2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-23 06:33:41 +01:00

report cipher ordering in scanning stats, use it to simulate handshakes

since now we know if server honours client order or not, we can use it
to properly simulate handshakes for a given client, also report
the general stats of this server configuration variable
This commit is contained in:
Hubert Kario 2014-07-01 00:01:32 +02:00
parent ab66f04e53
commit 30d0839df6

View File

@ -54,6 +54,7 @@ FF_RC4_Only_cipherstats = defaultdict(int)
FF_RC4_preferred_cipherstats = defaultdict(int) FF_RC4_preferred_cipherstats = defaultdict(int)
FF_incompatible_cipherstats = defaultdict(int) FF_incompatible_cipherstats = defaultdict(int)
FF_selected_cipherstats = defaultdict(int) FF_selected_cipherstats = defaultdict(int)
cipherordering = defaultdict(int)
pfsstats = defaultdict(int) pfsstats = defaultdict(int)
protocolstats = defaultdict(int) protocolstats = defaultdict(int)
handshakestats = defaultdict(int) handshakestats = defaultdict(int)
@ -86,6 +87,7 @@ for r,d,flist in os.walk(path):
RC4_Only_FF = True RC4_Only_FF = True
FF_compat = False FF_compat = False
temp_FF_incompat = {} temp_FF_incompat = {}
list_of_ciphers = []
FF_RC4_Pref = None FF_RC4_Pref = None
FF_selected = None FF_selected = None
ADH = False ADH = False
@ -127,15 +129,13 @@ for r,d,flist in os.walk(path):
if 'False' in entry['trusted'] and report_untrused == False: if 'False' in entry['trusted'] and report_untrused == False:
continue continue
list_of_ciphers.append(entry['cipher'])
# check if the advertised ciphers are not effectively RC4 Only # check if the advertised ciphers are not effectively RC4 Only
# for firefox or incompatible with firefox # for firefox or incompatible with firefox
if entry['cipher'] in firefox_ciphers: if entry['cipher'] in firefox_ciphers:
# if this is first cipher and we already are getting RC4 # if this is first cipher and we already are getting RC4
# then it means that RC4 is preferred # then it means that RC4 is preferred
if not FF_compat:
FF_selected = entry['cipher']
if 'RC4' in entry['cipher']:
FF_RC4_Pref = True
FF_compat = True FF_compat = True
if not 'RC4' in entry['cipher']: if not 'RC4' in entry['cipher']:
RC4_Only_FF = False RC4_Only_FF = False
@ -263,6 +263,32 @@ for r,d,flist in os.walk(path):
if dualstack: if dualstack:
dsarsastack += 1 dsarsastack += 1
""" save cipher ordering """
if 'serverside' in results:
if results['serverside'] == "False":
cipherordering['Client side'] += 1
else:
cipherordering['Server side'] += 1
else:
cipherordering['Unknown'] += 1
""" simulate handshake with Firefox """
if FF_compat:
if 'serverside' in results and results['serverside'] == "False":
for cipher in firefox_ciphers:
if cipher in list_of_ciphers:
FF_selected = cipher
if 'RC4' in cipher:
FF_RC4_Pref = True
break
else:
for cipher in list_of_ciphers:
if cipher in firefox_ciphers:
FF_selected = cipher
if 'RC4' in cipher:
FF_RC4_Pref = True
break
for s in tempsigstats: for s in tempsigstats:
sigalg[s] += 1 sigalg[s] += 1
@ -406,6 +432,12 @@ for stat in sorted(cipherstats):
percent = round(cipherstats[stat] / total * 100, 4) percent = round(cipherstats[stat] / total * 100, 4)
sys.stdout.write(stat.ljust(25) + " " + str(cipherstats[stat]).ljust(10) + str(percent).ljust(4) + "\n") sys.stdout.write(stat.ljust(25) + " " + str(cipherstats[stat]).ljust(10) + str(percent).ljust(4) + "\n")
print("\nCipher ordering Count Percent")
print("-------------------------+---------+-------")
for stat in sorted(cipherordering):
percent = round(cipherordering[stat] / total * 100, 4)
sys.stdout.write(stat.ljust(25) + " " + str(cipherordering[stat]).ljust(10) + str(percent).ljust(4) + "\n")
print("\nFF 29 selected ciphers Count Percent") print("\nFF 29 selected ciphers Count Percent")
print("-----------------------------+---------+------") print("-----------------------------+---------+------")
for stat in sorted(FF_selected_cipherstats): for stat in sorted(FF_selected_cipherstats):