mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-05 07:23:42 +01:00
Hardcode minimum EC key size
This commit is contained in:
parent
955d55a6ba
commit
3a2a43f91d
@ -43,7 +43,6 @@ def has_good_pfs(pfs, target_dh, target_ecc, must_match=False):
|
|||||||
def is_fubar(results):
|
def is_fubar(results):
|
||||||
logging.debug('entering fubar evaluation')
|
logging.debug('entering fubar evaluation')
|
||||||
lvl = 'fubar'
|
lvl = 'fubar'
|
||||||
min_ec_size = min(old["ecdh_param_size"], inter["ecdh_param_size"], modern["ecdh_param_size"])
|
|
||||||
|
|
||||||
fubar = False
|
fubar = False
|
||||||
has_ssl2 = False
|
has_ssl2 = False
|
||||||
@ -70,7 +69,7 @@ def is_fubar(results):
|
|||||||
has_wrong_pubkey = True
|
has_wrong_pubkey = True
|
||||||
logging.debug(conn['pubkey'][0] + ' is a fubar pubkey size')
|
logging.debug(conn['pubkey'][0] + ' is a fubar pubkey size')
|
||||||
fubar = True
|
fubar = True
|
||||||
if ec_kex and pubkey_bits < min_ec_size:
|
if ec_kex and pubkey_bits < 160:
|
||||||
has_wrong_ec_pubkey = True
|
has_wrong_ec_pubkey = True
|
||||||
logging.debug(conn['pubkey'][0] + ' is a fubar EC pubkey size')
|
logging.debug(conn['pubkey'][0] + ' is a fubar EC pubkey size')
|
||||||
fubar = True
|
fubar = True
|
||||||
@ -94,7 +93,7 @@ def is_fubar(results):
|
|||||||
if has_wrong_pubkey:
|
if has_wrong_pubkey:
|
||||||
failures[lvl].append("don't use a public key smaller than 2048 bits")
|
failures[lvl].append("don't use a public key smaller than 2048 bits")
|
||||||
if has_wrong_ec_pubkey:
|
if has_wrong_ec_pubkey:
|
||||||
failures[lvl].append("don't use an EC key smaller than " + str(min_ec_size))
|
failures[lvl].append("don't use an EC key smaller than 160 bits")
|
||||||
if has_untrust_cert:
|
if has_untrust_cert:
|
||||||
failures[lvl].append("don't use an untrusted or self-signed certificate")
|
failures[lvl].append("don't use an untrusted or self-signed certificate")
|
||||||
if has_wrong_pfs:
|
if has_wrong_pfs:
|
||||||
|
Loading…
Reference in New Issue
Block a user