LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00
Code Issues Releases Wiki Activity
155 Commits 5 Branches 0 Tags 35 MiB
334c3118e2
Commit Graph

155 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Julien Vehent
334c3118e2 Merge pull request #30 from tomato42/timeouts 
Fix delay option
 2014-10-29 17:34:18 -04:00
Hubert Kario
11ce6187de small fixes for delay 
firstly, test_cipher_on_target() will try at least 4 connections before
incurring the sleep, for aggressive rate limiter on server side it may be
too much, so sleep before every connection

secondly, because running external commands like sleep incurs a fork
penalty, we first check if it is necessary
 2014-10-28 16:44:43 +01:00
Hubert Kario
71ba3c88b0 increase timeout 
when some servers notice a scan (because of frequent connections) they
delay further connections, increase the timeout to properly scan them
 2014-10-28 13:17:20 +01:00
Julien Vehent
d11d5e9f36 update old and intermediate ciphersuites 2014-10-18 08:31:53 -04:00
Julien Vehent
a17cfe373e make 2048 DHE key optional in intermediate level 2014-10-18 08:20:00 -04:00
Julien Vehent
ebf4f8bcc7 fix ECC size in fubar pfs analysis 2014-10-18 07:23:24 -04:00
Julien Vehent
244e9ca9f2 refactor pfs evaluation in separate function 2014-10-17 11:58:19 -04:00
Julien Vehent
ddfaa6722d display target level compliance in text output 2014-10-17 11:58:05 -04:00
Julien Vehent
551255f8b4 detect fubar dh parameters 2014-10-17 11:20:25 -04:00
Julien Vehent
a4f573195e update intermediate ciphersuite to accept 3des 2014-10-17 11:10:01 -04:00
Julien Vehent
df0b5d8d3f fix wrong failure flag 2014-10-17 11:09:42 -04:00
Julien Vehent
a11b594ab4 Fix dhparam size detection in inter and modern levels 2014-10-17 11:09:28 -04:00
Julien Vehent
28c6c2488b Accept sha384 and sha512 signatures as well as sha256 2014-10-17 11:08:32 -04:00
Julien Vehent
5b32afaa1f Add target to text output 2014-10-17 10:48:59 -04:00
Julien Vehent
26c7b0e0d7 fix target level verification check 2014-10-11 23:08:35 -04:00
Julien Vehent
a749742ff3 make sha-256 cert an optional requirement to the intermediate level 2014-10-11 23:08:21 -04:00
Julien Vehent
b009c71321 add operator flag to analyze.py 2014-10-11 20:52:18 -04:00
Julien Vehent
cdd34fce03 fix bug in status detection of analyze.py 2014-10-11 20:45:14 -04:00
Julien Vehent
b846ac9d5b add json output to analyze.py via the -j flag 2014-10-11 19:37:08 -04:00
Julien Vehent
0da92f25b7 verify server side ordering is used in analyze.py 2014-10-11 00:34:07 -04:00
Julien Vehent
1c9d52c94c First shot at ordering analysis. Not yet perfect, but somewhat useful... 2014-10-10 20:30:27 -04:00
Julien Vehent
a46e474337 add some fubar recommentations 2014-10-10 19:07:31 -04:00
Julien Vehent
f4d0d598c7 analyze.py add option to give path to specific openssl 2014-10-10 18:56:44 -04:00
Julien Vehent
37f04054f8 fix json date to use UTC 2014-10-10 18:16:22 -04:00
Julien Vehent
86edd481f6 analyze.py uses provided openssl only on linux 64 2014-10-10 18:00:10 -04:00
Julien Vehent
81ef37c593 gitignore update 2014-10-10 17:31:44 -04:00
Julien Vehent
b80b5cdd35 hide errors when json format is used 2014-10-10 17:27:58 -04:00
Julien Vehent
278dab4800 Fix json date argument to be compatible on macos 2014-10-10 17:27:29 -04:00
Julien Vehent
f6f4fe8b86 Find timeout binary on linux and mac 2014-10-10 17:19:44 -04:00
Julien Vehent
c7c91ff5f8 updated authors 2014-10-10 16:56:06 -04:00
Julien Vehent
d5685da796 check that provided openssl is executable, fall back to system one if not 2014-10-10 16:56:00 -04:00
Julien Vehent
26aa8f9408 cleanups 2014-10-10 16:55:34 -04:00
Julien Vehent
7d2c8b4cad Use local ca bundle if none is found on the system, fixes issues with MacOS 2014-10-10 16:55:09 -04:00
Julien Vehent
cc1230efd9 Analysis wording changes 2014-10-09 10:09:44 -04:00
Julien Vehent
a722ad177d updated README with analysis info 2014-10-09 10:03:19 -04:00
Julien Vehent
5665951b09 minor analysis wording changes 2014-10-09 09:57:40 -04:00
Julien Vehent
215dbd0c1a ignore openssl errors in analyze.py 2014-10-09 09:54:30 -04:00
Julien Vehent
e9110c6bc8 gitignore 2014-10-09 09:36:08 -04:00
Julien Vehent
405b104583 improved configuration analysis 2014-10-09 09:35:59 -04:00
Julien Vehent
2858ef8116 Revert "no need to grep the input when we're using awk" 
This reverts commit 4c05897be2.
 2014-10-08 21:53:22 -04:00
Julien Vehent
34b2eb7819 First shot at cipherscan results analyzer 2014-10-08 21:53:05 -04:00
Hubert Kario
ca0ef2fc5c fixes for the pull request #18 
there were few small issues with the pull #18 even though jvehent merged
it, this fixes them
 2014-10-06 13:26:53 -04:00
Hubert Kario
29109f1e64 update SEED and IDEA classification, do a total of broken ciphers 
SEED and IDEA are not good ciphers, but not broken, so count them
separately, do a total count of servers that support broken and insecure
ciphers
 2014-10-06 13:25:04 -04:00
Hubert Kario
4c05897be2 no need to grep the input when we're using awk 
awk has an inbuilt version of grep, also truncate processing as soon
as we find what we're looking for
 2014-10-06 13:24:39 -04:00
Hubert Kario
fb02ae87ac add some comments, group related code 2014-10-06 13:22:29 -04:00
Hubert Kario
77671137df add support for CApath 
capath for relatively small cert sets (~300) makes scanning about 5%
faster

also do a little clean up of the command-to-run generation code
 2014-10-06 13:22:15 -04:00
Hubert Kario
189460da9e report if server uses client side or server side cipher ordering 2014-10-06 13:21:40 -04:00
Hubert Kario
a7ae42b08e openssl in -ssl2 mode doesn't tolerate -servername option 
when openssl is run in -ssl2 mode, it doesn't accept -servername
option and just aborts operation, it doesn't consider -status
to be special though.

Remove this option when running the SSLv2 portion of the test.
 2014-10-06 13:21:16 -04:00
Hubert Kario
3a4a5f938d add missing ocsp_staple header 2014-10-06 13:20:49 -04:00
Hubert Kario
8a0c9190a9 sort reported TLS session ticket hint using natural sort 2014-10-06 13:20:37 -04:00