2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-05 07:23:42 +01:00

Added fallback to use local json recommendations file if urllib fails to connect (including SNI errors), fixes issue #116

This commit is contained in:
Adam Crosby 2016-02-29 08:21:04 -05:00
parent 9f0226e00b
commit 55cdb74ff7
2 changed files with 151 additions and 0 deletions

View File

@ -391,6 +391,10 @@ def build_ciphers_lists():
raw = urllib2.urlopen(sstlsurl).read() raw = urllib2.urlopen(sstlsurl).read()
conf = json.loads(raw) conf = json.loads(raw)
logging.debug('retrieving online server side tls recommendations from %s' % sstlsurl) logging.debug('retrieving online server side tls recommendations from %s' % sstlsurl)
except urllib2.URLError:
with open('server-side-tls-conf.json', 'r') as f:
conf = json.load(f)
logging.debug('Error connecting to %s; using local archive of server side tls recommendations' % sstlsurl)
except: except:
print("failed to retrieve JSON configurations from %s" % sstlsurl) print("failed to retrieve JSON configurations from %s" % sstlsurl)
sys.exit(23) sys.exit(23)

147
server-side-tls-conf.json Normal file
View File

@ -0,0 +1,147 @@
{
"href": "https://statics.tls.security.mozilla.org/server-side-tls-conf.json",
"configurations": {
"modern": {
"openssl_ciphersuites": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"ciphersuites": [
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256"
],
"tls_versions": ["TLSv1.2" ],
"tls_curves": [ "prime256v1", "secp384r1", "secp521r1" ],
"certificate_types": ["ecdsa"],
"certificate_curves": ["prime256v1", "secp384r1", "secp521r1"],
"certificate_signatures": ["sha256WithRSAEncryption", "ecdsa-with-SHA256", "ecdsa-with-SHA384", "ecdsa-with-SHA512"],
"rsa_key_size": 2048,
"dh_param_size": null,
"ecdh_param_size": 256,
"hsts_min_age": 15768000,
"oldest_clients": [ "Firefox 27", "Chrome 30", "IE 11 on Windows 7", "Edge 1", "Opera 17", "Safari 9", "Android 5.0", "Java 8"]
},
"intermediate": {
"openssl_ciphersuites": "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS",
"ciphersuites": [
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA",
"DHE-RSA-AES256-SHA256",
"DHE-RSA-AES256-SHA",
"ECDHE-ECDSA-DES-CBC3-SHA",
"ECDHE-RSA-DES-CBC3-SHA",
"EDH-RSA-DES-CBC3-SHA",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA256",
"AES256-SHA256",
"AES128-SHA",
"AES256-SHA",
"DES-CBC3-SHA"
],
"tls_versions": ["TLSv1.2", "TLSv1.1", "TLSv1" ],
"tls_curves": [ "secp256r1", "secp384r1", "secp521r1" ],
"certificate_types": ["rsa"],
"certificate_curves": null,
"certificate_signatures": ["sha256WithRSAEncryption"],
"rsa_key_size": 2048,
"dh_param_size": 2048,
"ecdh_param_size": 256,
"hsts_min_age": 15768000,
"oldest_clients": [ "Firefox 1", "Chrome 1", "IE 7", "Opera 5", "Safari 1", "Windows XP IE8", "Android 2.3", "Java 7" ]
},
"old": {
"openssl_ciphersuites": "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP",
"ciphersuites": [
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-DSS-AES128-GCM-SHA256",
"DHE-DSS-AES256-GCM-SHA384",
"DHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA",
"ECDHE-ECDSA-AES256-SHA",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA",
"DHE-DSS-AES128-SHA256",
"DHE-RSA-AES256-SHA256",
"DHE-DSS-AES256-SHA",
"DHE-RSA-AES256-SHA",
"ECDHE-RSA-DES-CBC3-SHA",
"ECDHE-ECDSA-DES-CBC3-SHA",
"EDH-RSA-DES-CBC3-SHA",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA256",
"AES256-SHA256",
"AES128-SHA",
"AES256-SHA",
"DHE-DSS-AES256-SHA256",
"DHE-DSS-AES128-SHA",
"DES-CBC3-SHA",
"DHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-CAMELLIA256-SHA384",
"ECDHE-ECDSA-CAMELLIA256-SHA384",
"DHE-RSA-CAMELLIA256-SHA256",
"DHE-DSS-CAMELLIA256-SHA256",
"DHE-RSA-CAMELLIA256-SHA",
"DHE-DSS-CAMELLIA256-SHA",
"CAMELLIA256-SHA256",
"CAMELLIA256-SHA",
"ECDHE-RSA-CAMELLIA128-SHA256",
"ECDHE-ECDSA-CAMELLIA128-SHA256",
"DHE-RSA-CAMELLIA128-SHA256",
"DHE-DSS-CAMELLIA128-SHA256",
"DHE-RSA-CAMELLIA128-SHA",
"DHE-DSS-CAMELLIA128-SHA",
"CAMELLIA128-SHA256",
"CAMELLIA128-SHA",
"DHE-RSA-SEED-SHA",
"DHE-DSS-SEED-SHA",
"SEED-SHA"
],
"tls_versions": ["TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3" ],
"tls_curves": [ "secp256r1", "secp384r1", "secp521r1" ],
"certificate_types": ["rsa"],
"certificate_curves": null,
"certificate_signatures": ["sha1WithRSAEncryption"],
"rsa_key_size": 2048,
"dh_param_size": 1024,
"ecdh_param_size": 160,
"hsts_min_age": 15768000,
"oldest_clients": [ "Firefox 1", "Chrome 1", "Windows XP IE 6", "Opera 4", "Safari 1", "Java 6" ]
}
},
"version": 4.0
}