#!/usr/local/bin/perl

# $Id: ssl_2,v 1.6 2000/02/15 11:59:05 fbm Exp fbm $
#
# Copyright (C) 1997,1998 Farrell McKay
# All rights reserved.
#
# This is a CGI-BIN script that reports on the strength of an incoming
# SSL connection to an Apache-SSL web server.  The script looks for
# certain SSL related environment variables.  Depending on the values
# found, one of a number of possible HTML reports is produced.
#
# This code is provided to the recipient under the
# following terms and conditions:-
#   1.  This copyright notice must not be removed or modified.
#   2.  This toolkit may not be reproduced or included in any commercial
#       media distribution, or commercial publication (for example CD-ROM,
#       disk, book, magazine, journal) without first obtaining the author's
#       express permission.
#   3.  This toolkit, or any component of this toolkit, may not be
#       used, resold, redeveloped, rewritten, enhanced or otherwise
#       employed by a commercial organisation, or as part of a commercial
#       venture, without first obtaining the author's express permission.
#   4.  Subject to the above conditions being observed (1-3), this toolkit
#       may be freely reproduced or redistributed.
#   5.  To the extent permitted by applicable law, this software is
#       provided "as-is", without warranty of any kind, including
#       without limitation, the warrantees of merchantability,
#       freedom from defect, non-infringement, and fitness for
#       purpose.  In no event shall the author be liable for any
#       direct, indirect or consequential damages however arising
#       and however caused.
#   6.  Subject to the above conditions being observed (1-5),
#       this toolkit may be used at no cost to the recipient.
#
# Farrell McKay
# Wayfarer Systems Pty Ltd              contact@fortify.net

# Adjust this to suit your own web directory structure....
#
$imagedir="/images";

$version = "1.6";
$on = $ENV{'HTTPS'};
if ($ENV{'SSL_VERSION_LIBRARY'} =~ /OpenSSL/) {
	$browser = $ENV{'HTTP_USER_AGENT'};
	$keysz = $ENV{'SSL_CIPHER_USEKEYSIZE'};
	$cipher_alg = $ENV{'SSL_CIPHER'};
	$cipher = "$ENV{'SSL_CIPHER'}";
} else {
	$browser = $ENV{'HTTP_USER_AGENT'};
	$keysz = $ENV{'HTTPS_SECRETKEYSIZE'};
	$cipher_alg = $ENV{'HTTPS_CIPHER'};
	$cipher = "$ENV{'HTTPS_CIPHER'}";
}

$cipher_alg =~ s/EXP-//;
#$cipher_alg =~ s/-MD5//;
#$cipher_alg =~ s/-SHA//;
$cipher =~ s/-MD5//;
$cipher =~ s/-SHA//;

if ($cipher eq "DES-CBC3" || $cipher eq "EDH-RSA-DES-CBC3") {
	$keysz = "168";
} elsif ($cipher eq "RC4") {
	$keysz = "128";
} elsif ($cipher eq "DES-CBC" || $cipher eq "EXP-DES-CBC") {
	$keysz = "56";
}

sub table_row {
	my ($state, $img, $colour, $desc) = @_;
	print "    <tr>\n";
	print "      <td align=center width=5%><img src=\"$img\"></td>\n";
	print "      <td align=center";
	print "       bgcolor=\"$colour\"" if ($state);
	print "      ><font";
	print "       color=white" if ($state);
	print "      face=tahoma size=+1><b>$desc</b></font></td>\n";
	print "    </tr>\n";
}

print "Content-type: text/html\n\n";

print "<html>\n";
print "<head>\n";
print "<title>Fortify for Netscape - SSL Encryption Report</title>\n";
print "</head>\n";
print "<body bgcolor=\"#ffffff\" text=\"#000000\" link=blue vlink=purple alink=red>\n";
print "<p>\n";
print "<p>\n";
print "\&nbsp;\n";
print "<center>\n";

print "<table width=95% border=0>\n";
print "  <tr>\n";
print "    <td><img src=\"$imagedir/fortify_banner.jpg\" alt=\"fortify_banner.jpg\" width=400 height=60></td>\n";
print "    <td align=right valign=middle>\n";
print "      <font face=\"Helv,Arial,Verdana,New Century Schoolbook\" size=+2><b>\n";
print "        <a href=\"http://www.fortify.net/\">Fortify for Netscape</a><br>SSL Encryption Report\n";
print "      </font>\n";
print "    </td>\n";
print "  </tr>\n";
print "</table>\n";

print "<p>\n";
print "    <table width=60% cellpadding=0 border=0>\n";

