Sun Shuzhou
2204ec21e9
Update cipherscan
2017-05-03 09:03:32 +08:00
Sun Shuzhou
c23d1ba64a
Update cipherscan
2017-05-02 21:38:03 +08:00
Hubert Kario
e9f3df4e9f
Merge pull request #135 from Jiab77/patch-1
...
Fixed symbolic link creation error and git output supression
2017-01-23 16:16:27 +01:00
Jonathan Barda
0b1d5331d6
Added requested changes
...
I may change `${BASH_SOURCE[0]}` by ` `basename $BASH_SOURCE` ` if you prefer
2017-01-23 16:12:34 +01:00
Jonathan Barda
717b9c0a13
Adapted changes as requested
...
Added some detail when required libraries are not present on the host and needs downloading
2017-01-23 15:27:04 +01:00
Jonathan Barda
5fd2e95c4d
Few fixes
...
Added `&>/dev/null` on git commands to suppress their output
Fixed the symbolic link creation that pointed to non existent path. `ecdsa` folder moved to `src/ecdsa`
2017-01-23 07:36:24 +01:00
Julien Vehent [:ulfr]
757bfefc6d
Merge pull request #134 from tycho/fix-benchmark-output
...
fix -b (benchmark) output
2017-01-13 16:19:56 -05:00
Julien Vehent [:ulfr]
1f2846d54e
Merge pull request #131 from castillar/master
...
Added info about OpenSSL proxy option to cipherscan script.
2017-01-13 16:15:15 -05:00
Julien Vehent [:ulfr]
6d66214fd1
Merge pull request #124 from firesock/master
...
Allow EC keys to have a smaller bitsize
2017-01-13 16:14:33 -05:00
Julien Vehent [:ulfr]
b1d37bf26d
Merge pull request #128 from tomato42/intolerance-tests
...
TLS version (in)tolerance scanner
2017-01-13 16:07:44 -05:00
Steven Noonan
981cf0744e
cipherscan: fix benchmark mode output
...
The microsecond measurement column wasn't being rendered.
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2017-01-01 14:15:23 -08:00
Steven Noonan
532ff712aa
cipherscan: always define a curves_ordering column value
...
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2017-01-01 14:15:23 -08:00
Jos Purvis
c6934569bd
Update to fix OpenSSL version in info message
2016-12-02 21:07:24 -05:00
Jos Purvis
3fc28b001c
Added info about OpenSSL proxy option to cipherscan script.
2016-12-02 12:29:44 -05:00
Hubert Kario
fb8b4d73bf
interpreting the intolerance data
2016-10-11 22:46:02 +02:00
Hubert Kario
45bb7d0c28
TLS version (in)tolerance scanner
...
Since it is impossible to make openssl command line tool send
TLSv1.3 Client Hello message, add a python based tool to perform
TLS version intolerance scan
2016-10-05 01:00:11 +02:00
Julien Vehent [:ulfr]
e5b747d29b
Merge pull request #125 from tomato42/sort-cas-by-usage
...
sort CA's by count, not name
2016-09-30 15:30:48 -04:00
Julien Vehent [:ulfr]
197881da81
Merge pull request #126 from tomato42/npn
...
Add support for collecting supported NPN protocols
2016-09-17 08:11:03 -04:00
Hubert Kario
6a906a6267
add support for collecting supported NPN protocols
2016-09-16 23:06:34 +02:00
Hubert Kario
0120fff9bc
sort CA's by count, not name
2016-09-06 14:08:06 +02:00
Awad Mackie
bb3e89ec09
Update fubar EC parameter size to 256
2016-08-25 00:40:39 +01:00
Awad Mackie
3a2a43f91d
Hardcode minimum EC key size
2016-08-22 23:44:13 +01:00
Awad Mackie
955d55a6ba
Update EC check to use regexp and match all OpenSSL EC cipher suite variants
2016-08-22 23:33:28 +01:00
Awad Mackie
f5ad5806c3
Allow EC keys to have a smaller bitsize
2016-08-21 13:16:54 +01:00
Julien Vehent
74dd82e8ad
Update OpenSSL binary
2016-08-16 11:28:34 -04:00
Julien Vehent [:ulfr]
8b73962b72
Merge pull request #122 from tomato42/result-parser-update
...
Result parser update
2016-07-23 10:30:52 -04:00
Julien Vehent [:ulfr]
4a6cb350c8
Merge pull request #123 from tomato42/certificate-verification-time
...
changing time of verification for certificate chains
2016-07-23 10:29:11 -04:00
Julien Vehent [:ulfr]
38f5ffba9d
Merge pull request #121 from tomato42/better-ca-handling
...
Better CA certificate handling
2016-07-23 10:27:00 -04:00
Hubert Kario
a5ec045000
changing time of verification for certificate chains
...
allow to run the analysis of certificate chains later after the
data was collected, allows also for re-analysis of archival data
2016-07-20 21:17:37 +02:00
Hubert Kario
7bb272e353
single-out 3DES ciphers
...
3DES is the weakest cipher from the ones that are still officially
standing, so report more detailed statistics about it
2016-07-20 20:51:51 +02:00
Hubert Kario
bbeac6107a
add FF 44 ciphers
...
since FF 44 has a different cipher set than FF 35, especially the
drop of DSS and RC4, it will be useful to have connection
statistics for it
2016-07-20 20:50:26 +02:00
Hubert Kario
7834cd0748
fold some long lines
...
long lines hard to read, make Hulk sad
2016-07-20 20:45:15 +02:00
Hubert Kario
94efc235d0
use more robust trust path building by default
...
use the -trusted_first flag to openssl, so that it tries alternative
trust paths to verify validity of server presented certificate
2016-07-20 20:43:47 +02:00
Hubert Kario
f9f3407bb4
scripts to create CApath directories with roots or intermediaries
...
In case the user has a set of certificates *and* intermediaries,
it is necessary to prime both the `ca_trusted` directory and the
`ca_files` directories with respectively all root CA's and
all CA's (root or intermediate)
2016-07-20 20:40:35 +02:00
Julien Vehent [:ulfr]
189695c0b1
Merge pull request #120 from tomato42/top1m-info
...
add README for the top1m folder
2016-07-20 14:30:22 -04:00
Hubert Kario
e9808a1bcb
report errors in cert file searching
...
since the certificates are separate from results file, they can get
missing (or an incorrect set can be used)
provide a clear message about what file is missing
2016-07-20 20:21:28 +02:00
Hubert Kario
985e26c71a
add README for the top1m folder
...
since the top-1m.csv.zip is not static, tell the users where it
can be found
also add a generic explanation about files in the folder
2016-07-20 20:16:39 +02:00
Julien Vehent [:ulfr]
5d930c2d32
Merge pull request #117 from adamcrosby/master
...
Fallback to local JSON if urllib fails to retrieve updated list
2016-02-29 08:58:05 -05:00
Adam Crosby
34f92a6838
Added adamcrobsy to contributors list
2016-02-29 08:23:14 -05:00
Adam Crosby
55cdb74ff7
Added fallback to use local json recommendations file if urllib fails to connect (including SNI errors), fixes issue #116
2016-02-29 08:21:04 -05:00
Julien Vehent
9f0226e00b
analyze.py: update example of json input
2016-02-24 10:52:18 -05:00
Julien Vehent
639bc45bf7
analyze.py refactoring to use online recommendations
2016-02-24 10:48:28 -05:00
Julien Vehent
18b0d1b952
Update linux openssl binary
2015-12-17 15:06:10 -05:00
Julien Vehent
6d2b850679
Merge pull request #105 from Emantor/intermediate-fix
...
Update analyze.py
2015-11-19 13:16:32 -05:00
Emantor
536ff90b86
ECDHE-ECDSA-DES-CBC3-SHA was missing too
...
Fix `ECDHE-ECDSA-DES-CBC3-SHA` as well.
2015-11-19 16:58:49 +01:00
Julien Vehent
a9cfcc8376
Merge pull request #107 from tomato42/ecdsa-certs
...
properly detect ECDSA certs for size compare
2015-11-19 08:54:43 -05:00
Hubert Kario
4d77c87494
properly detect ECDSA certs for keysize compare
...
since ECDSA certificates during the transition are likely to be
signed using RSA keys, we need to check the cipher rather than the
signature in the certificate to tell if the cert is ECDSA and as such
can have small key sizes
2015-11-17 15:31:46 +01:00
Emantor
e8ba5ab8fe
Update analyze.py
...
Per https://mozilla.github.io/server-side-tls/ssl-config-generator/
The intermediate config supports 'ECDHE-RSA-DES-CBC3-SHA', add it to analyze.py
2015-11-17 09:01:52 +01:00
Julien Vehent
1e65be5fd5
Added copy of the MPL
2015-10-18 08:45:20 -04:00
Julien Vehent
b03320887f
Merge pull request #100 from tomato42/compress-and-renego-info
...
Add testing for renegotiation and compression
2015-10-17 09:10:08 -04:00