Julien Vehent
e79ce277f7
Add TLS1.3 support
2018-12-12 06:16:15 -05:00
Julien Vehent [:ulfr]
b0548dff8e
Merge pull request #149 from tomato42/bash-env-fix
...
make shell scripts respect PATH
2018-05-19 19:56:27 -04:00
Julien Vehent [:ulfr]
a614389861
Merge pull request #156 from tomato42/spaces-in-path
...
support spaces in openssl path
2018-05-19 19:55:57 -04:00
Julien Vehent [:ulfr]
1df1377f6c
Merge pull request #157 from mozilla/jvehent-patch-1
...
Create .travis.yml
2018-05-19 19:55:31 -04:00
Julien Vehent [:ulfr]
9681b2f615
Create .travis.yml
2018-05-19 19:54:18 -04:00
Hubert Kario
4890e26910
support spaces in openssl path
...
fixes #78
2018-05-19 20:25:43 +02:00
Hubert Kario
31761fa7b2
make shell scripts respect PATH
...
use the bash from PATH, not from /bin
fixes #141
2018-05-13 19:33:05 +02:00
Hubert Kario
528e94d613
Merge pull request #143 from luigiJsonar/patch-1
...
README.md typo
2017-11-21 01:33:44 +01:00
Luigi Labigalini
fda447a5a8
README.md typo
2017-11-16 12:02:33 -08:00
Hubert Kario
cb6e027327
Merge pull request #142 from ebabani/master
...
Redirect dependency download output to stderr
2017-11-13 12:12:29 +01:00
Ergin Babani
3ecd5c5895
Redirect dependency download output to stderr
...
If running `analyze.py` for the first time the dependency downloading
output would be part of the json, and the command would fail due to
invalid json data.
2017-11-07 13:18:10 -05:00
Hubert Kario
17dcd0dc05
Merge pull request #138 from sunshuzhou/patch-1
...
Update cipherscan
2017-05-03 14:57:32 +02:00
Sun Shuzhou
2204ec21e9
Update cipherscan
2017-05-03 09:03:32 +08:00
Sun Shuzhou
c23d1ba64a
Update cipherscan
2017-05-02 21:38:03 +08:00
Hubert Kario
e9f3df4e9f
Merge pull request #135 from Jiab77/patch-1
...
Fixed symbolic link creation error and git output supression
2017-01-23 16:16:27 +01:00
Jonathan Barda
0b1d5331d6
Added requested changes
...
I may change `${BASH_SOURCE[0]}` by ` `basename $BASH_SOURCE` ` if you prefer
2017-01-23 16:12:34 +01:00
Jonathan Barda
717b9c0a13
Adapted changes as requested
...
Added some detail when required libraries are not present on the host and needs downloading
2017-01-23 15:27:04 +01:00
Jonathan Barda
5fd2e95c4d
Few fixes
...
Added `&>/dev/null` on git commands to suppress their output
Fixed the symbolic link creation that pointed to non existent path. `ecdsa` folder moved to `src/ecdsa`
2017-01-23 07:36:24 +01:00
Julien Vehent [:ulfr]
757bfefc6d
Merge pull request #134 from tycho/fix-benchmark-output
...
fix -b (benchmark) output
2017-01-13 16:19:56 -05:00
Julien Vehent [:ulfr]
1f2846d54e
Merge pull request #131 from castillar/master
...
Added info about OpenSSL proxy option to cipherscan script.
2017-01-13 16:15:15 -05:00
Julien Vehent [:ulfr]
6d66214fd1
Merge pull request #124 from firesock/master
...
Allow EC keys to have a smaller bitsize
2017-01-13 16:14:33 -05:00
Julien Vehent [:ulfr]
b1d37bf26d
Merge pull request #128 from tomato42/intolerance-tests
...
TLS version (in)tolerance scanner
2017-01-13 16:07:44 -05:00
Steven Noonan
981cf0744e
cipherscan: fix benchmark mode output
...
The microsecond measurement column wasn't being rendered.
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2017-01-01 14:15:23 -08:00
Steven Noonan
532ff712aa
cipherscan: always define a curves_ordering column value
...
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2017-01-01 14:15:23 -08:00
Jos Purvis
c6934569bd
Update to fix OpenSSL version in info message
2016-12-02 21:07:24 -05:00
Jos Purvis
3fc28b001c
Added info about OpenSSL proxy option to cipherscan script.
