Jan Brasna
ac02a7d3f1
Fix failure for old protocols, int+modern ordering and kx
2024-11-18 00:09:34 +01:00
Jan Brasna
ecdc24b057
Update sstls version to 5.7
2024-11-17 23:23:47 +01:00
Paul Spangler
0c6f41ddc6
analyze.py: Fix intermediate configuration detection
...
Use the openssl_ciphers key instead of openssl_ciphersuites
since we compare against ciphers being used. Remove hardcoded
assumptions about TLS 1.1 and AES being required. Use the
server_preferred_order key instead of assuming server order
for ciphers.
2019-10-29 10:17:58 -05:00
David Chandek-Stark
ea341f0aec
Fixes #180
2019-07-08 15:32:35 -04:00
Hubert Kario
3186212159
de-engrishify error message
2018-12-12 16:08:54 +01:00
Julien Vehent [:ulfr]
dced87353e
Merge pull request #161 from tomato42/phrasing-in-analyze.py
...
tweak phrasing for analyze.py report
2018-12-12 07:26:27 -05:00
Adam Garcia
acfae638a3
Changes analyze.py to be compatible with python3
2018-08-28 14:18:52 -07:00
Hubert Kario
981ac390d6
tweak phrasing for analyze.py report
...
for intermediate and modern, we expect the server to support exact
set of curves, reflect that in the error message
2018-05-20 14:31:09 +02:00
Awad Mackie
bb3e89ec09
Update fubar EC parameter size to 256
2016-08-25 00:40:39 +01:00
Awad Mackie
3a2a43f91d
Hardcode minimum EC key size
2016-08-22 23:44:13 +01:00
Awad Mackie
955d55a6ba
Update EC check to use regexp and match all OpenSSL EC cipher suite variants
2016-08-22 23:33:28 +01:00
Awad Mackie
f5ad5806c3
Allow EC keys to have a smaller bitsize
2016-08-21 13:16:54 +01:00
Adam Crosby
55cdb74ff7
Added fallback to use local json recommendations file if urllib fails to connect (including SNI errors), fixes issue #116
2016-02-29 08:21:04 -05:00
Julien Vehent
9f0226e00b
analyze.py: update example of json input
2016-02-24 10:52:18 -05:00
Julien Vehent
639bc45bf7
analyze.py refactoring to use online recommendations
2016-02-24 10:48:28 -05:00
Emantor
536ff90b86
ECDHE-ECDSA-DES-CBC3-SHA was missing too
...
Fix `ECDHE-ECDSA-DES-CBC3-SHA` as well.
2015-11-19 16:58:49 +01:00
Emantor
e8ba5ab8fe
Update analyze.py
...
Per https://mozilla.github.io/server-side-tls/ssl-config-generator/
The intermediate config supports 'ECDHE-RSA-DES-CBC3-SHA', add it to analyze.py
2015-11-17 09:01:52 +01:00
Julien Vehent
3770389b5c
Merge pull request #68 from kenoh/master
...
Fix: incorrect list + string concatenation (issue #64 )
2015-09-18 09:27:41 -04:00
Hubert Kario
a3e04d3d01
fix analyze.py Python3 compat
...
because subprocess returns `bytes` in Python 3
we need to interpret them to characters, which are needed by json
input and string parsing
fixes #69 , #71
2015-08-23 17:31:04 +02:00
Matúš Honěk
c9529b5977
Fix: incorrect list + string concatenation (issue #64 )
2015-08-14 16:55:54 +02:00
Hubert Kario
86bc8e8574
fix is_fubar key size check
2015-05-30 19:48:56 +02:00
Hubert Kario
a53a91695e
make scripts python 3 compatible
2015-05-30 15:46:26 +02:00
Julien Vehent
3e4b86eedd
Merge pull request #47 from ScriptFanix/master
...
fix silent TypeError on sigalg md5WithRSAEncryption
2015-01-26 11:09:54 -05:00
Julien Vehent
3915164430
Use custom darwin openssl bin in analyze.py
2015-01-18 12:26:59 -05:00
Vincent Riquer
d1a8604a2a
fix silent TypeError on sigalg md5WithRSAEncryption
...
conn['sigalg'] is an array, logging.debug(conn['sigalg']) caused silent failure
2015-01-10 03:51:26 +01:00
Vincent Riquer
b457951f5f
don't expect openssl to be in cwd
2014-12-26 09:49:52 +01:00
Vincent Riquer
0e7996181a
Don't expect scripts to be in working directory
2014-12-24 11:26:24 +01:00
Vincent Riquer
983f85d2d4
--nagios: run as a nagios plugin
2014-12-23 14:51:50 +01:00
Julien Vehent
d11d5e9f36
update old and intermediate ciphersuites
2014-10-18 08:31:53 -04:00
Julien Vehent
a17cfe373e
make 2048 DHE key optional in intermediate level
2014-10-18 08:20:00 -04:00
Julien Vehent
ebf4f8bcc7
fix ECC size in fubar pfs analysis
2014-10-18 07:23:24 -04:00
Julien Vehent
244e9ca9f2
refactor pfs evaluation in separate function
2014-10-17 11:58:19 -04:00
Julien Vehent
ddfaa6722d
display target level compliance in text output
2014-10-17 11:58:05 -04:00
Julien Vehent
551255f8b4
detect fubar dh parameters
2014-10-17 11:20:25 -04:00
Julien Vehent
a4f573195e
update intermediate ciphersuite to accept 3des
2014-10-17 11:10:01 -04:00
Julien Vehent
df0b5d8d3f
fix wrong failure flag
2014-10-17 11:09:42 -04:00
Julien Vehent
a11b594ab4
Fix dhparam size detection in inter and modern levels
2014-10-17 11:09:28 -04:00
Julien Vehent
28c6c2488b
Accept sha384 and sha512 signatures as well as sha256
2014-10-17 11:08:32 -04:00
Julien Vehent
26c7b0e0d7
fix target level verification check
2014-10-11 23:08:35 -04:00
Julien Vehent
a749742ff3
make sha-256 cert an optional requirement to the intermediate level
2014-10-11 23:08:21 -04:00
Julien Vehent
b009c71321
add operator flag to analyze.py
2014-10-11 20:52:18 -04:00
Julien Vehent
cdd34fce03
fix bug in status detection of analyze.py
2014-10-11 20:45:14 -04:00
Julien Vehent
b846ac9d5b
add json output to analyze.py via the -j flag
2014-10-11 19:37:08 -04:00
Julien Vehent
0da92f25b7
verify server side ordering is used in analyze.py
2014-10-11 00:34:07 -04:00
Julien Vehent
1c9d52c94c
First shot at ordering analysis. Not yet perfect, but somewhat useful...
2014-10-10 20:30:27 -04:00
Julien Vehent
a46e474337
add some fubar recommentations
2014-10-10 19:07:31 -04:00
Julien Vehent
f4d0d598c7
analyze.py add option to give path to specific openssl
2014-10-10 18:56:44 -04:00
Julien Vehent
86edd481f6
analyze.py uses provided openssl only on linux 64
2014-10-10 18:00:10 -04:00
Julien Vehent
cc1230efd9
Analysis wording changes
2014-10-09 10:09:44 -04:00
Julien Vehent
5665951b09
minor analysis wording changes
2014-10-09 09:57:40 -04:00