Hubert Kario
349d4ebc3c
more detailed PFS report
...
Just because server supports some bad DH params, doesn't mean
it will force them on users. Report number of servers
that prefer specific DH params.
2014-04-19 23:14:57 +02:00
Hubert Kario
d3b6f9b507
fix reporting of the TLS1.2 but not TLS1.1
...
Some servers may be configured to support only TLS1.2, it would
count them towards the number of servers affected by the OpenSSL bug
2014-04-19 23:14:57 +02:00
Hubert Kario
c8abfb53e8
add support for Chacha20 based ciphers
...
Basically all Google servers support Chacha20 now and it is
not a bad choice, so report it as a regular cipher
2014-04-19 23:14:57 +02:00
Hubert Kario
2b794ebfe0
fix and extend reporting of AES-GCM ciphers
...
AES-GCM ciphers don't have "AES-GCM" substring in the openssl name
extend reporting of AES ciphers, split to AES-CBC, AES-GCM and
AES in general
2014-04-19 23:14:57 +02:00
Hubert Kario
fd6fcdd359
fix spelling in TLS stats (TLS1_1 vs TLS1.1)
2014-04-19 23:14:57 +02:00
Hubert Kario
faef8d692f
in "no-untrusted mode": filter out ADH and AECDH suites
...
If server negotiates ADH or AECDH suite, openssl returns "ok" in
cert checking. Don't mark server as trusted because of that.
Don't collect statistics on servers that provide only untrusted
connections.
2014-04-19 23:14:47 +02:00
Hubert Kario
45dc1da3f6
add ability to ignore results from untrusted servers
2014-04-19 23:07:01 +02:00
Hubert Kario
ff620f5b26
report number of servers that use ECDSA and RSA certificates
...
Since use of both ECDSA and RSA certificates is easy, it is
relatively simple to support both. Report the total number of
such servers
2014-04-19 23:07:00 +02:00
Hubert Kario
863441a179
parsing of signature algorithm and key size
...
add parsing of signature algorithm and key size from the individual
results, report summary
2014-04-19 23:07:00 +02:00
Hubert Kario
b6b9a1a364
Improve scanning performance and reduce false negatives
...
scan all the machines from top-1m.csv file, wait for completion
of all jobs
i=1 is an off-by-one-error
support top-1m.csv files with arbitrary number of sites
run scans for many hosts at a time, but don't run more than
specified amount
in case where default domain name doesn't resolve or doesn't have
port 443 open, retry with www. prefix
2014-04-19 22:56:41 +02:00
Julien Vehent
5e8b495a18
added many tests
2014-01-11 01:07:32 +00:00
Julien Vehent
1414973531
basic results parsing script in python
2014-01-10 05:50:03 +00:00
Julien Vehent
f3c8b24b8b
tweaks
2014-01-09 20:16:40 +00:00
Julien Vehent
e4ea957c8d
Script to scan Alexa's top 1m websites
2014-01-09 11:52:17 -05:00