From 981ac390d665227129031d29c59beeff0be728e3 Mon Sep 17 00:00:00 2001
From: Hubert Kario <hubert@kario.pl>
Date: Sun, 20 May 2018 14:31:09 +0200
Subject: [PATCH] tweak phrasing for analyze.py report

for intermediate and modern, we expect the server to support exact
set of curves, reflect that in the error message
---
 analyze.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/analyze.py b/analyze.py
index c886ee8..c1c0d4a 100755
--- a/analyze.py
+++ b/analyze.py
@@ -217,7 +217,7 @@ def is_intermediate(results):
         failures[lvl].append("use a certificate signed with %s" % " or ".join(inter["certificate_signatures"]))
         isinter = False
     if not has_pfs:
-        failures[lvl].append("consider using DHE of at least 2048bits and ECC of at least 256bits")
+        failures[lvl].append("consider using DHE of at least 2048bits and ECC of 256bits and greater")
     if not has_ocsp:
         failures[lvl].append("consider enabling OCSP Stapling")
     if results['serverside'] != 'True':
@@ -266,7 +266,7 @@ def is_modern(results):
         failures[lvl].append("use a certificate signed with %s" % " or ".join(modern["certificate_signatures"]))
         ismodern = False
     if not has_pfs:
-        failures[lvl].append("use DHE of at least 2048bits and ECC of at least 256bits")
+        failures[lvl].append("use DHE of at least 2048bits and ECC of at 256bits and greater")
         ismodern = False
     if not has_ocsp:
         failures[lvl].append("consider enabling OCSP Stapling")