2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-12-25 20:23:41 +01:00

Update EC check to use regexp and match all OpenSSL EC cipher suite variants

This commit is contained in:
Awad Mackie 2016-08-22 23:33:28 +01:00
parent f5ad5806c3
commit 955d55a6ba

View File

@ -7,7 +7,7 @@
from __future__ import print_function
import sys, os, json, subprocess, logging, argparse, platform, urllib2
import sys, os, json, subprocess, logging, argparse, platform, urllib2, re
from collections import namedtuple
from datetime import datetime
from copy import deepcopy
@ -56,7 +56,7 @@ def is_fubar(results):
for conn in results['ciphersuite']:
logging.debug('testing connection %s' % conn)
pubkey_bits = int(conn['pubkey'][0])
ec_kex = conn['cipher'].startswith('ECDHE-')
ec_kex = re.match(r"(ECDHE|EECDH|ECDH)-", conn['cipher'])
if conn['cipher'] not in (set(old["ciphersuites"]) | set(inter["ciphersuites"]) | set(modern["ciphersuites"])):
failures[lvl].append("remove cipher " + conn['cipher'])