diff --git a/analyze.py b/analyze.py
index 638606f..c886ee8 100755
--- a/analyze.py
+++ b/analyze.py
@@ -7,7 +7,7 @@
 
 from __future__ import print_function
 
-import sys, os, json, subprocess, logging, argparse, platform, urllib2
+import sys, os, json, subprocess, logging, argparse, platform, urllib2, re
 from collections import namedtuple
 from datetime import datetime
 from copy import deepcopy
@@ -43,14 +43,20 @@ def has_good_pfs(pfs, target_dh, target_ecc, must_match=False):
 def is_fubar(results):
     logging.debug('entering fubar evaluation')
     lvl = 'fubar'
+
     fubar = False
     has_ssl2 = False
     has_wrong_pubkey = False
+    has_wrong_ec_pubkey = False
     has_bad_sig = False
     has_untrust_cert = False
     has_wrong_pfs = False
+
     for conn in results['ciphersuite']:
         logging.debug('testing connection %s' % conn)
+        pubkey_bits = int(conn['pubkey'][0])
+        ec_kex = re.match(r"(ECDHE|EECDH|ECDH)-", conn['cipher'])
+
         if conn['cipher'] not in (set(old["ciphersuites"]) | set(inter["ciphersuites"]) | set(modern["ciphersuites"])):
             failures[lvl].append("remove cipher " + conn['cipher'])
             logging.debug(conn['cipher'] + ' is in the list of fubar ciphers')
@@ -59,10 +65,14 @@ def is_fubar(results):
             has_ssl2 = True
             logging.debug('SSLv2 is in the list of fubar protocols')
             fubar = True
-        if int(conn['pubkey'][0]) < 2048:
+        if not ec_kex and pubkey_bits < 2048:
             has_wrong_pubkey = True
             logging.debug(conn['pubkey'][0] + ' is a fubar pubkey size')
             fubar = True
+        if ec_kex and pubkey_bits < 256:
+            has_wrong_ec_pubkey = True
+            logging.debug(conn['pubkey'][0] + ' is a fubar EC pubkey size')
+            fubar = True
         if conn['pfs'] != 'None':
             if not has_good_pfs(conn['pfs'], 1024, 160):
                 logging.debug(conn['pfs']+ ' is a fubar PFS parameters')
@@ -82,6 +92,8 @@ def is_fubar(results):
         failures[lvl].append("don't use a cert with a bad signature algorithm")
     if has_wrong_pubkey:
         failures[lvl].append("don't use a public key smaller than 2048 bits")
+    if has_wrong_ec_pubkey:
+        failures[lvl].append("don't use an EC key smaller than 256 bits")
     if has_untrust_cert:
         failures[lvl].append("don't use an untrusted or self-signed certificate")
     if has_wrong_pfs: