verify server side ordering is used in analyze.py

2024-11-05 07:23:42 +01:00 · 2014-10-11 00:34:07 -04:00 · 2014-10-11 00:34:07 -04:00 · 0da92f25b7
commit 0da92f25b7
parent 1c9d52c94c
1 changed files with 6 additions and 0 deletions
--- a/analyze.py
+++ b/analyze.py
@ -114,6 +114,8 @@ def is_old(results):
        old = False
    if not has_ocsp:
        failures[lvl].append("consider enabling OCSP Stapling")
+    if results['serverside'] != 'True':
+        failures[lvl].append("enforce server side ordering")
    return old

 # is_intermediate is similar to is_old but for intermediate configuration from
@ -174,6 +176,8 @@ def is_intermediate(results):
        inter = False
    if not has_ocsp:
        failures[lvl].append("consider enabling OCSP Stapling")
+    if results['serverside'] != 'True':
+        failures[lvl].append("enforce server side ordering")
    return inter

 # is_modern is similar to is_old but for modern configuration from
@ -221,6 +225,8 @@ def is_modern(results):
        modern = False
    if not has_ocsp:
        failures[lvl].append("consider enabling OCSP Stapling")
+    if results['serverside'] != 'True':
+        failures[lvl].append("enforce server side ordering")
    return modern

 def is_ordered(results, ref_ciphersuite, lvl):