2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-23 22:53:41 +01:00
Commit Graph

400 Commits

Author SHA1 Message Date
Hubert Kario
4890e26910 support spaces in openssl path
fixes #78
2018-05-19 20:25:43 +02:00
Hubert Kario
528e94d613
Merge pull request #143 from luigiJsonar/patch-1
README.md typo
2017-11-21 01:33:44 +01:00
Luigi Labigalini
fda447a5a8
README.md typo 2017-11-16 12:02:33 -08:00
Hubert Kario
cb6e027327
Merge pull request #142 from ebabani/master
Redirect dependency download output to stderr
2017-11-13 12:12:29 +01:00
Ergin Babani
3ecd5c5895 Redirect dependency download output to stderr
If running `analyze.py` for the first time the dependency downloading
output would be part of the json, and the command would fail due to
invalid json data.
2017-11-07 13:18:10 -05:00
Hubert Kario
17dcd0dc05 Merge pull request #138 from sunshuzhou/patch-1
Update cipherscan
2017-05-03 14:57:32 +02:00
Sun Shuzhou
2204ec21e9 Update cipherscan 2017-05-03 09:03:32 +08:00
Sun Shuzhou
c23d1ba64a Update cipherscan 2017-05-02 21:38:03 +08:00
Hubert Kario
e9f3df4e9f Merge pull request #135 from Jiab77/patch-1
Fixed symbolic link creation error and git output supression
2017-01-23 16:16:27 +01:00
Jonathan Barda
0b1d5331d6 Added requested changes
I may change `${BASH_SOURCE[0]}` by ` `basename $BASH_SOURCE` ` if you prefer
2017-01-23 16:12:34 +01:00
Jonathan Barda
717b9c0a13 Adapted changes as requested
Added some detail when required libraries are not present on the host and needs downloading
2017-01-23 15:27:04 +01:00
Jonathan Barda
5fd2e95c4d Few fixes
Added `&>/dev/null` on git commands to suppress their output
Fixed the symbolic link creation that pointed to non existent path. `ecdsa` folder moved to `src/ecdsa`
2017-01-23 07:36:24 +01:00
Julien Vehent [:ulfr]
757bfefc6d Merge pull request #134 from tycho/fix-benchmark-output
fix -b (benchmark) output
2017-01-13 16:19:56 -05:00
Julien Vehent [:ulfr]
1f2846d54e Merge pull request #131 from castillar/master
Added info about OpenSSL proxy option to cipherscan script.
2017-01-13 16:15:15 -05:00
Julien Vehent [:ulfr]
6d66214fd1 Merge pull request #124 from firesock/master
Allow EC keys to have a smaller bitsize
2017-01-13 16:14:33 -05:00
Julien Vehent [:ulfr]
b1d37bf26d Merge pull request #128 from tomato42/intolerance-tests
TLS version (in)tolerance scanner
2017-01-13 16:07:44 -05:00
Steven Noonan
981cf0744e cipherscan: fix benchmark mode output
The microsecond measurement column wasn't being rendered.

Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2017-01-01 14:15:23 -08:00
Steven Noonan
532ff712aa cipherscan: always define a curves_ordering column value
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2017-01-01 14:15:23 -08:00
Jos Purvis
c6934569bd Update to fix OpenSSL version in info message 2016-12-02 21:07:24 -05:00
Jos Purvis
3fc28b001c Added info about OpenSSL proxy option to cipherscan script. 2016-12-02 12:29:44 -05:00
Hubert Kario
fb8b4d73bf interpreting the intolerance data 2016-10-11 22:46:02 +02:00
Hubert Kario
45bb7d0c28 TLS version (in)tolerance scanner
Since it is impossible to make openssl command line tool send
TLSv1.3 Client Hello message, add a python based tool to perform
TLS version intolerance scan
2016-10-05 01:00:11 +02:00
Julien Vehent [:ulfr]
e5b747d29b Merge pull request #125 from tomato42/sort-cas-by-usage
sort CA's by count, not name
2016-09-30 15:30:48 -04:00
Julien Vehent [:ulfr]
197881da81 Merge pull request #126 from tomato42/npn
Add support for collecting supported NPN protocols
2016-09-17 08:11:03 -04:00
Hubert Kario
6a906a6267 add support for collecting supported NPN protocols 2016-09-16 23:06:34 +02:00
Hubert Kario
0120fff9bc sort CA's by count, not name 2016-09-06 14:08:06 +02:00
Awad Mackie
bb3e89ec09 Update fubar EC parameter size to 256 2016-08-25 00:40:39 +01:00
Awad Mackie
3a2a43f91d Hardcode minimum EC key size 2016-08-22 23:44:13 +01:00
Awad Mackie
955d55a6ba Update EC check to use regexp and match all OpenSSL EC cipher suite variants 2016-08-22 23:33:28 +01:00
Awad Mackie
f5ad5806c3 Allow EC keys to have a smaller bitsize 2016-08-21 13:16:54 +01:00
Julien Vehent
74dd82e8ad Update OpenSSL binary 2016-08-16 11:28:34 -04:00
Julien Vehent [:ulfr]
8b73962b72 Merge pull request #122 from tomato42/result-parser-update
Result parser update
2016-07-23 10:30:52 -04:00
Julien Vehent [:ulfr]
4a6cb350c8 Merge pull request #123 from tomato42/certificate-verification-time
changing time of verification for certificate chains
2016-07-23 10:29:11 -04:00
Julien Vehent [:ulfr]
38f5ffba9d Merge pull request #121 from tomato42/better-ca-handling
Better CA certificate handling
2016-07-23 10:27:00 -04:00
Hubert Kario
a5ec045000 changing time of verification for certificate chains
allow to run the analysis of certificate chains later after the
data was collected, allows also for re-analysis of archival data
2016-07-20 21:17:37 +02:00
Hubert Kario
7bb272e353 single-out 3DES ciphers
3DES is the weakest cipher from the ones that are still officially
standing, so report more detailed statistics about it
2016-07-20 20:51:51 +02:00
Hubert Kario
bbeac6107a add FF 44 ciphers
since FF 44 has a different cipher set than FF 35, especially the
drop of DSS and RC4, it will be useful to have connection
statistics for it
2016-07-20 20:50:26 +02:00
Hubert Kario
7834cd0748 fold some long lines
long lines hard to read, make Hulk sad
2016-07-20 20:45:15 +02:00
Hubert Kario
94efc235d0 use more robust trust path building by default
use the -trusted_first flag to openssl, so that it tries alternative
trust paths to verify validity of server presented certificate
2016-07-20 20:43:47 +02:00
Hubert Kario
f9f3407bb4 scripts to create CApath directories with roots or intermediaries
In case the user has a set of certificates *and* intermediaries,
it is necessary to prime both the `ca_trusted` directory and the
`ca_files` directories with respectively all root CA's and
all CA's (root or intermediate)
2016-07-20 20:40:35 +02:00
Julien Vehent [:ulfr]
189695c0b1 Merge pull request #120 from tomato42/top1m-info
add README for the top1m folder
2016-07-20 14:30:22 -04:00
Hubert Kario
e9808a1bcb report errors in cert file searching
since the certificates are separate from results file, they can get
missing (or an incorrect set can be used)

provide a clear message about what file is missing
2016-07-20 20:21:28 +02:00
Hubert Kario
985e26c71a add README for the top1m folder
since the top-1m.csv.zip is not static, tell the users where it
can be found

also add a generic explanation about files in the folder
2016-07-20 20:16:39 +02:00
Julien Vehent [:ulfr]
5d930c2d32 Merge pull request #117 from adamcrosby/master
Fallback to local JSON if urllib fails to retrieve updated list
2016-02-29 08:58:05 -05:00
Adam Crosby
34f92a6838 Added adamcrobsy to contributors list 2016-02-29 08:23:14 -05:00
Adam Crosby
55cdb74ff7 Added fallback to use local json recommendations file if urllib fails to connect (including SNI errors), fixes issue #116 2016-02-29 08:21:04 -05:00
Julien Vehent
9f0226e00b analyze.py: update example of json input 2016-02-24 10:52:18 -05:00
Julien Vehent
639bc45bf7 analyze.py refactoring to use online recommendations 2016-02-24 10:48:28 -05:00
Julien Vehent
18b0d1b952 Update linux openssl binary 2015-12-17 15:06:10 -05:00
Julien Vehent
6d2b850679 Merge pull request #105 from Emantor/intermediate-fix
Update analyze.py
2015-11-19 13:16:32 -05:00