2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-24 23:23:40 +01:00
This commit is contained in:
David Chandek-Stark 2019-07-08 15:32:35 -04:00
parent edfec2c1c6
commit ea341f0aec

View File

@ -63,7 +63,7 @@ def is_fubar(results):
pubkey_bits = int(conn['pubkey'][0]) pubkey_bits = int(conn['pubkey'][0])
ec_kex = re.match(r"(ECDHE|EECDH|ECDH)-", conn['cipher']) ec_kex = re.match(r"(ECDHE|EECDH|ECDH)-", conn['cipher'])
if conn['cipher'] not in (set(old["ciphersuites"]) | set(inter["ciphersuites"]) | set(modern["ciphersuites"])): if conn['cipher'] not in (set(old["openssl_ciphersuites"]) | set(inter["openssl_ciphersuites"]) | set(modern["openssl_ciphersuites"])):
failures[lvl].append("remove cipher " + conn['cipher']) failures[lvl].append("remove cipher " + conn['cipher'])
logging.debug(conn['cipher'] + ' is in the list of fubar ciphers') logging.debug(conn['cipher'] + ' is in the list of fubar ciphers')
fubar = True fubar = True
@ -121,7 +121,7 @@ def is_old(results):
for conn in results['ciphersuite']: for conn in results['ciphersuite']:
logging.debug('testing connection %s' % conn) logging.debug('testing connection %s' % conn)
# flag unwanted ciphers # flag unwanted ciphers
if conn['cipher'] not in old["ciphersuites"]: if conn['cipher'] not in old["openssl_ciphersuites"]:
logging.debug(conn['cipher'] + ' is not in the list of old ciphers') logging.debug(conn['cipher'] + ' is not in the list of old ciphers')
failures[lvl].append("remove cipher " + conn['cipher']) failures[lvl].append("remove cipher " + conn['cipher'])
isold = False isold = False
@ -183,7 +183,7 @@ def is_intermediate(results):
all_proto = [] all_proto = []
for conn in results['ciphersuite']: for conn in results['ciphersuite']:
logging.debug('testing connection %s' % conn) logging.debug('testing connection %s' % conn)
if conn['cipher'] not in inter["ciphersuites"]: if conn['cipher'] not in inter["openssl_ciphersuites"]:
logging.debug(conn['cipher'] + ' is not in the list of intermediate ciphers') logging.debug(conn['cipher'] + ' is not in the list of intermediate ciphers')
failures[lvl].append("remove cipher " + conn['cipher']) failures[lvl].append("remove cipher " + conn['cipher'])
isinter = False isinter = False
@ -242,7 +242,7 @@ def is_modern(results):
all_proto = [] all_proto = []
for conn in results['ciphersuite']: for conn in results['ciphersuite']:
logging.debug('testing connection %s' % conn) logging.debug('testing connection %s' % conn)
if conn['cipher'] not in modern["ciphersuites"]: if conn['cipher'] not in modern["openssl_ciphersuites"]:
logging.debug(conn['cipher'] + ' is not in the list of modern ciphers') logging.debug(conn['cipher'] + ' is not in the list of modern ciphers')
failures[lvl].append("remove cipher " + conn['cipher']) failures[lvl].append("remove cipher " + conn['cipher'])
ismodern = False ismodern = False
@ -311,17 +311,17 @@ def evaluate_all(results):
if is_old(results): if is_old(results):
status = "old" status = "old"
if not is_ordered(results, old["ciphersuites"], "old"): if not is_ordered(results, old["openssl_ciphersuites"], "old"):
status = "old with bad ordering" status = "old with bad ordering"
if is_intermediate(results): if is_intermediate(results):
status = "intermediate" status = "intermediate"
if not is_ordered(results, inter["ciphersuites"], "intermediate"): if not is_ordered(results, inter["openssl_ciphersuites"], "intermediate"):
status = "intermediate with bad ordering" status = "intermediate with bad ordering"
if is_modern(results): if is_modern(results):
status = "modern" status = "modern"
if not is_ordered(results, modern["ciphersuites"], "modern"): if not is_ordered(results, modern["openssl_ciphersuites"], "modern"):
status = "modern with bad ordering" status = "modern with bad ordering"
if is_fubar(results): if is_fubar(results):