diff --git a/README.md b/README.md index 528459c..e2ed5b1 100644 --- a/README.md +++ b/README.md @@ -229,16 +229,16 @@ and output a level and recommendations. $ ./analyze.py -t jve.linuxwall.info jve.linuxwall.info:443 has intermediate tls -Failed to pass old level. The following items are failing: +Changes needed to match the old level: * consider enabling SSLv3 * add cipher DES-CBC3-SHA * use a certificate with sha1WithRSAEncryption signature * consider enabling OCSP Stapling -Failed to pass intermediate level. The following items are failing: +Changes needed to match the intermediate level: * consider enabling OCSP Stapling -Failed to pass modern level. The following items are failing: +Changes needed to match the modern level: * remove cipher AES128-GCM-SHA256 * remove cipher AES256-GCM-SHA384 * remove cipher AES128-SHA256 @@ -248,6 +248,7 @@ Failed to pass modern level. The following items are failing: * disable TLSv1 * consider enabling OCSP Stapling ``` + In the output above, `analyze.py` indicates that the target `jve.linuxwall.info` matches the intermediate configuration level. If the administrator of this site wants to reach the modern level, the items that failed under the modern tests diff --git a/analyze.py b/analyze.py index 0d34c55..4cb5c11 100755 --- a/analyze.py +++ b/analyze.py @@ -258,13 +258,13 @@ def process_results(data, level=None): # print failures if level: if len(failures[level]) > 0: - print("\nFailed to pass " + level + " level. The following items are failing:") + print("\nChanges needed to match the " + level + " level:") for failure in failures[level]: print("* " + failure) else: for lvl in ['old', 'intermediate', 'modern']: if len(failures[lvl]) > 0: - print("\nFailed to pass " + lvl + " level. The following items are failing:") + print("\nChanges needed to match the " + lvl + " level:") for failure in failures[lvl]: print("* " + failure)