Julien Vehent
334c3118e2
Merge pull request #30 from tomato42/timeouts
...
Fix delay option
2014-10-29 17:34:18 -04:00
Hubert Kario
11ce6187de
small fixes for delay
...
firstly, test_cipher_on_target() will try at least 4 connections before
incurring the sleep, for aggressive rate limiter on server side it may be
too much, so sleep before every connection
secondly, because running external commands like sleep incurs a fork
penalty, we first check if it is necessary
2014-10-28 16:44:43 +01:00
Hubert Kario
71ba3c88b0
increase timeout
...
when some servers notice a scan (because of frequent connections) they
delay further connections, increase the timeout to properly scan them
2014-10-28 13:17:20 +01:00
Julien Vehent
d11d5e9f36
update old and intermediate ciphersuites
2014-10-18 08:31:53 -04:00
Julien Vehent
a17cfe373e
make 2048 DHE key optional in intermediate level
2014-10-18 08:20:00 -04:00
Julien Vehent
ebf4f8bcc7
fix ECC size in fubar pfs analysis
2014-10-18 07:23:24 -04:00
Julien Vehent
244e9ca9f2
refactor pfs evaluation in separate function
2014-10-17 11:58:19 -04:00
Julien Vehent
ddfaa6722d
display target level compliance in text output
2014-10-17 11:58:05 -04:00
Julien Vehent
551255f8b4
detect fubar dh parameters
2014-10-17 11:20:25 -04:00
Julien Vehent
a4f573195e
update intermediate ciphersuite to accept 3des
2014-10-17 11:10:01 -04:00
Julien Vehent
df0b5d8d3f
fix wrong failure flag
2014-10-17 11:09:42 -04:00
Julien Vehent
a11b594ab4
Fix dhparam size detection in inter and modern levels
2014-10-17 11:09:28 -04:00
Julien Vehent
28c6c2488b
Accept sha384 and sha512 signatures as well as sha256
2014-10-17 11:08:32 -04:00
Julien Vehent
5b32afaa1f
Add target to text output
2014-10-17 10:48:59 -04:00
Julien Vehent
26c7b0e0d7
fix target level verification check
2014-10-11 23:08:35 -04:00
Julien Vehent
a749742ff3
make sha-256 cert an optional requirement to the intermediate level
2014-10-11 23:08:21 -04:00
Julien Vehent
b009c71321
add operator flag to analyze.py
2014-10-11 20:52:18 -04:00
Julien Vehent
cdd34fce03
fix bug in status detection of analyze.py
2014-10-11 20:45:14 -04:00
Julien Vehent
b846ac9d5b
add json output to analyze.py via the -j flag
2014-10-11 19:37:08 -04:00
Julien Vehent
0da92f25b7
verify server side ordering is used in analyze.py
2014-10-11 00:34:07 -04:00
Julien Vehent
1c9d52c94c
First shot at ordering analysis. Not yet perfect, but somewhat useful...
2014-10-10 20:30:27 -04:00
Julien Vehent
a46e474337
add some fubar recommentations
2014-10-10 19:07:31 -04:00
Julien Vehent
f4d0d598c7
analyze.py add option to give path to specific openssl
2014-10-10 18:56:44 -04:00
Julien Vehent
37f04054f8
fix json date to use UTC
2014-10-10 18:16:22 -04:00
Julien Vehent
86edd481f6
analyze.py uses provided openssl only on linux 64
2014-10-10 18:00:10 -04:00
Julien Vehent
81ef37c593
gitignore update
2014-10-10 17:31:44 -04:00
Julien Vehent
b80b5cdd35
hide errors when json format is used
2014-10-10 17:27:58 -04:00
Julien Vehent
278dab4800
Fix json date argument to be compatible on macos
2014-10-10 17:27:29 -04:00
Julien Vehent
f6f4fe8b86
Find timeout binary on linux and mac
2014-10-10 17:19:44 -04:00
Julien Vehent
c7c91ff5f8
updated authors
2014-10-10 16:56:06 -04:00
Julien Vehent
d5685da796
check that provided openssl is executable, fall back to system one if not
2014-10-10 16:56:00 -04:00
Julien Vehent
26aa8f9408
cleanups
2014-10-10 16:55:34 -04:00
Julien Vehent
7d2c8b4cad
Use local ca bundle if none is found on the system, fixes issues with MacOS
2014-10-10 16:55:09 -04:00
Julien Vehent
cc1230efd9
Analysis wording changes
2014-10-09 10:09:44 -04:00
Julien Vehent
a722ad177d
updated README with analysis info
2014-10-09 10:03:19 -04:00
Julien Vehent
5665951b09
minor analysis wording changes
2014-10-09 09:57:40 -04:00
Julien Vehent
215dbd0c1a
ignore openssl errors in analyze.py
2014-10-09 09:54:30 -04:00
Julien Vehent
e9110c6bc8
gitignore
2014-10-09 09:36:08 -04:00
Julien Vehent
405b104583
improved configuration analysis
2014-10-09 09:35:59 -04:00
Julien Vehent
2858ef8116
Revert "no need to grep the input when we're using awk"
...
This reverts commit 4c05897be2
.
2014-10-08 21:53:22 -04:00
Julien Vehent
34b2eb7819
First shot at cipherscan results analyzer
2014-10-08 21:53:05 -04:00
Hubert Kario
ca0ef2fc5c
fixes for the pull request #18
...
there were few small issues with the pull #18 even though jvehent merged
it, this fixes them
2014-10-06 13:26:53 -04:00
Hubert Kario
29109f1e64
update SEED and IDEA classification, do a total of broken ciphers
...
SEED and IDEA are not good ciphers, but not broken, so count them
separately, do a total count of servers that support broken and insecure
ciphers
2014-10-06 13:25:04 -04:00
Hubert Kario
4c05897be2
no need to grep the input when we're using awk
...
awk has an inbuilt version of grep, also truncate processing as soon
as we find what we're looking for
2014-10-06 13:24:39 -04:00
Hubert Kario
fb02ae87ac
add some comments, group related code
2014-10-06 13:22:29 -04:00
Hubert Kario
77671137df
add support for CApath
...
capath for relatively small cert sets (~300) makes scanning about 5%
faster
also do a little clean up of the command-to-run generation code
2014-10-06 13:22:15 -04:00
Hubert Kario
189460da9e
report if server uses client side or server side cipher ordering
2014-10-06 13:21:40 -04:00
Hubert Kario
a7ae42b08e
openssl in -ssl2 mode doesn't tolerate -servername option
...
when openssl is run in -ssl2 mode, it doesn't accept -servername
option and just aborts operation, it doesn't consider -status
to be special though.
Remove this option when running the SSLv2 portion of the test.
2014-10-06 13:21:16 -04:00
Hubert Kario
3a4a5f938d
add missing ocsp_staple header
2014-10-06 13:20:49 -04:00
Hubert Kario
8a0c9190a9
sort reported TLS session ticket hint using natural sort
2014-10-06 13:20:37 -04:00