mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
tweak phrasing for analyze.py report
for intermediate and modern, we expect the server to support exact set of curves, reflect that in the error message
This commit is contained in:
parent
b0548dff8e
commit
981ac390d6
@ -217,7 +217,7 @@ def is_intermediate(results):
|
|||||||
failures[lvl].append("use a certificate signed with %s" % " or ".join(inter["certificate_signatures"]))
|
failures[lvl].append("use a certificate signed with %s" % " or ".join(inter["certificate_signatures"]))
|
||||||
isinter = False
|
isinter = False
|
||||||
if not has_pfs:
|
if not has_pfs:
|
||||||
failures[lvl].append("consider using DHE of at least 2048bits and ECC of at least 256bits")
|
failures[lvl].append("consider using DHE of at least 2048bits and ECC of 256bits and greater")
|
||||||
if not has_ocsp:
|
if not has_ocsp:
|
||||||
failures[lvl].append("consider enabling OCSP Stapling")
|
failures[lvl].append("consider enabling OCSP Stapling")
|
||||||
if results['serverside'] != 'True':
|
if results['serverside'] != 'True':
|
||||||
@ -266,7 +266,7 @@ def is_modern(results):
|
|||||||
failures[lvl].append("use a certificate signed with %s" % " or ".join(modern["certificate_signatures"]))
|
failures[lvl].append("use a certificate signed with %s" % " or ".join(modern["certificate_signatures"]))
|
||||||
ismodern = False
|
ismodern = False
|
||||||
if not has_pfs:
|
if not has_pfs:
|
||||||
failures[lvl].append("use DHE of at least 2048bits and ECC of at least 256bits")
|
failures[lvl].append("use DHE of at least 2048bits and ECC of at 256bits and greater")
|
||||||
ismodern = False
|
ismodern = False
|
||||||
if not has_ocsp:
|
if not has_ocsp:
|
||||||
failures[lvl].append("consider enabling OCSP Stapling")
|
failures[lvl].append("consider enabling OCSP Stapling")
|
||||||
|
Loading…
Reference in New Issue
Block a user