LittleNellie
/
cipherscan
mirror of https://github.com/mozilla/cipherscan.git
2
0
Fork 0
Code Issues Releases Wiki Activity

Update EC check to use regexp and match all OpenSSL EC cipher suite variants

This commit is contained in:
Awad Mackie 2016-08-22 23:33:28 +01:00
parent f5ad5806c3
commit 955d55a6ba
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
analyze.py
View File

@ -7,7 +7,7 @@
from __future__ import print_function
import sys, os, json, subprocess, logging, argparse, platform, urllib2
import sys, os, json, subprocess, logging, argparse, platform, urllib2, re
from collections import namedtuple
from datetime import datetime
from copy import deepcopy
@ -56,7 +56,7 @@ def is_fubar(results):
for conn in results['ciphersuite']:
logging.debug('testing connection %s' % conn)
pubkey_bits = int(conn['pubkey'][0])
ec_kex = conn['cipher'].startswith('ECDHE-')
ec_kex = re.match(r"(ECDHE|EECDH|ECDH)-", conn['cipher'])
if conn['cipher'] not in (set(old["ciphersuites"]) | set(inter["ciphersuites"]) | set(modern["ciphersuites"])):
failures[lvl].append("remove cipher " + conn['cipher'])