#!/usr/local/bin/perl

# $Id: ssl_2.dist,v 1.3 1998/06/01 12:58:20 fbm Exp fbm $
#
# Copyright (C) 1997,1998 Farrell McKay
# All rights reserved.
#
# This is a CGI-BIN script that reports on the strength of an incoming
# SSL connection to an Apache-SSL web server.  The script looks for
# certain SSL related environment variables.  Depending on the values
# found, one of a number of possible HTML reports is produced.
#
# This code is provided to the recipient under the
# following terms and conditions:-
#   1.  This copyright notice must not be removed or modified.
#   2.  This code, or any component of this code, may not be
#       commercially resold, redeveloped, rewritten, enhanced or otherwise
#       used as the basis for commercial venture, without first obtaining
#       the author's express permission.
#   3.  This code, or any component of this code, may be freely redeveloped,
#	re-written, enhanced or otherwise used for non-commercial
#	or educational purposes, on the condition that the script output
#	retains intact, and prominently displays, both the Copyright message,
#	and attribution information.
#   4.  Subject to the above conditions being observed (1-3), this code
#       may be freely reproduced or redistributed.
#   5.  This code is provided "as-is", without express or implied
#       warranty.  In no event shall the author be liable for any direct,
#       indirect or consequential damages however caused.
#   6.  Subject to the above conditions being observed (1-5),
#       this code may be used at no cost to the recipient.
#
# Farrell McKay                         contact@fortify.net

$on = $ENV{'HTTPS'};
$browser = $ENV{'HTTP_USER_AGENT'};
$keysz = $ENV{'HTTPS_SECRETKEYSIZE'};
$cipher_alg = $ENV{'HTTPS_CIPHER'};
$cipher_alg =~ s/EXP-//;
#$cipher_alg =~ s/-MD5//;
#$cipher_alg =~ s/-SHA//;
$cipher = "$ENV{'HTTPS_CIPHER'}";
$cipher =~ s/-MD5//;
$cipher =~ s/-SHA//;

if ($cipher eq "DES-CBC3") {
	$keysz = "168";
} elsif ($cipher eq "RC4") {
	$keysz = "128";
} elsif ($cipher eq "DES-CBC" || $cipher eq "EXP-DES-CBC") {
	$keysz = "56";
}

sub table_row {
	my ($state, $img, $colour, $desc) = @_;
	print "    <tr>\n";
	print "      <td align=center width=5%><img src=\"/$img\"></td>\n";
	print "      <td align=center";
	print "       bgcolor=\"$colour\"" if ($state);
	print "      ><font";
	print "       color=white" if ($state);
	print "      face=tahoma size=+1><b>$desc</b></font></td>\n";
	print "    </tr>\n";
}

print "Content-type: text/html\n\n";

print "<html>\n";
print "<head>\n";
print "<title>Fortify for Netscape - SSL Encryption Report</title>\n";
print "</head>\n";
print "<body background=\"/whiteMarble.jpg\" text=\"#000000\" link=blue vlink=purple alink=red>\n";
print "<p>\n";
print "<p>\n";
print "<table width=100% border=0>\n";
print "  <tr>\n";
print "    <td valign=top width=5%><img src=\"/safe.gif\" width=40 height=40>\n";
print "    <td align=left><h2><a href=\"http://www.fortify.net/\">Fortify for Netscape</a><br>SSL Encryption Report</h2>\n";
print "  </tr>\n";
print "</table>\n";
print "<p>\n";
print " <center>\n";
print "    <table width=60% cellpadding=0 border=0>\n";