2016-12-02 12:29:44 -05:00
Hubert Kario
fb8b4d73bf
interpreting the intolerance data
2016-10-11 22:46:02 +02:00
Hubert Kario
45bb7d0c28
TLS version (in)tolerance scanner
...
Since it is impossible to make openssl command line tool send
TLSv1.3 Client Hello message, add a python based tool to perform
TLS version intolerance scan
2016-10-05 01:00:11 +02:00
Julien Vehent [:ulfr]
e5b747d29b
Merge pull request #125 from tomato42/sort-cas-by-usage
...
sort CA's by count, not name
2016-09-30 15:30:48 -04:00
Julien Vehent [:ulfr]
197881da81
Merge pull request #126 from tomato42/npn
...
Add support for collecting supported NPN protocols
2016-09-17 08:11:03 -04:00
Hubert Kario
6a906a6267
add support for collecting supported NPN protocols
2016-09-16 23:06:34 +02:00
Hubert Kario
0120fff9bc
sort CA's by count, not name
2016-09-06 14:08:06 +02:00
Awad Mackie
bb3e89ec09
Update fubar EC parameter size to 256
2016-08-25 00:40:39 +01:00
Awad Mackie
3a2a43f91d
Hardcode minimum EC key size
2016-08-22 23:44:13 +01:00
Awad Mackie
955d55a6ba
Update EC check to use regexp and match all OpenSSL EC cipher suite variants
2016-08-22 23:33:28 +01:00
Awad Mackie
f5ad5806c3
Allow EC keys to have a smaller bitsize
2016-08-21 13:16:54 +01:00
Julien Vehent
74dd82e8ad
Update OpenSSL binary
2016-08-16 11:28:34 -04:00
Julien Vehent [:ulfr]
8b73962b72
Merge pull request #122 from tomato42/result-parser-update
...
Result parser update
2016-07-23 10:30:52 -04:00
Julien Vehent [:ulfr]
4a6cb350c8
Merge pull request #123 from tomato42/certificate-verification-time
...
changing time of verification for certificate chains
2016-07-23 10:29:11 -04:00
Julien Vehent [:ulfr]
38f5ffba9d
Merge pull request #121 from tomato42/better-ca-handling
...
Better CA certificate handling
2016-07-23 10:27:00 -04:00
Hubert Kario
a5ec045000
changing time of verification for certificate chains
...
allow to run the analysis of certificate chains later after the
data was collected, allows also for re-analysis of archival data
2016-07-20 21:17:37 +02:00
Hubert Kario
7bb272e353
single-out 3DES ciphers
...
3DES is the weakest cipher from the ones that are still officially
standing, so report more detailed statistics about it
2016-07-20 20:51:51 +02:00
Hubert Kario
bbeac6107a
add FF 44 ciphers
...
since FF 44 has a different cipher set than FF 35, especially the
drop of DSS and RC4, it will be useful to have connection
statistics for it
2016-07-20 20:50:26 +02:00
Hubert Kario
7834cd0748
fold some long lines
...
long lines hard to read, make Hulk sad
2016-07-20 20:45:15 +02:00
Hubert Kario
94efc235d0
use more robust trust path building by default
...
use the -trusted_first flag to openssl, so that it tries alternative
trust paths to verify validity of server presented certificate
2016-07-20 20:43:47 +02:00
Hubert Kario
f9f3407bb4
scripts to create CApath directories with roots or intermediaries
...
In case the user has a set of certificates *and* intermediaries,
it is necessary to prime both the `ca_trusted` directory and the
`ca_files` directories with respectively all root CA's and
all CA's (root or intermediate)
2016-07-20 20:40:35 +02:00
Julien Vehent [:ulfr]
189695c0b1
Merge pull request #120 from tomato42/top1m-info
...
add README for the top1m folder
2016-07-20 14:30:22 -04:00
Hubert Kario
e9808a1bcb
report errors in cert file searching
...
since the certificates are separate from results file, they can get
missing (or an incorrect set can be used)
provide a clear message about what file is missing
2016-07-20 20:21:28 +02:00
Hubert Kario
985e26c71a
add README for the top1m folder
...
since the top-1m.csv.zip is not static, tell the users where it
can be found
also add a generic explanation about files in the folder
2016-07-20 20:16:39 +02:00
Julien Vehent [:ulfr]
5d930c2d32
Merge pull request #117 from adamcrosby/master
...
Fallback to local JSON if urllib fails to retrieve updated list
2016-02-29 08:58:05 -05:00