From bb3e89ec09020fe1e4d78056e2f4d0f45739ddc5 Mon Sep 17 00:00:00 2001
From: Awad Mackie <firesock.serwalek@gmail.com>
Date: Thu, 25 Aug 2016 00:40:39 +0100
Subject: [PATCH] Update fubar EC parameter size to 256

---
 analyze.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/analyze.py b/analyze.py
index cf24678..c886ee8 100755
--- a/analyze.py
+++ b/analyze.py
@@ -69,7 +69,7 @@ def is_fubar(results):
             has_wrong_pubkey = True
             logging.debug(conn['pubkey'][0] + ' is a fubar pubkey size')
             fubar = True
-        if ec_kex and pubkey_bits < 160:
+        if ec_kex and pubkey_bits < 256:
             has_wrong_ec_pubkey = True
             logging.debug(conn['pubkey'][0] + ' is a fubar EC pubkey size')
             fubar = True
@@ -93,7 +93,7 @@ def is_fubar(results):
     if has_wrong_pubkey:
         failures[lvl].append("don't use a public key smaller than 2048 bits")
     if has_wrong_ec_pubkey:
-        failures[lvl].append("don't use an EC key smaller than 160 bits")
+        failures[lvl].append("don't use an EC key smaller than 256 bits")
     if has_untrust_cert:
         failures[lvl].append("don't use an untrusted or self-signed certificate")
     if has_wrong_pfs: