LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-09-29 08:03:42 +02:00
Code Issues Releases Wiki Activity
65 Commits 5 Branches 0 Tags 35 MiB
010ebccd80
Commit Graph

12 Commits

Author SHA1 Message Date
Hubert Kario
010ebccd80 extend SSL stats 
Two interesting server configurations are ones that support
only SSL3 or TLS1 only (old, but otherwise correctly configured servers)
and ones that support only TLS1.1 or up (brave admins that support
only new clients)
 2014-04-06 14:17:24 +02:00
Hubert Kario
39c3e1978a more detailed PFS report 
Just because server supports some bad DH params, doesn't mean
it will force them on users. Report number of servers
that prefer specific DH params.
 2014-04-06 14:15:32 +02:00
Hubert Kario
15d7762852 fix reporting of the TLS1.2 but not TLS1.1 
Some servers may be configured to support only TLS1.2, it would
count them towards the number of servers affected by the OpenSSL bug
 2014-04-06 14:13:44 +02:00
Hubert Kario
b2edb0e361 add support for Chacha20 based ciphers 
Basically all Google servers support Chacha20 now and it is
not a bad choice, so report it as a regular cipher
 2014-04-06 14:11:52 +02:00
Hubert Kario
1536064528 fix and extend reporting of AES-GCM ciphers 
AES-GCM ciphers don't have "AES-GCM" substring in the openssl name

extend reporting of AES ciphers, split to AES-CBC, AES-GCM and
AES in general
 2014-04-06 14:09:03 +02:00
Hubert Kario
fedf12dd5a fix spelling in TLS stats (TLS1_1 vs TLS1.1) 2014-04-06 14:06:18 +02:00
Hubert Kario
bc0409ca73 in "no-untrusted mode": filter out ADH and AECDH suites 
If server negotiates ADH or AECDH suite, openssl returns "ok" in
cert checking. Don't mark server as trusted because of that.

Don't collect statistics on servers that provide only untrusted
connections.
 2014-04-06 14:04:43 +02:00
Hubert Kario
5d7ec3a714 add ability to ignore results from untrusted servers 2014-04-06 14:04:43 +02:00
Hubert Kario
167ef8b502 report number of servers that use ECDSA and RSA certificates 
Since use of both ECDSA and RSA certificates is easy, it is
relatively simple to support both. Report the total number of
such servers
 2014-04-05 20:00:09 +02:00
Hubert Kario
8b2b6f5916 parsing of signature algorithm and key size 
add parsing of signature algorithm and key size from the individual
results, report summary
 2014-04-05 19:59:01 +02:00
Julien Vehent
5e8b495a18 added many tests 2014-01-11 01:07:32 +00:00
Julien Vehent
1414973531 basic results parsing script in python 2014-01-10 05:50:03 +00:00