2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-12-25 12:13:41 +01:00

Update fubar EC parameter size to 256

This commit is contained in:
Awad Mackie 2016-08-25 00:40:39 +01:00
parent 3a2a43f91d
commit bb3e89ec09

View File

@ -69,7 +69,7 @@ def is_fubar(results):
has_wrong_pubkey = True
logging.debug(conn['pubkey'][0] + ' is a fubar pubkey size')
fubar = True
if ec_kex and pubkey_bits < 160:
if ec_kex and pubkey_bits < 256:
has_wrong_ec_pubkey = True
logging.debug(conn['pubkey'][0] + ' is a fubar EC pubkey size')
fubar = True
@ -93,7 +93,7 @@ def is_fubar(results):
if has_wrong_pubkey:
failures[lvl].append("don't use a public key smaller than 2048 bits")
if has_wrong_ec_pubkey:
failures[lvl].append("don't use an EC key smaller than 160 bits")
failures[lvl].append("don't use an EC key smaller than 256 bits")
if has_untrust_cert:
failures[lvl].append("don't use an untrusted or self-signed certificate")
if has_wrong_pfs: