LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 06:13:42 +01:00
Code Issues Releases Wiki Activity

tweak phrasing for analyze.py report

Browse Source 
for intermediate and modern, we expect the server to support exact
set of curves, reflect that in the error message
This commit is contained in:
Hubert Kario 2018-05-20 14:31:09 +02:00
parent b0548dff8e
commit 981ac390d6
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
analyze.py
View File

@ -217,7 +217,7 @@ def is_intermediate(results):
failures[lvl].append("use a certificate signed with %s" % " or ".join(inter["certificate_signatures"])) failures[lvl].append("use a certificate signed with %s" % " or ".join(inter["certificate_signatures"]))
isinter = False isinter = False
if not has_pfs: if not has_pfs:
failures[lvl].append("consider using DHE of at least 2048bits and ECC of at least 256bits") failures[lvl].append("consider using DHE of at least 2048bits and ECC of 256bits and greater")
if not has_ocsp: if not has_ocsp:
failures[lvl].append("consider enabling OCSP Stapling") failures[lvl].append("consider enabling OCSP Stapling")
if results['serverside'] != 'True': if results['serverside'] != 'True':
@ -266,7 +266,7 @@ def is_modern(results):
failures[lvl].append("use a certificate signed with %s" % " or ".join(modern["certificate_signatures"])) failures[lvl].append("use a certificate signed with %s" % " or ".join(modern["certificate_signatures"]))
ismodern = False ismodern = False
if not has_pfs: if not has_pfs:
failures[lvl].append("use DHE of at least 2048bits and ECC of at least 256bits") failures[lvl].append("use DHE of at least 2048bits and ECC of at 256bits and greater")
ismodern = False ismodern = False
if not has_ocsp: if not has_ocsp:
failures[lvl].append("consider enabling OCSP Stapling") failures[lvl].append("consider enabling OCSP Stapling")