LittleNellie
/
cipherscan
mirror of https://github.com/mozilla/cipherscan.git
2
0
Fork 0
Code Issues Releases Wiki Activity

Update EC check to use regexp and match all OpenSSL EC cipher suite variants

This commit is contained in:
Awad Mackie 2016-08-22 23:33:28 +01:00
parent f5ad5806c3
commit 955d55a6ba
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
analyze.py
View File

@ -7,7 +7,7 @@
from __future__ import print_function from __future__ import print_function
import sys, os, json, subprocess, logging, argparse, platform, urllib2 import sys, os, json, subprocess, logging, argparse, platform, urllib2, re
from collections import namedtuple from collections import namedtuple
from datetime import datetime from datetime import datetime
from copy import deepcopy from copy import deepcopy
@ -56,7 +56,7 @@ def is_fubar(results):
for conn in results['ciphersuite']: for conn in results['ciphersuite']:
logging.debug('testing connection %s' % conn) logging.debug('testing connection %s' % conn)
pubkey_bits = int(conn['pubkey'][0]) pubkey_bits = int(conn['pubkey'][0])
ec_kex = conn['cipher'].startswith('ECDHE-') ec_kex = re.match(r"(ECDHE|EECDH|ECDH)-", conn['cipher'])
if conn['cipher'] not in (set(old["ciphersuites"]) | set(inter["ciphersuites"]) | set(modern["ciphersuites"])): if conn['cipher'] not in (set(old["ciphersuites"]) | set(inter["ciphersuites"]) | set(modern["ciphersuites"])):
failures[lvl].append("remove cipher " + conn['cipher']) failures[lvl].append("remove cipher " + conn['cipher'])