#print "on=$on keysz=$keysz cipher_alg=$cipher_alg cipher=$cipher<br>\n";

table_row(($cipher eq "RC4"), "$imagedir/safe.gif", "#008800", "RC4 cipher, 128-bit key");
table_row(($cipher eq "RC2-CBC"), "$imagedir/safe.gif", "#008800", "RC2 cipher, 128-bit key");
table_row(($cipher eq "DES-CBC3" || $cipher eq "EDH-RSA-DES-CBC3"), "$imagedir/safe.gif", "#008800", "Triple-DES cipher, 168-bit key");
table_row(($cipher eq "IDEA-CBC"), "$imagedir/safe.gif", "#008800", "IDEA cipher, 128-bit key");
table_row(($cipher eq "DES-CBC" || $cipher eq "EXP-DES-CBC"), "$imagedir/envelop9.gif", "red", "DES cipher, 56-bit key");
table_row(($cipher eq "EXP-RC4"), "$imagedir/envelop9.gif", "red", "RC4-Export cipher, 40-bit key");
table_row(($cipher eq "EXP-RC2-CBC"), "$imagedir/envelop9.gif", "red", "RC2-Export cipher, 40-bit key");
table_row(($cipher eq "" || $cipher eq "NULL"), "$imagedir/readme.gif", "red", "No Encryption cipher");

print "    </table>\n";
print " <br>\n";
print " <br>\n";
print " <br>\n";
print " <font face=\"Helv,Arial,Verdana,New Century Schoolbook\">\n";

if ($cipher eq "RC4" || $cipher eq "RC2-CBC"
	|| $cipher eq "DES-CBC3" || $cipher eq "EDH-RSA-DES-CBC3"
	|| $cipher eq "IDEA-CBC") {
	print " You have connected to this web server using the $cipher_alg encryption cipher\n";
	print " with a secret key length of $keysz bits.\n";
	print " <p>\n";
	print " This is a high-grade encryption connection, regarded by most experts as being suitable\n";
	print " for sending or receiving even the most sensitive or valuable information\n";
	print " across a network.\n";
	print " <p>\n";
	print " In a crude analogy, using this cipher is similar to sending or storing your data inside\n";
	print " a high quality safe - compared to an export-grade cipher which is similar to using\n";
	print " a paper envelope to protect your data.\n";
	print " <p>\n";
	print " The U.S. Government classes this cipher as being a military weapon.  If you are\n";
	print " a non-U.S. citizen, they would prefer that you did not possess such technology\n";
	print " for general use.\n";
} elsif ($cipher eq "DES-CBC" || $cipher eq "EXP-DES-CBC" || $cipher eq "EXP-RC4" || $cipher eq "EXP-RC2-CBC") {
	print " You have connected to this web server using the $cipher_alg encryption cipher\n";
	print " with a secret key length of $keysz bits.\n";
	print " <p>\n";
	print " This is an export-grade encryption connection, widely regarded as being inadequate\n";
	print " for sending or receiving sensitive or valuable information\n";
	print " across a network.\n";
	print " If you use a Netscape web browser or mail reader, you should immediately\n";
	print " download and install <a href=\"http://www.fortify.net/\">Fortify for Netscape</a>.\n";
	print " <p>\n";
	print " In a crude analogy, using this cipher is similar to sending or storing your data inside\n";
	print " a paper envelope - compared to a U.S.-domestic grade cipher which is similar to using\n";
	print " a high quality safe to protect your data.\n";
	print " <p>\n";
	print " The U.S. Government classes this cipher as being suitable for sale to non-U.S. citizens.\n";
} elsif ($cipher eq "NULL" || $cipher eq "") {
	print " You have connected to this web server using <b>no encryption</b>.\n";
	print " <p>\n";
	print " Unencrypted data can potentially be viewed and/or altered as it travels\n";
	print " across a network connection.\n";
	print " <p>\n";
	print " In a crude analogy, using no encryption is similar to sending or storing your data\n";
	print " on a notepad in plain view.\n";
	print " <p>\n";
	print " If you wish to test your browser's encryption capabilities, then <a href=\"https://www.fortify.net/sslcheck.html\">click here</a>.\n";
} else {
	print " You have connected to this web server using an unrecognised cipher - $cipher.\n";
	print " <p>\n";
	print " Please send a mail notification of this event to <b>support\@fortify.net</b>\n";
	print " including details of how you triggered this condition.\n";
}

# Copyright message and attribution information.
# Please refer to clause (3) of the copyright notice, above.
#
print "<p>\n";
print "<br>\n";
print "<br>\n";
print "<b>Copyright &copy 1997, 1998. &nbsp &nbsp &nbsp v$version</b><br>\n";
print "<b>This CGI script originates from the Fortify project and web site.</b><br>\n";
print "<b><a href=\"http://www.fortify.net/\">http://www.fortify.net/</a> - world-wide 128-bit encryption on the web.</b>\n";

print " </font>\n";

print "\n";
print "</center>\n";
print "\n";
print "</body>\n";
print "</html>\n";