#print "on=$on keysz=$keysz cipher_alg=$cipher_alg cipher=$cipher<br>\n";

table_row(($cipher eq "RC4"), "safe.gif", "#008800", "RC4 cipher, 128-bit key");
table_row(($cipher eq "RC2-CBC"), "safe.gif", "#008800", "RC2 cipher, 128-bit key");
table_row(($cipher eq "DES-CBC3"), "safe.gif", "#008800", "Triple-DES cipher, 168-bit key");
table_row(($cipher eq "IDEA-CBC"), "safe.gif", "#008800", "IDEA cipher, 128-bit key");
table_row(($cipher eq "DES-CBC" || $cipher eq "EXP-DES-CBC"), "envelop9.gif", "red", "DES cipher, 56-bit key");
table_row(($cipher eq "EXP-RC4"), "envelop9.gif", "red", "RC4-Export cipher, 40-bit key");
table_row(($cipher eq "EXP-RC2-CBC"), "envelop9.gif", "red", "RC2-Export cipher, 40-bit key");
table_row(($cipher eq "" || $cipher eq "NULL"), "readme.gif", "red", "No Encryption cipher");

print "    </table>\n";
print " <br>\n";
print " <br>\n";
print " <br>\n";

if ($cipher eq "RC4" || $cipher eq "RC2-CBC"
	|| $cipher eq "DES-CBC3" || $cipher eq "IDEA-CBC") {
	print " You have connected to this web server using the $cipher_alg encryption cipher\n";
	print " with a secret key length of $keysz bits.\n";
	print " <p>\n";
	print " This is a high-grade encryption connection, regarded by most experts as being suitable\n";
	print " for sending or receiving even the most sensitive or valuable information\n";
	print " across a network.\n";
	print " <p>\n";
	print " In a crude analogy, using this cipher is similar to sending or storing your data inside\n";
	print " a high quality safe - compared to an export-grade cipher which is similar to using\n";
	print " a paper envelope to protect your data.\n";
	print " <p>\n";
	print " The U.S. Government classes this cipher as being a military weapon.  If you are\n";
	print " a non-U.S. citizen, they would prefer that you did not possess such technology\n";
	print " for general use.\n";
} elsif ($cipher eq "DES-CBC" || $cipher eq "EXP-DES-CBC" || $cipher eq "EXP-RC4" || $cipher eq "EXP-RC2-CBC") {
	print " You have connected to this web server using the $cipher_alg encryption cipher\n";
	print " with a secret key length of $keysz bits.\n";
	print " <p>\n";
	print " This is an export-grade encryption connection, widely regarded as being inadequate\n";
	print " for sending or receiving sensitive or valuable information\n";
	print " across a network.\n";
	print " If you use a Netscape web browser or mail reader, you should immediately\n";
	print " download and install <a href=\"http://www.fortify.net/\">Fortify for Netscape</a>.\n";
	print " <p>\n";
	print " In a crude analogy, using this cipher is similar to sending or storing your data inside\n";
	print " a paper envelope - compared to a U.S.-domestic grade cipher which is similar to using\n";
	print " a high quality safe to protect your data.\n";
	print " <p>\n";
	print " The U.S. Government classes this cipher as being suitable for sale to non-U.S. citizens.\n";
} elsif ($cipher eq "NULL" || $cipher eq "") {
	print " You have connected to this web server using <b>no encryption</b>.\n";
	print " <p>\n";
	print " Unencrypted data can potentially be viewed and/or altered as it travels\n";
	print " across a network connection.\n";
	print " <p>\n";
	print " In a crude analogy, using no encryption is similar to sending or storing your data\n";
	print " on a notepad in plain view.\n";
	print " <p>\n";
	print " If you wish to test your browser's encryption capabilities, then <a href=\"https://www.fortify.net/sslcheck.html\">click here</a>.\n";
} else {
	print " You have connected to this web server using an unrecognised cipher - $cipher.\n";
	print " <p>\n";
	print " Please send a mail notification of this event to <b>support\@fortify.net</b>\n";
	print " including details of how you triggered this condition.\n";
}

# Copyright message and attribution information.
# Please refer to clause (3) of the copyright notice, above.
#
print "<p>\n";
print "<br>\n";
print "<br>\n";
print "<b>Copyright &copy 1997, 1998. &nbsp &nbsp &nbsp v1.2</b><br>\n";
print "<b>This CGI script originates from the Fortify project and web site.</b><br>\n";
print "<b><a href=\"http://www.fortify.net/\">http://www.fortify.net/</a> - world-wide 128-bit encryption on the web.</b>\n";

print "\n";
print "</center>\n";
print "\n";
print "</body>\n";
print "</html>\n";
