make sha-256 cert an optional requirement to the intermediate level

2024-11-22 14:23:41 +01:00 · 2014-10-11 23:08:21 -04:00 · 2014-10-11 23:08:21 -04:00 · a749742ff3
commit a749742ff3
parent b009c71321
1 changed files with 2 additions and 4 deletions
--- a/analyze.py
+++ b/analyze.py
@ -145,7 +145,6 @@ def is_intermediate(results):
            has_tls1 = True
        if 'sha256WithRSAEncryption' not in conn['sigalg']:
            logging.debug(conn['sigalg'][0] + ' is a not an intermediate signature')
            inter = False
            has_sha256 = False
        if conn['cipher'][0:2] == 'DHE':
            if conn['pfs'] != 'DH,2048bits':
@ -171,8 +170,7 @@ def is_intermediate(results):
        failures[lvl].append("add cipher AES128-SHA")
        inter = False
    if not has_sha256:
-        failures[lvl].append("use a certificate with sha256WithRSAEncryption signature")
+        failures[lvl].append("consider using a SHA-256 certificate")
        inter = False
    if not has_dhparam:
        failures[lvl].append("use a DH parameter of 2048 bits")
        inter = False
@ -220,7 +218,7 @@ def is_modern(results):
        logging.debug("missing protocol wanted in the modern configuration:" + proto)
        failures[lvl].append('consider enabling ' + proto)
    if not has_sha256:
-        failures[lvl].append("use a certificate with sha256WithRSAEncryption signature")
+        failures[lvl].append("use a SHA-256 certificate")
        modern = False
    if not has_dhparam:
        failures[lvl].append("use a DH parameter of 2048 bits")