WITH_MD5',
+    '020080' => 'SSL_CK_RC4_128_EXPORT40_WITH_MD5',
+    '030080' => 'SSL_CK_RC2_128_CBC_WITH_MD5',
+    '040080' => 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5',
+    '050080' => 'SSL_CK_IDEA_128_CBC_WITH_MD5',
+    '060040' => 'SSL_CK_DES_64_CBC_WITH_MD5',
+    '0700C0' => 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5',
+    '080080' => 'SSL_CK_RC4_64_WITH_MD5',
+    '0000' => 'TLS_NULL_WITH_NULL_NULL',
+    '0001' => 'TLS_RSA_WITH_NULL_MD5',
+    '0002' => 'TLS_RSA_WITH_NULL_SHA',
+    '0003' => 'TLS_RSA_EXPORT_WITH_RC4_40_MD5',
+    '0004' => 'TLS_RSA_WITH_RC4_128_MD5',
+    '0005' => 'TLS_RSA_WITH_RC4_128_SHA',
+    '0006' => 'TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5',
+    '0007' => 'TLS_RSA_WITH_IDEA_CBC_SHA',
+    '0008' => 'TLS_RSA_EXPORT_WITH_DES40_CBC_SHA',
+    '0009' => 'TLS_RSA_WITH_DES_CBC_SHA',
+    '000A' => 'TLS_RSA_WITH_3DES_EDE_CBC_SHA',
+    '000B' => 'TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA',
+    '000C' => 'TLS_DH_DSS_WITH_DES_CBC_SHA',
+    '000D' => 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA',
+    '000E' => 'TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA',
+    '000F' => 'TLS_DH_RSA_WITH_DES_CBC_SHA',
+    '0010' => 'TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA',
+    '0011' => 'TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA',
+    '0012' => 'TLS_DHE_DSS_WITH_DES_CBC_SHA',
+    '0013' => 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA',
+    '0014' => 'TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA',
+    '0015' => 'TLS_DHE_RSA_WITH_DES_CBC_SHA',
+    '0016' => 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA',
+    '0017' => 'TLS_DH_anon_EXPORT_WITH_RC4_40_MD5',
+    '0018' => 'TLS_DH_anon_WITH_RC4_128_MD5',
+    '0019' => 'TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA',
+    '001A' => 'TLS_DH_anon_WITH_DES_CBC_SHA',
+    '001B' => 'TLS_DH_anon_WITH_3DES_EDE_CBC_SHA',
+    '001E' => 'TLS_KRB5_WITH_DES_CBC_SHA',
+    '001F' => 'TLS_KRB5_WITH_3DES_EDE_CBC_SHA',
+    '0020' => 'TLS_KRB5_WITH_RC4_128_SHA',
+    '0021' => 'TLS_KRB5_WITH_IDEA_CBC_SHA',
+    '0022' => 'TLS_KRB5_WITH_DES_CBC_MD5',
+    '0023' => 'TLS_KRB5_WITH_3DES_EDE_CBC_MD5',
+    '0024' => 'TLS_KRB5_WITH_RC4_128_MD5',
+    '0025' => 'TLS_KRB5_WITH_IDEA_CBC_MD5',
+    '0026' => 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA',
+    '0027' => 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA',
+    '0028' => 'TLS_KRB5_EXPORT_WITH_RC4_40_SHA',
+    '0029' => 'TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5',
+    '002A' => 'TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5',
+    '002B' => 'TLS_KRB5_EXPORT_WITH_RC4_40_MD5',
+    '002C' => 'TLS_PSK_WITH_NULL_SHA',
+    '002D' => 'TLS_DHE_PSK_WITH_NULL_SHA',
+    '002E' => 'TLS_RSA_PSK_WITH_NULL_SHA',
+    '002F' => 'TLS_RSA_WITH_AES_128_CBC_SHA',
+    '0030' => 'TLS_DH_DSS_WITH_AES_128_CBC_SHA',
+    '0031' => 'TLS_DH_RSA_WITH_AES_128_CBC_SHA',
+    '0032' => 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',
+    '0033' => 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
+    '0034' => 'TLS_DH_anon_WITH_AES_128_CBC_SHA',
+    '0035' => 'TLS_RSA_WITH_AES_256_CBC_SHA',
+    '0036' => 'TLS_DH_DSS_WITH_AES_256_CBC_SHA',
+    '0037' => 'TLS_DH_RSA_WITH_AES_256_CBC_SHA',
+    '0038' => 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',
+    '0039' => 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
+    '003A' => 'TLS_DH_anon_WITH_AES_256_CBC_SHA',
+    '003B' => 'TLS_RSA_WITH_NULL_SHA256',
+    '003C' => 'TLS_RSA_WITH_AES_128_CBC_SHA256',
+    '003D' => 'TLS_RSA_WITH_AES_256_CBC_SHA256',
+    '003E' => 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256',
+    '003F' => 'TLS_DH_RSA_WITH_AES_128_CBC_SHA256',
+    '0040' => 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256',
+    '0041' => 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA',
+    '0042' => 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA',
+    '0043' => 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA',
+    '0044' => 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA',
+    '0045' => 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA',
+    '0046' => 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA',
+    '0060' => 'TLS_RSA_EXPORT1024_WITH_RC4_56_MD5',
+    '0061' => 'TLS_RSA_EXPORT1024_WITH_RC2_56_MD5',
+    '0062' => 'TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA',
+    '0063' => 'TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA',
+    '0064' => 'TLS_RSA_EXPORT1024_WITH_RC4_56_SHA',
+    '0065' => 'TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA',
+    '0066' => 'TLS_DHE_DSS_WITH_RC4_128_SHA',
+    '0067' => 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
