2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-05 07:23:42 +01:00
Commit Graph

51 Commits

Author SHA1 Message Date
Paul Spangler
0c6f41ddc6
analyze.py: Fix intermediate configuration detection
Use the openssl_ciphers key instead of openssl_ciphersuites
since we compare against ciphers being used. Remove hardcoded
assumptions about TLS 1.1 and AES being required. Use the
server_preferred_order key instead of assuming server order
for ciphers.
2019-10-29 10:17:58 -05:00
David Chandek-Stark
ea341f0aec Fixes #180 2019-07-08 15:32:35 -04:00
Hubert Kario
3186212159 de-engrishify error message 2018-12-12 16:08:54 +01:00
Julien Vehent [:ulfr]
dced87353e
Merge pull request #161 from tomato42/phrasing-in-analyze.py
tweak phrasing for analyze.py report
2018-12-12 07:26:27 -05:00
Adam Garcia
acfae638a3 Changes analyze.py to be compatible with python3 2018-08-28 14:18:52 -07:00
Hubert Kario
981ac390d6 tweak phrasing for analyze.py report
for intermediate and modern, we expect the server to support exact
set of curves, reflect that in the error message
2018-05-20 14:31:09 +02:00
Awad Mackie
bb3e89ec09 Update fubar EC parameter size to 256 2016-08-25 00:40:39 +01:00
Awad Mackie
3a2a43f91d Hardcode minimum EC key size 2016-08-22 23:44:13 +01:00
Awad Mackie
955d55a6ba Update EC check to use regexp and match all OpenSSL EC cipher suite variants 2016-08-22 23:33:28 +01:00
Awad Mackie
f5ad5806c3 Allow EC keys to have a smaller bitsize 2016-08-21 13:16:54 +01:00
Adam Crosby
55cdb74ff7 Added fallback to use local json recommendations file if urllib fails to connect (including SNI errors), fixes issue #116 2016-02-29 08:21:04 -05:00
Julien Vehent
9f0226e00b analyze.py: update example of json input 2016-02-24 10:52:18 -05:00
Julien Vehent
639bc45bf7 analyze.py refactoring to use online recommendations 2016-02-24 10:48:28 -05:00
Emantor
536ff90b86 ECDHE-ECDSA-DES-CBC3-SHA was missing too
Fix `ECDHE-ECDSA-DES-CBC3-SHA` as well.
2015-11-19 16:58:49 +01:00
Emantor
e8ba5ab8fe Update analyze.py
Per https://mozilla.github.io/server-side-tls/ssl-config-generator/
The intermediate config supports 'ECDHE-RSA-DES-CBC3-SHA', add it to analyze.py
2015-11-17 09:01:52 +01:00
Julien Vehent
3770389b5c Merge pull request #68 from kenoh/master
Fix: incorrect list + string concatenation (issue #64)
2015-09-18 09:27:41 -04:00
Hubert Kario
a3e04d3d01 fix analyze.py Python3 compat
because subprocess returns `bytes` in Python 3
we need to interpret them to characters, which are needed by json
input and string parsing

fixes #69, #71
2015-08-23 17:31:04 +02:00
Matúš Honěk
c9529b5977 Fix: incorrect list + string concatenation (issue #64) 2015-08-14 16:55:54 +02:00
Hubert Kario
86bc8e8574 fix is_fubar key size check 2015-05-30 19:48:56 +02:00
Hubert Kario
a53a91695e make scripts python 3 compatible 2015-05-30 15:46:26 +02:00
Julien Vehent
3e4b86eedd Merge pull request #47 from ScriptFanix/master
fix silent TypeError on sigalg md5WithRSAEncryption
2015-01-26 11:09:54 -05:00
Julien Vehent
3915164430 Use custom darwin openssl bin in analyze.py 2015-01-18 12:26:59 -05:00
Vincent Riquer
d1a8604a2a fix silent TypeError on sigalg md5WithRSAEncryption
conn['sigalg'] is an array, logging.debug(conn['sigalg']) caused silent failure
2015-01-10 03:51:26 +01:00
Vincent Riquer
b457951f5f don't expect openssl to be in cwd 2014-12-26 09:49:52 +01:00
Vincent Riquer
0e7996181a Don't expect scripts to be in working directory 2014-12-24 11:26:24 +01:00
Vincent Riquer
983f85d2d4 --nagios: run as a nagios plugin 2014-12-23 14:51:50 +01:00
Julien Vehent
d11d5e9f36 update old and intermediate ciphersuites 2014-10-18 08:31:53 -04:00
Julien Vehent
a17cfe373e make 2048 DHE key optional in intermediate level 2014-10-18 08:20:00 -04:00
Julien Vehent
ebf4f8bcc7 fix ECC size in fubar pfs analysis 2014-10-18 07:23:24 -04:00
Julien Vehent
244e9ca9f2 refactor pfs evaluation in separate function 2014-10-17 11:58:19 -04:00
Julien Vehent
ddfaa6722d display target level compliance in text output 2014-10-17 11:58:05 -04:00
Julien Vehent
551255f8b4 detect fubar dh parameters 2014-10-17 11:20:25 -04:00
Julien Vehent
a4f573195e update intermediate ciphersuite to accept 3des 2014-10-17 11:10:01 -04:00
Julien Vehent
df0b5d8d3f fix wrong failure flag 2014-10-17 11:09:42 -04:00
Julien Vehent
a11b594ab4 Fix dhparam size detection in inter and modern levels 2014-10-17 11:09:28 -04:00
Julien Vehent
28c6c2488b Accept sha384 and sha512 signatures as well as sha256 2014-10-17 11:08:32 -04:00
Julien Vehent
26c7b0e0d7 fix target level verification check 2014-10-11 23:08:35 -04:00
Julien Vehent
a749742ff3 make sha-256 cert an optional requirement to the intermediate level 2014-10-11 23:08:21 -04:00
Julien Vehent
b009c71321 add operator flag to analyze.py 2014-10-11 20:52:18 -04:00
Julien Vehent
cdd34fce03 fix bug in status detection of analyze.py 2014-10-11 20:45:14 -04:00
Julien Vehent
b846ac9d5b add json output to analyze.py via the -j flag 2014-10-11 19:37:08 -04:00
Julien Vehent
0da92f25b7 verify server side ordering is used in analyze.py 2014-10-11 00:34:07 -04:00
Julien Vehent
1c9d52c94c First shot at ordering analysis. Not yet perfect, but somewhat useful... 2014-10-10 20:30:27 -04:00
Julien Vehent
a46e474337 add some fubar recommentations 2014-10-10 19:07:31 -04:00
Julien Vehent
f4d0d598c7 analyze.py add option to give path to specific openssl 2014-10-10 18:56:44 -04:00
Julien Vehent
86edd481f6 analyze.py uses provided openssl only on linux 64 2014-10-10 18:00:10 -04:00
Julien Vehent
cc1230efd9 Analysis wording changes 2014-10-09 10:09:44 -04:00
Julien Vehent
5665951b09 minor analysis wording changes 2014-10-09 09:57:40 -04:00
Julien Vehent
215dbd0c1a ignore openssl errors in analyze.py 2014-10-09 09:54:30 -04:00
Julien Vehent
405b104583 improved configuration analysis 2014-10-09 09:35:59 -04:00