From ebf4f8bcc762cadc219ba9354acef79375d558bd Mon Sep 17 00:00:00 2001 From: Julien Vehent Date: Sat, 18 Oct 2014 07:23:24 -0400 Subject: [PATCH] fix ECC size in fubar pfs analysis --- analyze.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/analyze.py b/analyze.py index a7ca9fa..656a3bb 100755 --- a/analyze.py +++ b/analyze.py @@ -56,7 +56,7 @@ def is_fubar(results): logging.debug(conn['pubkey'] + ' is a fubar pubkey size') fubar = True if conn['pfs'] != 'None': - if not has_good_pfs(conn['pfs'], 1024, 128): + if not has_good_pfs(conn['pfs'], 1024, 160): logging.debug(conn['pfs']+ ' is a fubar PFS parameters') fubar = True has_wrong_pfs = True @@ -77,7 +77,7 @@ def is_fubar(results): if has_untrust_cert: failures[lvl].append("don't use an untrusted or self-signed certificate") if has_wrong_pfs: - failures[lvl].append("don't use DHE smaller than 1024bits or ECC smaller than 128bits") + failures[lvl].append("don't use DHE smaller than 1024bits or ECC smaller than 160bits") return fubar # is_old assumes a configuration *is* old, and will return False if