+    '0068' => 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256',
+    '0069' => 'TLS_DH_RSA_WITH_AES_256_CBC_SHA256',
+    '006A' => 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256',
+    '006B' => 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
+    '006C' => 'TLS_DH_anon_WITH_AES_128_CBC_SHA256',
+    '006D' => 'TLS_DH_anon_WITH_AES_256_CBC_SHA256',
+    '0080' => 'TLS_GOSTR341094_WITH_28147_CNT_IMIT',
+    '0081' => 'TLS_GOSTR341001_WITH_28147_CNT_IMIT',
+    '0082' => 'TLS_GOSTR341094_WITH_NULL_GOSTR3411',
+    '0083' => 'TLS_GOSTR341001_WITH_NULL_GOSTR3411',
+    '0084' => 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA',
+    '0085' => 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA',
+    '0086' => 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA',
+    '0087' => 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA',
+    '0088' => 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA',
+    '0089' => 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA',
+    '008A' => 'TLS_PSK_WITH_RC4_128_SHA',
+    '008B' => 'TLS_PSK_WITH_3DES_EDE_CBC_SHA',
+    '008C' => 'TLS_PSK_WITH_AES_128_CBC_SHA',
+    '008D' => 'TLS_PSK_WITH_AES_256_CBC_SHA',
+    '008E' => 'TLS_DHE_PSK_WITH_RC4_128_SHA',
+    '008F' => 'TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA',
+    '0090' => 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA',
+    '0091' => 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA',
+    '0092' => 'TLS_RSA_PSK_WITH_RC4_128_SHA',
+    '0093' => 'TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA',
+    '0094' => 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA',
+    '0095' => 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA',
+    '0096' => 'TLS_RSA_WITH_SEED_CBC_SHA',
+    '0097' => 'TLS_DH_DSS_WITH_SEED_CBC_SHA',
+    '0098' => 'TLS_DH_RSA_WITH_SEED_CBC_SHA',
+    '0099' => 'TLS_DHE_DSS_WITH_SEED_CBC_SHA',
+    '009A' => 'TLS_DHE_RSA_WITH_SEED_CBC_SHA',
+    '009B' => 'TLS_DH_anon_WITH_SEED_CBC_SHA',
+    '009C' => 'TLS_RSA_WITH_AES_128_GCM_SHA256',
+    '009D' => 'TLS_RSA_WITH_AES_256_GCM_SHA384',
+    '009E' => 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
+    '009F' => 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
+    '00A0' => 'TLS_DH_RSA_WITH_AES_128_GCM_SHA256',
+    '00A1' => 'TLS_DH_RSA_WITH_AES_256_GCM_SHA384',
+    '00A2' => 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256',
+    '00A3' => 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384',
+    '00A4' => 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256',
+    '00A5' => 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384',
+    '00A6' => 'TLS_DH_anon_WITH_AES_128_GCM_SHA256',
+    '00A7' => 'TLS_DH_anon_WITH_AES_256_GCM_SHA384',
+    '00A8' => 'TLS_PSK_WITH_AES_128_GCM_SHA256',
+    '00A9' => 'TLS_PSK_WITH_AES_256_GCM_SHA384',
+    '00AA' => 'TLS_DHE_PSK_WITH_AES_128_GCM_SHA256',
+    '00AB' => 'TLS_DHE_PSK_WITH_AES_256_GCM_SHA384',
+    '00AC' => 'TLS_RSA_PSK_WITH_AES_128_GCM_SHA256',
+    '00AD' => 'TLS_RSA_PSK_WITH_AES_256_GCM_SHA384',
+    '00AE' => 'TLS_PSK_WITH_AES_128_CBC_SHA256',
+    '00AF' => 'TLS_PSK_WITH_AES_256_CBC_SHA384',
+    '00B0' => 'TLS_PSK_WITH_NULL_SHA256',
+    '00B1' => 'TLS_PSK_WITH_NULL_SHA384',
+    '00B2' => 'TLS_DHE_PSK_WITH_AES_128_CBC_SHA256',
+    '00B3' => 'TLS_DHE_PSK_WITH_AES_256_CBC_SHA384',
+    '00B4' => 'TLS_DHE_PSK_WITH_NULL_SHA256',
+    '00B5' => 'TLS_DHE_PSK_WITH_NULL_SHA384',
+    '00B6' => 'TLS_RSA_PSK_WITH_AES_128_CBC_SHA256',
+    '00B7' => 'TLS_RSA_PSK_WITH_AES_256_CBC_SHA384',
+    '00B8' => 'TLS_RSA_PSK_WITH_NULL_SHA256',
+    '00B9' => 'TLS_RSA_PSK_WITH_NULL_SHA384',
+    '00BA' => 'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256',
+    '00BB' => 'TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256',
+    '00BC' => 'TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256',
+    '00BD' => 'TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256',
+    '00BE' => 'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
+    '00BF' => 'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256',
+    '00C0' => 'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256',
+    '00C1' => 'TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256',
+    '00C2' => 'TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256',
+    '00C3' => 'TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256',
+    '00C4' => 'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256',
+    '00C5' => 'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256',
+    '00FF' => 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV',
+    '5600' => 'TLS_FALLBACK_SCSV',
+    'C001' => 'TLS_ECDH_ECDSA_WITH_NULL_SHA',
+    'C002' => 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA',
+    'C003' => 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA',
+    'C004' => 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA',
+    'C005' => 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA',
+    'C006' => 'TLS_ECDHE_ECDSA_WITH_NULL_SHA',
+    'C007' => 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA',
+    'C008' => 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA',
+    'C009' => 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
+    'C00A' => 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
+    'C00B' => 'TLS_ECDH_RSA_WITH_NULL_SHA',
+    'C00C' => 'TLS_ECDH_RSA_WITH_RC4_128_SHA',
+    'C00D' => 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA',
+    'C00E' => 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA',
+    'C00F' => 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA',
+    'C010' => 'TLS_ECDHE_RSA_WITH_NULL_SHA',
+    'C011' => 'TLS_ECDHE_RSA_WITH_RC4_128_SHA',
+    'C012' => 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA',
+    'C013' => 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
+    'C014' => 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
+    'C015' => 'TLS_ECDH_anon_WITH_NULL_SHA',
+    'C016' => 'TLS_ECDH_anon_WITH_RC4_128_SHA',
+    'C017' => 'TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA',
+    'C018' => 'TLS_ECDH_anon_WITH_AES_128_CBC_SHA',
+    'C019' => 'TLS_ECDH_anon_WITH_AES_256_CBC_SHA',
+    'C01A' => 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA',
+    'C01B' => 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA',
+    'C01C' => 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA',
+    'C01D' => 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA',
+    'C01E' => 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA',
+    'C01F' => 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA',
+    'C020' => 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA',
+    'C021' => 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA',
+    'C022' => 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA',
+    'C023' => 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
+    'C024' => 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
+    'C025' => 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256',
+    'C026' => 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384',
+    'C027' => 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
+    'C028' => 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
+    'C029' => 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256',
+    'C02A' => 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384',
+    'C02B' => 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
+    'C02C' => 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
+    'C02D' => 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256',
+    'C02E' => 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384',
+    'C02F' => 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
+    'C030' => 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
+    'C031' => 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256',
+    'C032' => 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384',
+    'C033' => 'TLS_ECDHE_PSK_WITH_RC4_128_SHA',
+    'C034' => 'TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA',
+    'C035' => 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA',
+    'C036' => 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA',
+    'C037' => 'TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256',
+    'C038' => 'TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384',
+    'C039' => 'TLS_ECDHE_PSK_WITH_NULL_SHA',
+    'C03A' => 'TLS_ECDHE_PSK_WITH_NULL_SHA256',
+    'C03B' => 'TLS_ECDHE_PSK_WITH_NULL_SHA384',
+    'C03C' => 'TLS_RSA_WITH_ARIA_128_CBC_SHA256',
+    'C03D' => 'TLS_RSA_WITH_ARIA_256_CBC_SHA384',
+    'C03E' => 'TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256',
+    'C03F' => 'TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384',
+    'C040' => 'TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256',
+    'C041' => 'TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384',
+    'C042' => 'TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256',
+    'C043' => 'TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384',
+    'C044' => 'TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256',
+    'C045' => 'TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384',
+    'C046' => 'TLS_DH_anon_WITH_ARIA_128_CBC_SHA256',
+    'C047' => 'TLS_DH_anon_WITH_ARIA_256_CBC_SHA384',
+    'C048' => 'TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256',
+    'C049' => 'TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384',
+    'C04A' => 'TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256',
+    'C04B' => 'TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384',
+    'C04C' => 'TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256',
+    'C04D' => 'TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384',
+    'C04E' => 'TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256',
+    'C04F' => 'TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384',
+    'C050' => 'TLS_RSA_WITH_ARIA_128_GCM_SHA256',
+    'C051' => 'TLS_RSA_WITH_ARIA_256_GCM_SHA384',
+    'C052' => 'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256',
+    'C053' => 'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384',
+    'C054' => 'TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256',
+    'C055' => 'TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384',
+    'C056' => 'TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256',
+    'C057' => 'TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384',
+    'C058' => 'TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256',
+    'C059' => 'TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384',
+    'C05A' => 'TLS_DH_anon_WITH_ARIA_128_GCM_SHA256',
+    'C05B' => 'TLS_DH_anon_WITH_ARIA_256_GCM_SHA384',
+    'C05C' => 'TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256',
+    'C05D' => 'TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384',
+    'C05E' => 'TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256',
+    'C05F' => 'TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384',
+    'C060' => 'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256',
+    'C061' => 'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384',
+    'C062' => 'TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256',
+    'C063' => 'TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384',
+    'C064' => 'TLS_PSK_WITH_ARIA_128_CBC_SHA256',
+    'C065' => 'TLS_PSK_WITH_ARIA_256_CBC_SHA384',
+    'C066' => 'TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256',
+    'C067' => 'TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384',
+    'C068' => 'TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256',
+    'C069' => 'TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384',
+    'C06A' => 'TLS_PSK_WITH_ARIA_128_GCM_SHA256',
+    'C06B' => 'TLS_PSK_WITH_ARIA_256_GCM_SHA384',
+    'C06C' => 'TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256',
+    'C06D' => 'TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384',
+    'C06E' => 'TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256',
+    'C06F' => 'TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384',
+    'C070' => 'TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256',
+    'C071' => 'TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384',
+    'C072' => 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256',
+    'C073' => 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384',
+    'C074' => 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256',
+    'C075' => 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384',
+    'C076' => 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
+    'C077' => 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384',
+    'C078' => 'TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256',
+    'C079' => 'TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384',
+    'C07A' => 'TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256',
+    'C07B' => 'TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384',
+    'C07C' => 'TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256',
+    'C07D' => 'TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384',
+    'C07E' => 'TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256',
+    'C07F' => 'TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384',
+    'C080' => 'TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256',
+    'C081' => 'TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384',
+    'C082' => 'TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256',
+    'C083' => 'TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384',
+    'C084' => 'TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256',
+    'C085' => 'TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384',
+    'C086' => 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256',
+    'C087' => 'TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384',
+    'C088' => 'TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256',
+    'C089' => 'TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384',
+    'C08A' => 'TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256',
+    'C08B' => 'TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384',
+    'C08C' => 'TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256',
+    'C08D' => 'TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384',
+    'C08E' => 'TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256',
+    'C08F' => 'TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384',
+    'C090' => 'TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256',
+    'C091' => 'TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384',
+    'C092' => 'TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256',
+    'C093' => 'TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384',
+    'C094' => 'TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256',
+    'C095' => 'TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384',
+    'C096' => 'TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256',
+    'C097' => 'TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384',
+    'C098' => 'TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256',
+    'C099' => 'TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384',
+    'C09A' => 'TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256',
+    'C09B' => 'TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384',
+    'C09C' => 'TLS_RSA_WITH_AES_128_CCM',
+    'C09D' => 'TLS_RSA_WITH_AES_256_CCM',
+    'C09E' => 'TLS_DHE_RSA_WITH_AES_128_CCM',
+    'C09F' => 'TLS_DHE_RSA_WITH_AES_256_CCM',
+    'C0A0' => 'TLS_RSA_WITH_AES_128_CCM_8',
+    'C0A1' => 'TLS_RSA_WITH_AES_256_CCM_8',
+    'C0A2' => 'TLS_DHE_RSA_WITH_AES_128_CCM_8',
+    'C0A3' => 'TLS_DHE_RSA_WITH_AES_256_CCM_8',
+    'C0A4' => 'TLS_PSK_WITH_AES_128_CCM',
+    'C0A5' => 'TLS_PSK_WITH_AES_256_CCM',
+    'C0A6' => 'TLS_DHE_PSK_WITH_AES_128_CCM',
+    'C0A7' => 'TLS_DHE_PSK_WITH_AES_256_CCM',
+    'C0A8' => 'TLS_PSK_WITH_AES_128_CCM_8',
+    'C0A9' => 'TLS_PSK_WITH_AES_256_CCM_8',
+    'C0AA' => 'TLS_PSK_DHE_WITH_AES_128_CCM_8',
+    'C0AB' => 'TLS_PSK_DHE_WITH_AES_256_CCM_8',
+    'C0AC' => 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM',
+    'C0AD' => 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM',
+    'C0AE' => 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8',
+    'C0AF' => 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8',
+    'CCA8' => 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305',
+    'CCA9' => 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',
+    'CCAA' => 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305',
+    'CCAB' => 'TLS_PSK_WITH_CHACHA20_POLY1305',
+    'CCAC' => 'TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305',
+    'CCAD' => 'TLS_DHE_PSK_WITH_CHACHA20_POLY1305',
+    'CCAE' => 'TLS_RSA_PSK_WITH_CHACHA20_POLY1305',
+    'CC13' => 'OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
+    'CC14' => 'OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
+    'CC15' => 'OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
+    'FEFE' => 'SSL_RSA_FIPS_WITH_DES_CBC_SHA',
+    'FEFF' => 'SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA',
+    'FFE0' => 'SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA',
+    'FFE1' => 'SSL_RSA_FIPS_WITH_DES_CBC_SHA',
+  }.invert.freeze
+end

data/lib/sslshake/common.rb

@@ -0,0 +1,59 @@
+# encoding: utf-8
+# copyright: 2016, Dominik Richter
+# license: MPLv2
+
+module SSLShake
+  class Alert < ::StandardError; end
+  class UserError < ::StandardError; end
+  class NotYetImplementedError < ::StandardError; end
+
+  module CommonHelpers
+    def int_bytes(i, len = 1)
+      format("%0#{len * 2}x", i)
+    end
+
+    def socket_read(socket, bytes, timeout, retries)
+      timeout ||= 1
+      retries ||= 2
+      if socket.closed?
+        fail Alert, 'No response, socket is closed.'
+      end
+
+      begin
+        res = socket.read_nonblock(bytes)
+      rescue IO::WaitReadable
+        IO.select([socket], nil, nil, timeout)
+        retries -= 1
+        retry if retries >= 0
+        raise Alert, 'Timeout while reading data.'
+      rescue IO::WaitWritable
+        IO.select(nil, [socket], nil, timeout)
+        retries -= 1
+        retry if retries >= 0
+        raise Alert, 'Timeout while waiting for socket to be writable.'
+      rescue EOFError
+        raise Alert, 'Failed to read, EOF reached.'
+      end
+
+      fail Alert, 'No data received' if res.nil?
+      res
+    end
+
+    def cipher_string(ciphers, search)
+      case search
+      when Proc
+        ciphers.select(&search).values.join
+      when String
+        ciphers[search] || search
+      when Regexp
+        ciphers.select { |k, _| k =~ search }.values.join
+      when Array
+        search.map { |i| cipher_string(ciphers, i) }.join
+      when nil
+        ciphers.values.join
+      else
+        fail UserError, 'Please provide a search string, regex, or list for SSL ciphers.'
