From 2ec2489f526fa3224bd6c72fa19c8988521c081f Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Tue, 26 Feb 2013 14:26:14 -0600
Subject: [PATCH] Test for general ssl before testing ciphers

---
 lib/rex/sslscan/scanner.rb | 39 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/lib/rex/sslscan/scanner.rb b/lib/rex/sslscan/scanner.rb
index 5541d210c6..fbff296f60 100644
--- a/lib/rex/sslscan/scanner.rb
+++ b/lib/rex/sslscan/scanner.rb
@@ -44,6 +44,13 @@ class Scanner
 	# @return [Result] object containing the details of the scan
 	def scan
 		scan_result = Rex::SSLScan::Result.new
+		
+		# If we can't get any SSL connection, then don't bother testing
+		# individual ciphers.
+		if test_ssl == :rejected and test_tls == :rejected
+			return scan_result
+		end
+
 		@supported_versions.each do |ssl_version|
 			sslctx = OpenSSL::SSL::SSLContext.new(ssl_version)
 			sslctx.ciphers.each do |cipher_name, ssl_ver, key_length, alg_length|
@@ -57,6 +64,38 @@ class Scanner
 		scan_result
 	end
 
+	def test_ssl
+		begin
+			scan_client = Rex::Socket::Tcp.create(
+				'Context'    => @context,
+				'PeerHost'   => @host,
+				'PeerPort'   => @port,
+				'SSL'        => true,
+				'SSLVersion' => :SSLv23,
+				'Timeout'    => @timeout
+			)
+		rescue ::Exception => e 
+			return :rejected
+		end
+		return :accepted
+	end
+
+	def test_tls
+		begin
+			scan_client = Rex::Socket::Tcp.create(
+				'Context'    => @context,
+				'PeerHost'   => @host,
+				'PeerPort'   => @port,
+				'SSL'        => true,
+				'SSLVersion' => :TLSv1,
+				'Timeout'    => @timeout
+			)
+		rescue ::Exception => e 
+			return :rejected
+		end
+		return :accepted
+	end
+
 	# Tests the specified SSL Version and Cipher against the configured target
 	# @param ssl_version [Symbol] The SSL version to use (:SSLv2,  :SSLv3, :TLSv1)
 	# @param cipher [String] The SSL Cipher to use