2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-12-25 20:23:41 +01:00

report cipher ordering in scanning stats, use it to simulate handshakes

since now we know if server honours client order or not, we can use it
to properly simulate handshakes for a given client, also report
the general stats of this server configuration variable
This commit is contained in:
Hubert Kario 2014-07-01 00:01:32 +02:00 committed by Hubert Kario
parent 42fa7d9ecb
commit c82bc44558

View File

@ -54,6 +54,7 @@ FF_RC4_Only_cipherstats = defaultdict(int)
FF_RC4_preferred_cipherstats = defaultdict(int)
FF_incompatible_cipherstats = defaultdict(int)
FF_selected_cipherstats = defaultdict(int)
cipherordering = defaultdict(int)
pfsstats = defaultdict(int)
protocolstats = defaultdict(int)
handshakestats = defaultdict(int)
@ -87,6 +88,7 @@ for r,d,flist in os.walk(path):
RC4_Only_FF = True
FF_compat = False
temp_FF_incompat = {}
list_of_ciphers = []
FF_RC4_Pref = None
FF_selected = None
ADH = False
@ -128,15 +130,13 @@ for r,d,flist in os.walk(path):
if 'False' in entry['trusted'] and report_untrused == False:
continue
list_of_ciphers.append(entry['cipher'])
# check if the advertised ciphers are not effectively RC4 Only
# for firefox or incompatible with firefox
if entry['cipher'] in firefox_ciphers:
# if this is first cipher and we already are getting RC4
# then it means that RC4 is preferred
if not FF_compat:
FF_selected = entry['cipher']
if 'RC4' in entry['cipher']:
FF_RC4_Pref = True
FF_compat = True
if not 'RC4' in entry['cipher']:
RC4_Only_FF = False
@ -270,6 +270,32 @@ for r,d,flist in os.walk(path):
if dualstack:
dsarsastack += 1
""" save cipher ordering """
if 'serverside' in results:
if results['serverside'] == "False":
cipherordering['Client side'] += 1
else:
cipherordering['Server side'] += 1
else:
cipherordering['Unknown'] += 1
""" simulate handshake with Firefox """
if FF_compat:
if 'serverside' in results and results['serverside'] == "False":
for cipher in firefox_ciphers:
if cipher in list_of_ciphers:
FF_selected = cipher
if 'RC4' in cipher:
FF_RC4_Pref = True
break
else:
for cipher in list_of_ciphers:
if cipher in firefox_ciphers:
FF_selected = cipher
if 'RC4' in cipher:
FF_RC4_Pref = True
break
for s in tempsigstats:
sigalg[s] += 1
@ -413,6 +439,12 @@ for stat in sorted(cipherstats):
percent = round(cipherstats[stat] / total * 100, 4)
sys.stdout.write(stat.ljust(25) + " " + str(cipherstats[stat]).ljust(10) + str(percent).ljust(4) + "\n")
print("\nCipher ordering Count Percent")
print("-------------------------+---------+-------")
for stat in sorted(cipherordering):
percent = round(cipherordering[stat] / total * 100, 4)
sys.stdout.write(stat.ljust(25) + " " + str(cipherordering[stat]).ljust(10) + str(percent).ljust(4) + "\n")
print("\nFF 29 selected ciphers Count Percent")
print("-----------------------------+---------+------")
for stat in sorted(FF_selected_cipherstats):