+      end
+    end
+  end
+end

data/lib/sslshake/sslv2.rb

@@ -0,0 +1,98 @@
+# encoding: utf-8
+# copyright: 2016, Dominik Richter
+# license: MPLv2
+
+require 'sslshake/common'
+require 'sslshake/ciphers'
+
+module SSLShake
+  class SSLv2
+    # https://tools.ietf.org/html/draft-hickman-netscape-ssl-00
+    # http://www.homeport.org/~adam/ssl.html
+    include CommonHelpers
+
+    VERSIONS = {
+      'ssl2' => '0002',
+    }.freeze
+
+    CIPHERS = ::SSLShake::CIPHERS.select { |k, _| k.start_with? 'SSL_CK_' }
+
+    MESSAGE_TYPES = {
+      'ERROR'               => '00',
+      'CLIENT_HELLO'        => '01',
+      'CLIENT_MASTER_KEY'   => '02',
+      'CLIENT_FINISHED'     => '03',
+      'SERVER_HELLO'        => '04',
+      'SERVER_VERIFY'       => '05',
+      'SERVER_FINISHED'     => '06',
+      'REQUEST_CERTIFICATE' => '07',
+      'CLIENT_CERTIFICATE'  => '08',
+    }.freeze
+
+    def hello(cipher_search = nil)
+      ciphers = cipher_string(CIPHERS, cipher_search)
+      challenge = SecureRandom.hex(16)
+      content = MESSAGE_TYPES['CLIENT_HELLO'] +
+                VERSIONS['ssl2'] +
+                int_bytes(ciphers.length / 2, 2) +
+                '0000' + # session id length
+                int_bytes(challenge.length / 2, 2) +
+                ciphers +
+                challenge
+      length = int_bytes((content.length / 2) | 0x8000, 2)
+      res = length + content
+      [res].pack('H*')
+    end
+
+    def parse_hello(socket, opts)
+      res = {}
+      head = socket_read(socket, 2, opts[:timeout], opts[:retries])
+             .unpack('H*')[0].upcase.to_i(16)
+      if (head & 0x8000) == 0
+        fail NotYetImplementedError, 'Cannot yet handle SSLv2 responses with first bit set to 0'
+      end
+
+      len = head & 0x7fff
+      res['raw'] = response = socket.read(len).unpack('H*')[0].upcase
+      raw = response.scan(/../)
+
+      res['message_type'] = MESSAGE_TYPES.key(raw.shift)
+      if res['message_type'] == 'ERROR'
+        fail Alert, 'SSL handshake responded with an error.'
+      end
+
+      res['session_id_hit'] = raw.shift
+      res['cert_type'] = raw.shift
+      version = raw.shift(2).join
+      res['version'] = VERSIONS.key(version)
+      if res['version'].nil?
+        fail Alert, 'This does not look like a valid SSLv2 response; version bits are empty, no response.'
+      end
+
+      cert_len = raw.shift(2).join.to_i(16)
+      ciphers_len = raw.shift(2).join.to_i(16)
+      connection_id_len = raw.shift(2).join.to_i(16)
+
+      while raw.length < cert_len
+        cur = socket.gets
+        sleep 0.1 && next if cur.nil?
+        raw += cur.unpack('H*')[0].upcase.scan(/../)
+        print '.'
+        print raw.length
+      end
+
+      res['certificate'] = raw.shift(cert_len).join
+      res['ciphers'] = raw.shift(ciphers_len).join.scan(/....../).map do |id|
+        CIPHERS.key(id)
+      end
+      res['connection_id'] = raw.shift(connection_id_len).join
+      res['success'] = true
+
+      res
+    rescue SystemCallError, Alert => _
+      return { 'error' => 'Failed to parse response. The connection was terminated.' }
+    rescue NotYetImplementedError => e
+      return { 'error' => 'Failed to parse response. ' + e.message }
+    end
+  end
+end

data/lib/sslshake/tls.rb

@@ -0,0 +1,140 @@
+# encoding: utf-8
+# copyright: 2016, Dominik Richter
+# license: MPLv2
+
+require 'sslshake/common'
+require 'sslshake/ciphers'
+
+module SSLShake
+  class TLS # rubocop:disable Metrics/ClassLength
+    include CommonHelpers
+
+    VERSIONS = {
+      'ssl3'   => '0300',
+      'tls1.0' => '0301',
+      'tls1.1' => '0302',
+      'tls1.2' => '0303',
+    }.freeze
+
+    CONTENT_TYPES = {
+      'ChangeCipherSpec' => '14',
+      'Alert'            => '15',
+      'Handshake'        => '16',
+      'Application'      => '17',
+      'Heartbeat'        => '18',
+    }.freeze
+
+    HANDSHAKE_TYPES = {
+      'HelloRequest'       => '00',
+      'ClientHello'        => '01',
+      'ServerHello'        => '02',
+      'NewSessionTicket'   => '04',
+      'Certificate'        => '11',
+      'ServerKeyExchange'  => '12',
+      'CertificateRequest' => '13',
+      'ServerHelloDone'    => '14',
+      'CertificateVerify'  => '15',
+      'ClientKeyExchange'  => '16',
+      'Finished'           => '20',
+    }.freeze
+
+    # https://tools.ietf.org/html/rfc6101#appendix-A.6
+    SSL3_CIPHERS = ::SSLShake::CIPHERS.select { |_, v| v < '001F' && v.length == 4 }
+    TLS_CIPHERS = ::SSLShake::CIPHERS.select { |k, _| k.start_with? 'TLS_' }
+    TLS10_CIPHERS = TLS_CIPHERS.select { |_, v| v[0] == '0' && v[1] == '0' }
+
+    # Additional collection of ciphers used by different apps and versions
+    OPENSSL_1_0_2_TLS10_CIPHERS = 'c014c00ac022c021c02000390038003700360088008700860085c00fc00500350084c013c009c01fc01ec01d00330032008000810082008300310030009a0099009800970045004400430042c00ec004002f009600410007c011c0070066c00cc00200050004c012c008c01cc01bc01a001600130010000dc00dc003000a006300150012000f000c006200090065006400140011000e000b00080006000300ff'.freeze
+    OPENSSL_1_0_2_TLS11_CIPHERS = 'c014c00ac022c021c02000390038003700360088008700860085c00fc00500350084c013c009c01fc01ec01d00330032008000810082008300310030009a0099009800970045004400430042c00ec004002f009600410007c011c0070066c00cc00200050004c012c008c01cc01bc01a001600130010000dc00dc003000a006300150012000f000c006200090065006400140011000e000b00080006000300ff'.freeze
+    OPENSSL_1_0_2_TLS12_CIPHERS = 'cc14cc13cc15c030c02cc028c024c014c00a00a500a300a1009f006b006a006900680039003800370036c077c07300c400c300c200c1008800870086008500810080c032c02ec02ac026c00fc005c079c075009d003d003500c000840095c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030c076c07200be00bd00bc00bb009a0099009800970045004400430042c031c02dc029c025c00ec004c078c074009c003c002f00ba0096004100070094c011c0070066c00cc002000500040092c012c008001600130010000dc00dc003000a009300150012000f000c000900ff'.freeze
+
+    def ssl_record(content_type, content, version)
+      res = content_type + version + int_bytes(content.length / 2, 2) + content
+      [res].pack('H*')
+    end
+
+    def ssl_hello(content, version)
+      ssl_record(
+        CONTENT_TYPES['Handshake'],
+        HANDSHAKE_TYPES['ClientHello'] + int_bytes(content.length / 2, 3) + content,
+        version,
+      )
+    end
+
+    def hello(version, cipher_search = nil, extensions = nil)
+      case version
+      when 'ssl3'
+        ciphers = cipher_string(SSL3_CIPHERS, cipher_search)
+      when 'tls1.0', 'tls1.1'
+        ciphers = cipher_string(TLS10_CIPHERS, cipher_search)
+      when 'tls1.2'
+        ciphers = cipher_string(TLS_CIPHERS, cipher_search)
+      else
+        fail UserError, "This version is not supported: #{version.inspect}"
+      end
+      hello_tls(version, ciphers, extensions || '')
+    end
+
+    def parse_hello(socket, opts) # rubocop:disable Meterics/AbcSize
+      raw = socket_read(socket, 5, opts[:timeout], opts[:retries])
+            .unpack('H*')[0].upcase.scan(/../)
+      type = raw.shift
+      if type == CONTENT_TYPES['Alert']
+        return { 'error' => 'SSL Alert.' }
+      end
+      unless type == CONTENT_TYPES['Handshake']
+        return { 'error' => 'Failed to parse response. It is not an SSL handshake.' }
+      end
+
+      res = {}
+      res['version'] = VERSIONS.key(raw.shift(2).join(''))
+      len = raw.shift(2).join.to_i(16)
+
+      res['raw'] = response = socket.read(len).unpack('H*')[0].upcase
+      raw = response.scan(/../)
+
+      res['handshake_type'] = HANDSHAKE_TYPES.key(raw.shift)
+      _len = raw.shift(3)
+
+      res['handshake_tls_version'] = VERSIONS.key(raw.shift(2).join(''))
+      res['random'] = raw.shift(32).join('')
+
+      len = raw.shift.to_i(16)
+      res['session_id'] = raw.shift(len).join('')
+      ciphers =
+        case res['version']
+        when 'ssl3'
+          SSL3_CIPHERS
+        else
+          TLS_CIPHERS
+        end
+      res['cipher_suite'] = ciphers.key(raw.shift(2).join(''))
+      res['compression_method'] = raw.shift
+      res['success'] = true
+      res['success'] = (res['version'] == opts[:protocol]) unless opts[:protocol].nil?
