2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00

tweak phrasing for analyze.py report

for intermediate and modern, we expect the server to support exact
set of curves, reflect that in the error message
This commit is contained in:
Hubert Kario 2018-05-20 14:31:09 +02:00
parent b0548dff8e
commit 981ac390d6

View File

@ -217,7 +217,7 @@ def is_intermediate(results):
failures[lvl].append("use a certificate signed with %s" % " or ".join(inter["certificate_signatures"])) failures[lvl].append("use a certificate signed with %s" % " or ".join(inter["certificate_signatures"]))
isinter = False isinter = False
if not has_pfs: if not has_pfs:
failures[lvl].append("consider using DHE of at least 2048bits and ECC of at least 256bits") failures[lvl].append("consider using DHE of at least 2048bits and ECC of 256bits and greater")
if not has_ocsp: if not has_ocsp:
failures[lvl].append("consider enabling OCSP Stapling") failures[lvl].append("consider enabling OCSP Stapling")
if results['serverside'] != 'True': if results['serverside'] != 'True':
@ -266,7 +266,7 @@ def is_modern(results):
failures[lvl].append("use a certificate signed with %s" % " or ".join(modern["certificate_signatures"])) failures[lvl].append("use a certificate signed with %s" % " or ".join(modern["certificate_signatures"]))
ismodern = False ismodern = False
if not has_pfs: if not has_pfs:
failures[lvl].append("use DHE of at least 2048bits and ECC of at least 256bits") failures[lvl].append("use DHE of at least 2048bits and ECC of at 256bits and greater")
ismodern = False ismodern = False
if not has_ocsp: if not has_ocsp:
failures[lvl].append("consider enabling OCSP Stapling") failures[lvl].append("consider enabling OCSP Stapling")