While preferring RC4 in TLS1.0 or SSL3 was recommended before,
it was always known that TLS1.1 and TLS1.2 were not vulnerable against
BEAST, so forcing RC4 there is a mistake. Report number of such servers.
Two interesting server configurations are ones that support
only SSL3 or TLS1 only (old, but otherwise correctly configured servers)
and ones that support only TLS1.1 or up (brave admins that support
only new clients)
If server negotiates ADH or AECDH suite, openssl returns "ok" in
cert checking. Don't mark server as trusted because of that.
Don't collect statistics on servers that provide only untrusted
connections.
scan all the machines from top-1m.csv file, wait for completion
of all jobs
i=1 is an off-by-one-error
support top-1m.csv files with arbitrary number of sites
run scans for many hosts at a time, but don't run more than
specified amount
in case where default domain name doesn't resolve or doesn't have
port 443 open, retry with www. prefix