+
+      res
+    rescue SystemCallError, Alert => _
+      return { 'error' => 'Failed to parse response. The connection was terminated.' }
+    end
+
+    private
+
+    def hello_tls(version, ciphers, extensions)
+      random = SecureRandom.hex(32)
+      session_id = ''
+      compressions = '00'
+      c = VERSIONS[version] +
+          random +
+          int_bytes(session_id.length / 2, 1) +
+          session_id +
+          int_bytes(ciphers.length / 2, 2) +
+          ciphers +
+          int_bytes(compressions.length / 2, 1) +
+          compressions +
+          int_bytes(extensions.length / 2, 2) +
+          extensions
+      ssl_hello(c, VERSIONS[version])
+    end
+  end
+end

data/lib/sslshake/version.rb

@@ -0,0 +1,7 @@
+# encoding: utf-8
+# copyright: 2016, Dominik Richter
+# license: MPLv2
+
+module SSLShake
+  VERSION = '1.0.12'.freeze
+end

data/sslshake.gemspec

@@ -0,0 +1,18 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sslshake/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'sslshake'
+  spec.version       = SSLShake::VERSION
+  spec.authors       = ['Dominik Richter']
+  spec.email         = ['dominik.richter@gmail.com']
+  spec.summary       = 'Ruby library for pure SSL/TLS handshake testing.'
+  spec.description   = 'This is a library to simulate SSL and TLS handshake from SSLv2, SSLv3, to TLS 1.0-1.2. It does not rely on OpenSSL and is not designed as a replacement either. It targets full support for even older handshakes, which are not available in current releases of OpenSSL anymore. It also aims to be executable on all systems with a sufficiently modern version of Ruby without any additional requirements or pre-compiled binaries.'
+  spec.homepage      = 'https://github.com/arlimus/sslshake'
+  spec.license       = 'MPLv2'
+
+  spec.files = `git ls-files -z`.split("\x0").reject {|f| f.match(%r{^(test|spec|features)/}) }
+  spec.require_paths = ['lib']
+end

metadata

@@ -0,0 +1,58 @@
+--- !ruby/object:Gem::Specification
+name: sslshake
+version: !ruby/object:Gem::Version
+  version: 1.0.12
+platform: ruby
+authors:
+- Dominik Richter
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-08-15 00:00:00.000000000 Z
+dependencies: []
+description: This is a library to simulate SSL and TLS handshake from SSLv2, SSLv3,
+  to TLS 1.0-1.2. It does not rely on OpenSSL and is not designed as a replacement
+  either. It targets full support for even older handshakes, which are not available
+  in current releases of OpenSSL anymore. It also aims to be executable on all systems
+  with a sufficiently modern version of Ruby without any additional requirements or
+  pre-compiled binaries.
+email:
+- dominik.richter@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- README.md
+- lib/sslshake.rb
+- lib/sslshake/ciphers.rb
+- lib/sslshake/common.rb
+- lib/sslshake/sslv2.rb
+- lib/sslshake/tls.rb
+- lib/sslshake/version.rb
+- sslshake.gemspec
+homepage: https://github.com/arlimus/sslshake
+licenses:
+- MPLv2
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Ruby library for pure SSL/TLS handshake testing.
+test_files: []