LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-05 07:23:42 +01:00
Code Issues Releases Wiki Activity
224 Commits 5 Branches 0 Tags 35 MiB
a53a91695e
Commit Graph

35 Commits

Author SHA1 Message Date
Hubert Kario
a53a91695e make scripts python 3 compatible 2015-05-30 15:46:26 +02:00
Julien Vehent
4a6ff56b81 Add back support for old curve json format in parse results 2015-04-02 04:39:59 -04:00
Julien Vehent
b2a399617f Use new JSON format in parse_results 2015-04-01 14:50:49 -04:00
Hubert Kario
c52e008347 add support for testing supported curves 
since early versions of 1.0.2 openssl supports -curves command line
option, it allows us to set the curves advertised as supported

use the same approach to testing: advertise all, check what server
accepts, remove the accepted from list, repeat. When server aborts
connection or selects non ECC cipher, we know that we've tested all.
 2015-03-27 10:04:15 -04:00
Hubert Kario
29c739faa9 count EDH-DES as PFS too in general stats 2014-10-25 16:23:41 +02:00
Hubert Kario
af2e25ec89 fix EDH checking 
old ciphers have names that use EDH instead of DHE so we need check
for both names
 2014-10-25 16:11:18 +02:00
Hubert Kario
76d791fcbe make cipher selection simulation generic 
it's relatively easy to make the cipher selection generic,
so that adding different clients is as easy as converting their
client hello cipher ordering to openssl cipher names
 2014-10-12 20:39:39 +02:00
Hubert Kario
c82bc44558 report cipher ordering in scanning stats, use it to simulate handshakes 
since now we know if server honours client order or not, we can use it
to properly simulate handshakes for a given client, also report
the general stats of this server configuration variable
 2014-10-12 20:39:39 +02:00
Hubert Kario
42fa7d9ecb report what ciphers Firefox would select while connecting to server 2014-10-12 20:39:39 +02:00
Hubert Kario
1b4dcc4393 report ciphers causing incompatibility for Firefox 
It turns out that the situation is even more bleak for Firefox
with regards to RC4, add it to report
 2014-10-12 20:39:39 +02:00
Hubert Kario
142726c4fd count ECDH-RSA ciphers as ECDSA 
the ECDH parameters come from server certificate - the point
on elliptic curve. The RSA comes from the signature on the certificate
which comes from CA
 2014-10-12 20:39:39 +02:00
Hubert Kario
ca0ef2fc5c fixes for the pull request #18 
there were few small issues with the pull #18 even though jvehent merged
it, this fixes them
 2014-10-06 13:26:53 -04:00
Hubert Kario
29109f1e64 update SEED and IDEA classification, do a total of broken ciphers 
SEED and IDEA are not good ciphers, but not broken, so count them
separately, do a total count of servers that support broken and insecure
ciphers
 2014-10-06 13:25:04 -04:00
Hubert Kario
8a0c9190a9 sort reported TLS session ticket hint using natural sort 2014-10-06 13:20:37 -04:00
Julien Vehent
ecd77f94fc Merge pull request #18 from tomato42/wip 
Hodgepodge of fixes
 2014-08-28 16:02:19 -04:00
Hubert Kario
7591062bbc parse_results.py: compatibility with old results files 2014-06-04 18:52:39 +02:00
Hubert Kario
be0439ef99 provide statistics for all key exchange methods, not DHE and ECDHE only 2014-06-04 18:17:41 +02:00
Hubert Kario
3667b04ad7 correctly count broken cipher suites with "no reporting of untrusted" 2014-06-04 18:17:02 +02:00
Hubert Kario
86ff1122cc parse_results.py: don't count anonymous cipher suites toward correct config stats 2014-06-04 15:15:32 +02:00
Julien Vehent
50f4959e79 updated license on parse_results.py 2014-05-20 08:23:57 -04:00
Hubert Kario
4e94d95bd8 ask for OCSP stapling by default 
for now, no option to disable
 2014-05-16 17:31:44 +02:00
Hubert Kario
0777682aa6 collect TLS ticket lifetime hints 2014-05-16 16:55:19 +02:00
Hubert Kario
686d7c958b extend reporting of RC4-related stats 
While preferring RC4 in TLS1.0 or SSL3 was recommended before,
it was always known that TLS1.1 and TLS1.2 were not vulnerable against
BEAST, so forcing RC4 there is a mistake. Report number of such servers.
 2014-04-19 23:14:57 +02:00
Hubert Kario
21bba67df0 extend SSL stats 
Two interesting server configurations are ones that support
only SSL3 or TLS1 only (old, but otherwise correctly configured servers)
and ones that support only TLS1.1 or up (brave admins that support
only new clients)
 2014-04-19 23:14:57 +02:00
Hubert Kario
349d4ebc3c more detailed PFS report 
Just because server supports some bad DH params, doesn't mean
it will force them on users. Report number of servers
that prefer specific DH params.
 2014-04-19 23:14:57 +02:00
Hubert Kario
d3b6f9b507 fix reporting of the TLS1.2 but not TLS1.1 
Some servers may be configured to support only TLS1.2, it would
count them towards the number of servers affected by the OpenSSL bug
 2014-04-19 23:14:57 +02:00
Hubert Kario
c8abfb53e8 add support for Chacha20 based ciphers 
Basically all Google servers support Chacha20 now and it is
not a bad choice, so report it as a regular cipher
 2014-04-19 23:14:57 +02:00
Hubert Kario
2b794ebfe0 fix and extend reporting of AES-GCM ciphers 
AES-GCM ciphers don't have "AES-GCM" substring in the openssl name

extend reporting of AES ciphers, split to AES-CBC, AES-GCM and
AES in general
 2014-04-19 23:14:57 +02:00
Hubert Kario
fd6fcdd359 fix spelling in TLS stats (TLS1_1 vs TLS1.1) 2014-04-19 23:14:57 +02:00
Hubert Kario
faef8d692f in "no-untrusted mode": filter out ADH and AECDH suites 
If server negotiates ADH or AECDH suite, openssl returns "ok" in
cert checking. Don't mark server as trusted because of that.

Don't collect statistics on servers that provide only untrusted
connections.
 2014-04-19 23:14:47 +02:00
Hubert Kario
45dc1da3f6 add ability to ignore results from untrusted servers 2014-04-19 23:07:01 +02:00
Hubert Kario
ff620f5b26 report number of servers that use ECDSA and RSA certificates 
Since use of both ECDSA and RSA certificates is easy, it is
relatively simple to support both. Report the total number of
such servers
 2014-04-19 23:07:00 +02:00
Hubert Kario
863441a179 parsing of signature algorithm and key size 
add parsing of signature algorithm and key size from the individual
results, report summary
 2014-04-19 23:07:00 +02:00
Julien Vehent
5e8b495a18 added many tests 2014-01-11 01:07:32 +00:00
Julien Vehent
1414973531 basic results parsing script in python 2014-01-10 05:50:03 +00:00