From ebf4f8bcc762cadc219ba9354acef79375d558bd Mon Sep 17 00:00:00 2001
From: Julien Vehent <julien@linuxwall.info>
Date: Sat, 18 Oct 2014 07:23:24 -0400
Subject: [PATCH] fix ECC size in fubar pfs analysis

---
 analyze.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/analyze.py b/analyze.py
index a7ca9fa..656a3bb 100755
--- a/analyze.py
+++ b/analyze.py
@@ -56,7 +56,7 @@ def is_fubar(results):
             logging.debug(conn['pubkey'] + ' is a fubar pubkey size')
             fubar = True
         if conn['pfs'] != 'None':
-            if not has_good_pfs(conn['pfs'], 1024, 128):
+            if not has_good_pfs(conn['pfs'], 1024, 160):
                 logging.debug(conn['pfs']+ ' is a fubar PFS parameters')
                 fubar = True
                 has_wrong_pfs = True
@@ -77,7 +77,7 @@ def is_fubar(results):
     if has_untrust_cert:
         failures[lvl].append("don't use an untrusted or self-signed certificate")
     if has_wrong_pfs:
-        failures[lvl].append("don't use DHE smaller than 1024bits or ECC smaller than 128bits")
+        failures[lvl].append("don't use DHE smaller than 1024bits or ECC smaller than 160bits")
     return fubar
 
 # is_old assumes a configuration *is* old, and will return False if