private CipherSuite choosePskCipherSuite(List<CipherSuite> cipherSuiteList) { for (CipherSuite suite : cipherSuiteList) { if (suite.isPsk()) { return suite; } } return null; }
/** * * @return */ @Override public Boolean isVulnerable() { Config tlsConfig = getTlsConfig(); CONSOLE.info("Started TLS-Server - waiting for a client to Connect..."); State state = executeClientHelloWorkflow(tlsConfig); TlsContext tlsContext = state.getTlsContext(); if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.CLIENT_HELLO, state.getWorkflowTrace())) { for (CipherSuite cipherSuite : tlsContext.getClientSupportedCiphersuites()) { if (cipherSuite.isPsk()) { CONSOLE.info("The Client uses Psk. If he uses a weak Password he is vulnerable."); return null; } } CONSOLE.info("The Client is not supporting Psk."); return false; } else { CONSOLE.info("Did not receive a ClientHello Message - check the Debug output!"); return false; } }
/** * * @return */ @Override public Config createConfig() { Config config = super.createConfig(); if (ciphersuiteDelegate.getCipherSuites() == null) { List<CipherSuite> cipherSuiteList = new LinkedList<>(); for (CipherSuite cipherSuite : CipherSuite.getImplemented()) { if (cipherSuite.isPsk()) { cipherSuiteList.add(cipherSuite); } } config.setDefaultClientSupportedCiphersuites(cipherSuiteList); } config.setQuickReceive(true); config.setEarlyStop(true); config.setStopActionsAfterFatal(true); return config; }
List<CipherSuite> cipherSuites = new LinkedList<>(); for (CipherSuite suite : CipherSuite.getImplemented()) { if (suite.isCBC() && !suite.isPsk() && !suite.isSrp()) { cipherSuites.add(suite);