LittleNellie
/
cipherscan
mirror of https://github.com/mozilla/cipherscan.git
2
0
Fork 0
Code Issues Releases Wiki Activity
407 Commits 5 Branches 0 Tags 35 MiB
Commit Graph

45 Commits

Author SHA1 Message Date
Awad Mackie bb3e89ec09 Update fubar EC parameter size to 256 2016-08-25 00:40:39 +01:00
Awad Mackie 3a2a43f91d Hardcode minimum EC key size 2016-08-22 23:44:13 +01:00
Awad Mackie 955d55a6ba Update EC check to use regexp and match all OpenSSL EC cipher suite variants 2016-08-22 23:33:28 +01:00
Awad Mackie f5ad5806c3 Allow EC keys to have a smaller bitsize 2016-08-21 13:16:54 +01:00
Adam Crosby 55cdb74ff7 Added fallback to use local json recommendations file if urllib fails to connect (including SNI errors), fixes issue #116 2016-02-29 08:21:04 -05:00
Julien Vehent 9f0226e00b analyze.py: update example of json input 2016-02-24 10:52:18 -05:00
Julien Vehent 639bc45bf7 analyze.py refactoring to use online recommendations 2016-02-24 10:48:28 -05:00
Emantor 536ff90b86 ECDHE-ECDSA-DES-CBC3-SHA was missing too 
Fix `ECDHE-ECDSA-DES-CBC3-SHA` as well.
 2015-11-19 16:58:49 +01:00
Emantor e8ba5ab8fe Update analyze.py 
Per https://mozilla.github.io/server-side-tls/ssl-config-generator/
The intermediate config supports 'ECDHE-RSA-DES-CBC3-SHA', add it to analyze.py
 2015-11-17 09:01:52 +01:00
Julien Vehent 3770389b5c Merge pull request #68 from kenoh/master 
Fix: incorrect list + string concatenation (issue #64)
 2015-09-18 09:27:41 -04:00
Hubert Kario a3e04d3d01 fix analyze.py Python3 compat 
because subprocess returns `bytes` in Python 3
we need to interpret them to characters, which are needed by json
input and string parsing

fixes #69, #71
 2015-08-23 17:31:04 +02:00
Matúš Honěk c9529b5977 Fix: incorrect list + string concatenation (issue #64) 2015-08-14 16:55:54 +02:00
Hubert Kario 86bc8e8574 fix is_fubar key size check 2015-05-30 19:48:56 +02:00
Hubert Kario a53a91695e make scripts python 3 compatible 2015-05-30 15:46:26 +02:00
Julien Vehent 3e4b86eedd Merge pull request #47 from ScriptFanix/master 
fix silent TypeError on sigalg md5WithRSAEncryption
 2015-01-26 11:09:54 -05:00
Julien Vehent 3915164430 Use custom darwin openssl bin in analyze.py 2015-01-18 12:26:59 -05:00
Vincent Riquer d1a8604a2a fix silent TypeError on sigalg md5WithRSAEncryption 
conn['sigalg'] is an array, logging.debug(conn['sigalg']) caused silent failure
 2015-01-10 03:51:26 +01:00
Vincent Riquer b457951f5f don't expect openssl to be in cwd 2014-12-26 09:49:52 +01:00
Vincent Riquer 0e7996181a Don't expect scripts to be in working directory 2014-12-24 11:26:24 +01:00
Vincent Riquer 983f85d2d4 --nagios: run as a nagios plugin 2014-12-23 14:51:50 +01:00
Julien Vehent d11d5e9f36 update old and intermediate ciphersuites 2014-10-18 08:31:53 -04:00
Julien Vehent a17cfe373e make 2048 DHE key optional in intermediate level 2014-10-18 08:20:00 -04:00
Julien Vehent ebf4f8bcc7 fix ECC size in fubar pfs analysis 2014-10-18 07:23:24 -04:00
Julien Vehent 244e9ca9f2 refactor pfs evaluation in separate function 2014-10-17 11:58:19 -04:00
Julien Vehent ddfaa6722d display target level compliance in text output 2014-10-17 11:58:05 -04:00
Julien Vehent 551255f8b4 detect fubar dh parameters 2014-10-17 11:20:25 -04:00
Julien Vehent a4f573195e update intermediate ciphersuite to accept 3des 2014-10-17 11:10:01 -04:00
Julien Vehent df0b5d8d3f fix wrong failure flag 2014-10-17 11:09:42 -04:00
Julien Vehent a11b594ab4 Fix dhparam size detection in inter and modern levels 2014-10-17 11:09:28 -04:00
Julien Vehent 28c6c2488b Accept sha384 and sha512 signatures as well as sha256 2014-10-17 11:08:32 -04:00
Julien Vehent 26c7b0e0d7 fix target level verification check 2014-10-11 23:08:35 -04:00
Julien Vehent a749742ff3 make sha-256 cert an optional requirement to the intermediate level 2014-10-11 23:08:21 -04:00
Julien Vehent b009c71321 add operator flag to analyze.py 2014-10-11 20:52:18 -04:00
Julien Vehent cdd34fce03 fix bug in status detection of analyze.py 2014-10-11 20:45:14 -04:00
Julien Vehent b846ac9d5b add json output to analyze.py via the -j flag 2014-10-11 19:37:08 -04:00
Julien Vehent 0da92f25b7 verify server side ordering is used in analyze.py 2014-10-11 00:34:07 -04:00
Julien Vehent 1c9d52c94c First shot at ordering analysis. Not yet perfect, but somewhat useful... 2014-10-10 20:30:27 -04:00
Julien Vehent a46e474337 add some fubar recommentations 2014-10-10 19:07:31 -04:00
Julien Vehent f4d0d598c7 analyze.py add option to give path to specific openssl 2014-10-10 18:56:44 -04:00
Julien Vehent 86edd481f6 analyze.py uses provided openssl only on linux 64 2014-10-10 18:00:10 -04:00
Julien Vehent cc1230efd9 Analysis wording changes 2014-10-09 10:09:44 -04:00
Julien Vehent 5665951b09 minor analysis wording changes 2014-10-09 09:57:40 -04:00
Julien Vehent 215dbd0c1a ignore openssl errors in analyze.py 2014-10-09 09:54:30 -04:00
Julien Vehent 405b104583 improved configuration analysis 2014-10-09 09:35:59 -04:00
Julien Vehent 34b2eb7819 First shot at cipherscan results analyzer 2014-10-08 21:53:05 -04:00