From 7bb272e353de9621eba4ec8322fc6164d49ce4ef Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Wed, 20 Jul 2016 20:51:51 +0200 Subject: [PATCH] single-out 3DES ciphers 3DES is the weakest cipher from the ones that are still officially standing, so report more detailed statistics about it --- top1m/parse_results.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/top1m/parse_results.py b/top1m/parse_results.py index b776edb..f163a88 100644 --- a/top1m/parse_results.py +++ b/top1m/parse_results.py @@ -89,11 +89,15 @@ cipherstats = defaultdict(int) # ciphers selected by them, unsupported, etc. client_RC4_Only_cipherstats={} client_RC4_preferred_cipherstats={} +client_3DES_Only_cipherstats={} +client_3DES_preferred_cipherstats={} client_incompatible_cipherstats={} client_selected_cipherstats={} for client_name in client_ciphers: client_RC4_Only_cipherstats[client_name] = defaultdict(int) client_RC4_preferred_cipherstats[client_name] = defaultdict(int) + client_3DES_Only_cipherstats[client_name] = defaultdict(int) + client_3DES_preferred_cipherstats[client_name] = defaultdict(int) client_incompatible_cipherstats[client_name] = defaultdict(int) client_selected_cipherstats[client_name] = defaultdict(int) @@ -189,16 +193,20 @@ for r,d,flist in os.walk(path): GOST89_cipher = False """ variables to support handshake simulation for different clients """ client_RC4_Only={} + client_3DES_Only={} client_compat={} temp_client_incompat={} client_RC4_Pref={} + client_3DES_Pref={} client_selected={} for client_name in client_ciphers: # the following depends on client_compat, so by default it can be True client_RC4_Only[client_name]=True + client_3DES_Only[client_name]=True client_compat[client_name]=False temp_client_incompat[client_name]={} client_RC4_Pref[client_name]=None + client_3DES_Pref[client_name]=None client_selected[client_name]=None """ server side list of supported ciphers """ @@ -369,6 +377,8 @@ for r,d,flist in os.walk(path): client_compat[client_name]=True if not 'RC4' in entry['cipher']: client_RC4_Only[client_name] = False + if not 'CBC3' in entry['cipher']: + client_3DES_Only[client_name] = False else: temp_client_incompat[client_name][entry['cipher']] = 1 @@ -547,6 +557,8 @@ for r,d,flist in os.walk(path): client_selected[client_name] = cipher if 'RC4' in cipher: client_RC4_Pref[client_name] = True + if 'CBC3' in cipher: + client_3DES_Pref[client_name] = True break else: for cipher in list_of_ciphers: @@ -554,6 +566,8 @@ for r,d,flist in os.walk(path): client_selected[client_name] = cipher if 'RC4' in cipher: client_RC4_Pref[client_name] = True + if 'CBC3' in cipher: + client_3DES_Pref[client_name] = True break for s in tempfallbacks: @@ -615,6 +629,12 @@ for r,d,flist in os.walk(path): cipherstats['3DES'] += 1 if ciphertypes == 1: cipherstats['3DES Only'] += 1 + if 'CBC3' in results['ciphersuite'][0]['cipher']: + if 'TLSv1.1' in results['ciphersuite'][0]['protocols'] or\ + 'TLSv1.2' in results['ciphersuite'][0]['protocols']: + cipherstats['3DES forced in TLS1.1+'] += 1 + cipherstats['3DES Preferred'] += 1 + if CAMELLIA: cipherstats['CAMELLIA'] += 1 if ciphertypes == 1: @@ -649,6 +669,14 @@ for r,d,flist in os.walk(path): cipherstats['x:' + client_name + ' RC4 Preferred'] += 1 for cipher in temp_client_incompat[client_name]: client_RC4_preferred_cipherstats[client_name][cipher] += 1 + if client_3DES_Only[client_name]: + cipherstats['x:' + client_name + ' 3DES Only'] += 1 + for cipher in temp_client_incompat[client_name]: + client_3DES_Only_cipherstats[client_name][cipher] += 1 + if client_3DES_Pref[client_name]: + cipherstats['x:' + client_name + ' 3DES Preferred'] += 1 + for cipher in temp_client_incompat[client_name]: + client_3DES_preferred_cipherstats[client_name][cipher] += 1 else: cipherstats['x:' + client_name + ' incompatible'] += 1 for cipher in temp_client_incompat[client_name]: