2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00

ignore openssl errors in analyze.py

This commit is contained in:
Julien Vehent 2014-10-09 09:54:30 -04:00
parent e9110c6bc8
commit 215dbd0c1a

View File

@ -72,10 +72,6 @@ def is_old(results):
has_dhparam = False has_dhparam = False
if conn['ocsp_stapling'] == 'False': if conn['ocsp_stapling'] == 'False':
has_ocsp = False has_ocsp = False
missing_ciphers = set(old_ciphers) - set(all_ciphers)
for cipher in missing_ciphers:
logging.debug("missing cipher " + cipher + " wanted in the " + lvl + " configuration")
failures[lvl].append('add cipher ' + cipher)
extra_proto = set(all_proto) - set(['SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2']) extra_proto = set(all_proto) - set(['SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2'])
for proto in extra_proto: for proto in extra_proto:
logging.debug("found protocol not wanted in the old configuration:" + proto) logging.debug("found protocol not wanted in the old configuration:" + proto)
@ -301,18 +297,20 @@ def build_ciphers_lists():
'384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AE' \ '384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AE' \
'S128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-' \ 'S128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-' \
'AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK' 'AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'
blackhole = open(os.devnull, 'w')
logging.debug('Loading all ciphers: ' + allC) logging.debug('Loading all ciphers: ' + allC)
all_ciphers = subprocess.check_output( all_ciphers = subprocess.Popen(['./openssl', 'ciphers', allC],
['./openssl', 'ciphers', allC]).rstrip().split(':') stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':')
logging.debug('Loading old ciphers: ' + oldC) logging.debug('Loading old ciphers: ' + oldC)
old_ciphers = subprocess.check_output( old_ciphers = subprocess.Popen(['./openssl', 'ciphers', oldC],
['./openssl', 'ciphers', oldC]).rstrip().split(':') stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':')
logging.debug('Loading intermediate ciphers: ' + intC) logging.debug('Loading intermediate ciphers: ' + intC)
intermediate_ciphers = subprocess.check_output( intermediate_ciphers = subprocess.Popen(['./openssl', 'ciphers', intC],
['./openssl', 'ciphers', intC]).rstrip().split(':') stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':')
logging.debug('Loading modern ciphers: ' + modernC) logging.debug('Loading modern ciphers: ' + modernC)
modern_ciphers = subprocess.check_output( modern_ciphers = subprocess.Popen(['./openssl', 'ciphers', modernC],
['./openssl', 'ciphers', modernC]).rstrip().split(':') stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':')
blackhole.close()
def main(): def main():
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(