Default min_version: to 1 for all TLS methods (closes #500).

* This will allow using TLS 1, 1.1, or 1.2, instead of always using TLS 1.2.

Author: postmodern

lib/ronin/support/network/tls.rb

@@ -42,8 +42,8 @@ module TLS
         #
         # @api semipublic
         #
-        def self.context(version: 1.2, **kwargs)
-          SSL.context(version: version, **kwargs)
+        def self.context(min_version: 1, **kwargs)
+          SSL.context(min_version: min_version, **kwargs)
         end
 
         #
@@ -92,8 +92,8 @@ def self.context(version: 1.2, **kwargs)
         #
         # @since 1.1.0
         #
-        def self.socket(socket, version: 1.2, **kwargs)
-          SSL.socket(socket,version: version, **kwargs)
+        def self.socket(socket, min_version: 1, **kwargs)
+          SSL.socket(socket,min_version: min_version, **kwargs)
         end
 
         #
@@ -162,8 +162,8 @@ def self.socket(socket, version: 1.2, **kwargs)
         #
         # @since 1.1.0
         #
-        def self.open?(host,port, version: 1.2, **kwargs)
-          SSL.open?(host,port, version: version, **kwargs)
+        def self.open?(host,port, min_version: 1, **kwargs)
+          SSL.open?(host,port, min_version: min_version, **kwargs)
         end
 
         #
@@ -241,8 +241,8 @@ def self.open?(host,port, version: 1.2, **kwargs)
         #
         # @since 1.1.0
         #
-        def self.connect(host,port, version: 1.2, **kwargs, &block)
-          SSL.connect(host,port, version: version, **kwargs, &block)
+        def self.connect(host,port, min_version: 1, **kwargs, &block)
+          SSL.connect(host,port, min_version: min_version, **kwargs, &block)
         end
 
         #
@@ -306,8 +306,8 @@ def self.connect(host,port, version: 1.2, **kwargs, &block)
         #
         # @since 1.1.0
         #
-        def self.connect_and_send(data,host,port, version: 1.2, **kwargs, &block)
-          SSL.connect_and_send(data,host,port, version: version, **kwargs, &block)
+        def self.connect_and_send(data,host,port, min_version: 1, **kwargs, &block)
+          SSL.connect_and_send(data,host,port, min_version: min_version, **kwargs, &block)
         end
 
         #
@@ -366,8 +366,8 @@ def self.connect_and_send(data,host,port, version: 1.2, **kwargs, &block)
         #
         # @since 1.1.0
         #
-        def self.get_cert(host,port, version: 1.2, **kwargs)
-          SSL.get_cert(host,port, version: version, **kwargs)
+        def self.get_cert(host,port, min_version: 1, **kwargs)
+          SSL.get_cert(host,port, min_version: min_version, **kwargs)
         end
 
         #
@@ -436,8 +436,8 @@ def self.get_cert(host,port, version: 1.2, **kwargs)
         #
         # @since 1.1.0
         #
-        def self.banner(host,port, version: 1.2, **kwargs, &block)
-          SSL.banner(host,port, version: version, **kwargs, &block)
+        def self.banner(host,port, min_version: 1, **kwargs, &block)
+          SSL.banner(host,port, min_version: min_version, **kwargs, &block)
         end
 
         #
@@ -504,8 +504,8 @@ def self.banner(host,port, version: 1.2, **kwargs, &block)
         #
         # @since 1.1.0
         #
-        def self.send(data,host,port, version: 1.2, **kwargs)
-          SSL.send(data,host,port, version: version, **kwargs)
+        def self.send(data,host,port, min_version: 1, **kwargs)
+          SSL.send(data,host,port, min_version: min_version, **kwargs)
         end
 
         #
@@ -536,8 +536,8 @@ def self.send(data,host,port, version: 1.2, **kwargs)
         #
         # @since 1.1.0
         #
-        def self.server_socket(socket, version: 1.2, **kwargs)
-          SSL.server_socket(socket, version: version, **kwargs)
+        def self.server_socket(socket, min_version: 1, **kwargs)
+          SSL.server_socket(socket, min_version: min_version, **kwargs)
         end
 
         #
@@ -595,8 +595,8 @@ def self.server_socket(socket, version: 1.2, **kwargs)
         #
         # @since 1.1.0
         #
-        def self.server(version: 1.2, **kwargs, &block)
-          SSL.server(version: version, **kwargs, &block)
+        def self.server(version: 1, **kwargs, &block)
+          SSL.server(min_version: min_version, **kwargs, &block)
         end
 
         #
@@ -655,8 +655,8 @@ def self.server(version: 1.2, **kwargs, &block)
         #
         # @since 1.1.0
         #
-        def self.server_session(version: 1.2, **kwargs, &block)
-          SSL.server_session(version: version, **kwargs, &block)
+        def self.server_session(min_version: 1, **kwargs, &block)
+          SSL.server_session(min_version: min_version, **kwargs, &block)
         end
 
         #
@@ -724,8 +724,8 @@ def self.server_session(version: 1.2, **kwargs, &block)
         #
         # @since 1.1.0
         #
-        def self.server_loop(version: 1.2, **kwargs, &block)
-          SSL.server_loop(version: 1.2, **kwargs, &block)
+        def self.server_loop(min_version: 1, **kwargs, &block)
+          SSL.server_loop(min_version: min_version, **kwargs, &block)
         end
 
