SSL cipher test

ciphers.rb

#!/usr/bin/env ruby
require 'openssl'
require 'socket'

METHODS = OpenSSL::SSL::SSLContext::METHODS.select {|m| (m.to_s =~ /_(client|server)$/).nil?}
PORT = 443
HOST = ARGV[0] || 'qa.stripe.com'

IN_BUFFER = []
OUT_BUFFER = []


def get_socket(host, version, ciphers = nil)
  # ctx = OpenSSL::SSL::SSLContext.new(:SSLv2)
  ctx = OpenSSL::SSL::SSLContext.new(version)
  ctx.ciphers = ciphers if ciphers
  # ctx = OpenSSL::SSL::SSLContext.new()
  s = Socket.new(:AF_INET, :SOCK_STREAM)
  addr = Socket.pack_sockaddr_in(PORT, host)
  s.connect(addr)

  def s.write(*args)
    OUT_BUFFER << args
  end

  def s.read(*args)
    IN_BUFFER << ARGS
  end

  ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)

  ssl
end

METHODS.each do |m|
  puts "[+] Testing #{m}"
  begin
    s = get_socket(HOST, m)
    s.connect
    puts "Cipher after connect: #{s.cipher.inspect}"
    # Send some data
    s.write("GET / HTTP/1.0\r\n\r\n")
    puts s.read(1024).split(/\n/).first

    [IN_BUFFER, OUT_BUFFER].each do |buf|
      puts buf.shift.inspect until buf.empty?
    end

  rescue OpenSSL::SSL::SSLError => e
    puts "[!] #{e.inspect}"
  end

  if m == :SSLv3
    puts "[+] Testing #{m}'s complete range of supported ciphers"

    s.context.ciphers.each do |c|
      begin
        s = get_socket(HOST, m, [c])
        puts "[+] Trying: #{c}"
        s.connect
        puts "Cipher after connect: #{s.cipher.inspect}"
        s.write("GET / HTTP/1.0\r\n\r\n")
      rescue OpenSSL::SSL::SSLError => e
        puts "[!] #{e.inspect}"
      end
    end
  end
end