cipherscan

mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 06:13:42 +01:00

Author	SHA1	Message	Date
Jos Purvis	c6934569bd	Update to fix OpenSSL version in info message	2016-12-02 21:07:24 -05:00
Jos Purvis	3fc28b001c	Added info about OpenSSL proxy option to cipherscan script.	2016-12-02 12:29:44 -05:00
Julien Vehent [:ulfr]	e5b747d29b	Merge pull request #125 from tomato42/sort-cas-by-usage sort CA's by count, not name	2016-09-30 15:30:48 -04:00
Julien Vehent [:ulfr]	197881da81	Merge pull request #126 from tomato42/npn Add support for collecting supported NPN protocols	2016-09-17 08:11:03 -04:00
Hubert Kario	6a906a6267	add support for collecting supported NPN protocols	2016-09-16 23:06:34 +02:00
Hubert Kario	0120fff9bc	sort CA's by count, not name	2016-09-06 14:08:06 +02:00
Julien Vehent	74dd82e8ad	Update OpenSSL binary	2016-08-16 11:28:34 -04:00
Julien Vehent [:ulfr]	8b73962b72	Merge pull request #122 from tomato42/result-parser-update Result parser update	2016-07-23 10:30:52 -04:00
Julien Vehent [:ulfr]	4a6cb350c8	Merge pull request #123 from tomato42/certificate-verification-time changing time of verification for certificate chains	2016-07-23 10:29:11 -04:00
Julien Vehent [:ulfr]	38f5ffba9d	Merge pull request #121 from tomato42/better-ca-handling Better CA certificate handling	2016-07-23 10:27:00 -04:00
Hubert Kario	a5ec045000	changing time of verification for certificate chains allow to run the analysis of certificate chains later after the data was collected, allows also for re-analysis of archival data	2016-07-20 21:17:37 +02:00
Hubert Kario	7bb272e353	single-out 3DES ciphers 3DES is the weakest cipher from the ones that are still officially standing, so report more detailed statistics about it	2016-07-20 20:51:51 +02:00
Hubert Kario	bbeac6107a	add FF 44 ciphers since FF 44 has a different cipher set than FF 35, especially the drop of DSS and RC4, it will be useful to have connection statistics for it	2016-07-20 20:50:26 +02:00
Hubert Kario	7834cd0748	fold some long lines long lines hard to read, make Hulk sad	2016-07-20 20:45:15 +02:00
Hubert Kario	94efc235d0	use more robust trust path building by default use the -trusted_first flag to openssl, so that it tries alternative trust paths to verify validity of server presented certificate	2016-07-20 20:43:47 +02:00
Hubert Kario	f9f3407bb4	scripts to create CApath directories with roots or intermediaries In case the user has a set of certificates and intermediaries, it is necessary to prime both the `ca_trusted` directory and the `ca_files` directories with respectively all root CA's and all CA's (root or intermediate)	2016-07-20 20:40:35 +02:00
Julien Vehent [:ulfr]	189695c0b1	Merge pull request #120 from tomato42/top1m-info add README for the top1m folder	2016-07-20 14:30:22 -04:00
Hubert Kario	e9808a1bcb	report errors in cert file searching since the certificates are separate from results file, they can get missing (or an incorrect set can be used) provide a clear message about what file is missing	2016-07-20 20:21:28 +02:00
Hubert Kario	985e26c71a	add README for the top1m folder since the top-1m.csv.zip is not static, tell the users where it can be found also add a generic explanation about files in the folder	2016-07-20 20:16:39 +02:00
Julien Vehent [:ulfr]	5d930c2d32	Merge pull request #117 from adamcrosby/master Fallback to local JSON if urllib fails to retrieve updated list	2016-02-29 08:58:05 -05:00
Adam Crosby	34f92a6838	Added adamcrobsy to contributors list	2016-02-29 08:23:14 -05:00
Adam Crosby	55cdb74ff7	Added fallback to use local json recommendations file if urllib fails to connect (including SNI errors), fixes issue #116	2016-02-29 08:21:04 -05:00
Julien Vehent	9f0226e00b	analyze.py: update example of json input	2016-02-24 10:52:18 -05:00
Julien Vehent	639bc45bf7	analyze.py refactoring to use online recommendations	2016-02-24 10:48:28 -05:00
Julien Vehent	18b0d1b952	Update linux openssl binary	2015-12-17 15:06:10 -05:00
Julien Vehent	6d2b850679	Merge pull request #105 from Emantor/intermediate-fix Update analyze.py	2015-11-19 13:16:32 -05:00
Emantor	536ff90b86	ECDHE-ECDSA-DES-CBC3-SHA was missing too Fix `ECDHE-ECDSA-DES-CBC3-SHA` as well.	2015-11-19 16:58:49 +01:00
Julien Vehent	a9cfcc8376	Merge pull request #107 from tomato42/ecdsa-certs properly detect ECDSA certs for size compare	2015-11-19 08:54:43 -05:00
Hubert Kario	4d77c87494	properly detect ECDSA certs for keysize compare since ECDSA certificates during the transition are likely to be signed using RSA keys, we need to check the cipher rather than the signature in the certificate to tell if the cert is ECDSA and as such can have small key sizes	2015-11-17 15:31:46 +01:00
Emantor	e8ba5ab8fe	Update analyze.py Per https://mozilla.github.io/server-side-tls/ssl-config-generator/ The intermediate config supports 'ECDHE-RSA-DES-CBC3-SHA', add it to analyze.py	2015-11-17 09:01:52 +01:00
Julien Vehent	1e65be5fd5	Added copy of the MPL	2015-10-18 08:45:20 -04:00
Julien Vehent	b03320887f	Merge pull request #100 from tomato42/compress-and-renego-info Add testing for renegotiation and compression	2015-10-17 09:10:08 -04:00
Julien Vehent	34d6ca62bd	Merge pull request #104 from injcristianrojas/master Untrusted certificate alert should be red	2015-09-23 15:16:23 -04:00
Cristián Rojas	f717a556e5	Untrusted certificate alert should be red	2015-09-23 15:59:24 -03:00
Julien Vehent	29bdf5fdcb	Merge pull request #103 from PeterMosmans/msys Fallback to default openssl when supplied openssl can't be executed	2015-09-22 12:53:17 -04:00
Peter Mosmans	c00474805d	Fallback to default openssl when supplied openssl can't be executed	2015-09-22 19:25:27 +10:00
Julien Vehent	5a10991008	Merge pull request #102 from floatingatoll/negative-nope workaround bash 4.2- not having unset A[-1] support	2015-09-21 16:05:26 -04:00
Richard Soderberg	c9412e395d	workaround bash 4.2- not having unset A[-1] support	2015-09-21 12:51:18 -07:00
Hubert Kario	aa093bc86d	add openssl options to help message add examples of useful openssl options	2015-09-21 16:51:16 +02:00
Hubert Kario	99a0b6be07	collect stats about compression and renegotiation since no support for compression and support for renegotiation are necessary for the server to have a secure configuration, collect and report those two too	2015-09-21 16:44:45 +02:00
Julien Vehent	73b21d3977	Merge pull request #99 from tomato42/tolerance-report fix printing of test data for intolerant servers	2015-09-21 10:33:10 -04:00
Hubert Kario	dbce87cb1a	fix printing of test data for intolerant servers tls_tolerance is an array, so we need to use array syntax... since if the server is tls version intolerant we will be printing a lot of info, space it out from the certificate-related summary ephemeral sigalgs are also printing a lot of information, so space them from the TLS Tolerance test results	2015-09-21 16:18:37 +02:00
Julien Vehent	0011abcec7	readme update	2015-09-21 09:38:34 -04:00
Julien Vehent	4916e89087	remove unneeded echo	2015-09-21 09:31:03 -04:00
Julien Vehent	ce91e221d1	Merge pull request #98 from tomato42/custom-openssl-fixes fix custom openssl with GOST config incompatibility	2015-09-21 09:29:51 -04:00
Julien Vehent	035d8c0a19	Merge pull request #97 from tomato42/uri-handling handle hostnames that are URIs	2015-09-21 09:29:03 -04:00
Julien Vehent	50ef7960f7	Merge pull request #96 from tomato42/ecdsa-keys fix coloring of cert key sizes	2015-09-21 09:25:16 -04:00
Julien Vehent	4620627454	Merge pull request #65 from tomato42/tls12-kex Tests for TLS1.2 PFS key exchanges	2015-09-21 09:23:18 -04:00
Hubert Kario	2ba7dc6dbf	fix custom openssl with GOST config incompatibility fixes two issues 1). -help message is used from the openssl set with the -o option 2). doesn't use GOST config unconditionally - verifies that it works first based partially off of Greg Owen <gowen@swynwyr.com> work in #67 fixes #86	2015-09-19 20:02:15 +02:00
Hubert Kario	9cea1cdc67	handle hostnames that are URIs fixes #83	2015-09-19 19:43:27 +02:00

1 2 3 4 5 ...

376 Commits