         #
@@ -796,8 +796,8 @@ def self.server_loop(version: 1.2, **kwargs, &block)
         #
         # @since 1.1.0
         #
-        def self.accept(version: 1.2, **kwargs, &block)
-          SSL.accept(version: version, **kwargs, &block)
+        def self.accept(min_version: 1, **kwargs, &block)
+          SSL.accept(min_version: min_version, **kwargs, &block)
         end
       end
     end

lib/ronin/support/network/tls/mixin.rb

@@ -67,8 +67,8 @@ module Mixin
           #
           # @api semipublic
           #
-          def tls_context(version: 1.2, **kwargs)
-            TLS.context(version: version, **kwargs)
+          def tls_context(min_version: 1, **kwargs)
+            TLS.context(min_version: min_version, **kwargs)
           end
 
           #

spec/network/tls/mixin_spec.rb

@@ -48,10 +48,9 @@
       context "when no version: keyword argument is given" do
         let(:context) { double(OpenSSL::SSL::SSLContext) }
 
-        it "must call OpenSSL::SSL::SSLContext#ssl_version= with OpenSSL::SSL::TLS1_2_VERSION" do
+        it "must call OpenSSL::SSL::SSLContext#min_version= with OpenSSL::SSL::TLS1_VERSION" do
           expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
-          expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
-          expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
+          expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
           allow(context).to receive(:verify_mode=).with(0)
 
           subject.tls_context
@@ -141,6 +140,165 @@
         end
       end
 
+      context "when given the min_version: keyword argument" do
+        let(:context) { double(OpenSSL::SSL::SSLContext) }
+
+        context "and it's 1" do
+          it "must call OpenSSL::SSL::SSLContext#min_version= with OpenSSL::SSL::TLS1_VERSION" do
+            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+            allow(context).to receive(:verify_mode=).with(0)
+
+            subject.tls_context(min_version: 1)
+          end
+        end
+
+        context "and it's 1.1" do
+          it "must call OpenSSL::SSL::SSLContext#min_version= with OpenSSL::SSL::TLS1_1_VERSION" do
+            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_1_VERSION)
+            allow(context).to receive(:verify_mode=).with(0)
+
+            subject.tls_context(min_version: 1.1)
+          end
+        end
+
+        context "and it's 1_2" do
+          it "must call OpenSSL::SSL::SSLContext#min_version= with OpenSSL::SSL::TLS1_2_VERSION" do
+            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
+            allow(context).to receive(:verify_mode=).with(0)
+
+            subject.tls_context(min_version: 1.2)
+          end
+        end
+
+        context "and it's a Symbol" do
+          let(:symbol) { :TLS1 }
+
+          it "must call OpenSSL::SSL::SSLContext#min_version= with the Symbol" do
+            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+            expect(context).to receive(:min_version=).with(symbol)
+            allow(context).to receive(:verify_mode=).with(0)
+
+            subject.tls_context(min_version: symbol)
+          end
+
+          context "but it's :TLSv1" do
+            it "must call OpenSSL::SSL::SSLContext#min_version= with OpenSSL::SSL::TLS1_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
+
+              subject.tls_context(min_version: :TLSv1)
+            end
+          end
+
+          context "but it's :TLSv1_1" do
+            it "must call OpenSSL::SSL::SSLContext#min_version= with OpenSSL::SSL::TLS1_1_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_1_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
+
+              subject.tls_context(min_version: :TLSv1_1)
+            end
+          end
+
+          context "but it's :TLSv1_2" do
+            it "must call OpenSSL::SSL::SSLContext#min_version= with OpenSSL::SSL::TLS1_2_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
+
+              subject.tls_context(min_version: :TLSv1_2)
+            end
+          end
+        end
+      end
+
+      context "when given the max_version: keyword argument" do
+        let(:context) { double(OpenSSL::SSL::SSLContext) }
+
+        context "and it's 1" do
+          it "must call OpenSSL::SSL::SSLContext#max_version= with OpenSSL::SSL::TLS1_VERSION" do
+            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+            expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_VERSION)
+            allow(context).to receive(:verify_mode=).with(0)
+
+            subject.tls_context(max_version: 1)
+          end
+        end
+
+        context "and it's 1.1" do
+          it "must call OpenSSL::SSL::SSLContext#max_version= with OpenSSL::SSL::TLS1_1_VERSION" do
+            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+            expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_1_VERSION)
+            allow(context).to receive(:verify_mode=).with(0)
+
+            subject.tls_context(max_version: 1.1)
+          end
+        end
+
+        context "and it's 1_2" do
+          it "must call OpenSSL::SSL::SSLContext#max_version= with OpenSSL::SSL::TLS1_2_VERSION" do
+            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+            expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
+            allow(context).to receive(:verify_mode=).with(0)
+
+            subject.tls_context(max_version: 1.2)
+          end
+        end
+
+        context "and it's a Symbol" do
+          let(:symbol) { :TLS1 }
+
+          it "must call OpenSSL::SSL::SSLContext#max_version= with the Symbol" do
+            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+            expect(context).to receive(:max_version=).with(symbol)
+            allow(context).to receive(:verify_mode=).with(0)
+
+            subject.tls_context(max_version: symbol)
+          end
+
+          context "but it's :TLSv1" do
+            it "must call OpenSSL::SSL::SSLContext#max_version= with OpenSSL::SSL::TLS1_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+              expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
+
+              subject.tls_context(max_version: :TLSv1)
+            end
+          end
+
+          context "but it's :TLSv1_1" do
+            it "must call OpenSSL::SSL::SSLContext#max_version= with OpenSSL::SSL::TLS1_1_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+              expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_1_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
+
+              subject.tls_context(max_version: :TLSv1_1)
+            end
+          end
+
+          context "but it's :TLSv1_2" do
+            it "must call OpenSSL::SSL::SSLContext#max_version= with OpenSSL::SSL::TLS1_2_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+              expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
+
+              subject.tls_context(max_version: :TLSv1_2)
+            end
+          end
+        end
+      end
+
       describe "when given the verify: keyword argument" do
         subject { super().tls_context(verify: :peer) }