From 955d55a6bae0236d0045937ed5babf0a8175c391 Mon Sep 17 00:00:00 2001 From: Awad Mackie Date: Mon, 22 Aug 2016 23:33:28 +0100 Subject: [PATCH] Update EC check to use regexp and match all OpenSSL EC cipher suite variants --- analyze.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/analyze.py b/analyze.py index ad99d02..afe970b 100755 --- a/analyze.py +++ b/analyze.py @@ -7,7 +7,7 @@ from __future__ import print_function -import sys, os, json, subprocess, logging, argparse, platform, urllib2 +import sys, os, json, subprocess, logging, argparse, platform, urllib2, re from collections import namedtuple from datetime import datetime from copy import deepcopy @@ -56,7 +56,7 @@ def is_fubar(results): for conn in results['ciphersuite']: logging.debug('testing connection %s' % conn) pubkey_bits = int(conn['pubkey'][0]) - ec_kex = conn['cipher'].startswith('ECDHE-') + ec_kex = re.match(r"(ECDHE|EECDH|ECDH)-", conn['cipher']) if conn['cipher'] not in (set(old["ciphersuites"]) | set(inter["ciphersuites"]) | set(modern["ciphersuites"])): failures[lvl].append("remove cipher " + conn['cipher'])