From 0acd31af53780aadcd8b0f87bfd67c36c02dfad7 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Sun, 6 Apr 2014 14:19:37 +0200 Subject: [PATCH] extend reporting of RC4-related stats While preferring RC4 in TLS1.0 or SSL3 was recommended before, it was always known that TLS1.1 and TLS1.2 were not vulnerable against BEAST, so forcing RC4 there is a mistake. Report number of such servers. --- top1m/parse_results.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/top1m/parse_results.py b/top1m/parse_results.py index 66eede9..9509510 100644 --- a/top1m/parse_results.py +++ b/top1m/parse_results.py @@ -197,6 +197,12 @@ for r,d,flist in os.walk(path): cipherstats['RC4'] += 1 if ciphertypes == 1: cipherstats['RC4 Only'] += 1 + if 'RC4' in results['ciphersuite'][0]['cipher']: + if 'TLSv1.1' in results['ciphersuite'][0]['protocols'] or\ + 'TLSv1.2' in results['ciphersuite'][0]['protocols']: + cipherstats['RC4 forced in TLS1.1+'] += 1 + cipherstats['RC4 Preferred'] += 1 + """ store handshake stats """ if ECDHE: