cipherscan

mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-05 07:23:42 +01:00

Author	SHA1	Message	Date
Julien Vehent	ebc6939299	Merge pull request #29 from tomato42/client-handshake-simulation Client handshake simulation	2014-10-29 19:22:52 -04:00
Julien Vehent	334c3118e2	Merge pull request #30 from tomato42/timeouts Fix delay option	2014-10-29 17:34:18 -04:00
Hubert Kario	11ce6187de	small fixes for delay firstly, test_cipher_on_target() will try at least 4 connections before incurring the sleep, for aggressive rate limiter on server side it may be too much, so sleep before every connection secondly, because running external commands like sleep incurs a fork penalty, we first check if it is necessary	2014-10-28 16:44:43 +01:00
Hubert Kario	71ba3c88b0	increase timeout when some servers notice a scan (because of frequent connections) they delay further connections, increase the timeout to properly scan them	2014-10-28 13:17:20 +01:00
Hubert Kario	29c739faa9	count EDH-DES as PFS too in general stats	2014-10-25 16:23:41 +02:00
Hubert Kario	af2e25ec89	fix EDH checking old ciphers have names that use EDH instead of DHE so we need check for both names	2014-10-25 16:11:18 +02:00
Julien Vehent	d11d5e9f36	update old and intermediate ciphersuites	2014-10-18 08:31:53 -04:00
Julien Vehent	a17cfe373e	make 2048 DHE key optional in intermediate level	2014-10-18 08:20:00 -04:00
Julien Vehent	ebf4f8bcc7	fix ECC size in fubar pfs analysis	2014-10-18 07:23:24 -04:00
Julien Vehent	244e9ca9f2	refactor pfs evaluation in separate function	2014-10-17 11:58:19 -04:00
Julien Vehent	ddfaa6722d	display target level compliance in text output	2014-10-17 11:58:05 -04:00
Julien Vehent	551255f8b4	detect fubar dh parameters	2014-10-17 11:20:25 -04:00
Julien Vehent	a4f573195e	update intermediate ciphersuite to accept 3des	2014-10-17 11:10:01 -04:00
Julien Vehent	df0b5d8d3f	fix wrong failure flag	2014-10-17 11:09:42 -04:00
Julien Vehent	a11b594ab4	Fix dhparam size detection in inter and modern levels	2014-10-17 11:09:28 -04:00
Julien Vehent	28c6c2488b	Accept sha384 and sha512 signatures as well as sha256	2014-10-17 11:08:32 -04:00
Julien Vehent	5b32afaa1f	Add target to text output	2014-10-17 10:48:59 -04:00
Hubert Kario	76d791fcbe	make cipher selection simulation generic it's relatively easy to make the cipher selection generic, so that adding different clients is as easy as converting their client hello cipher ordering to openssl cipher names	2014-10-12 20:39:39 +02:00
Hubert Kario	c82bc44558	report cipher ordering in scanning stats, use it to simulate handshakes since now we know if server honours client order or not, we can use it to properly simulate handshakes for a given client, also report the general stats of this server configuration variable	2014-10-12 20:39:39 +02:00
Hubert Kario	42fa7d9ecb	report what ciphers Firefox would select while connecting to server	2014-10-12 20:39:39 +02:00
Hubert Kario	1b4dcc4393	report ciphers causing incompatibility for Firefox It turns out that the situation is even more bleak for Firefox with regards to RC4, add it to report	2014-10-12 20:39:39 +02:00
Hubert Kario	142726c4fd	count ECDH-RSA ciphers as ECDSA the ECDH parameters come from server certificate - the point on elliptic curve. The RSA comes from the signature on the certificate which comes from CA	2014-10-12 20:39:39 +02:00
Julien Vehent	26c7b0e0d7	fix target level verification check	2014-10-11 23:08:35 -04:00
Julien Vehent	a749742ff3	make sha-256 cert an optional requirement to the intermediate level	2014-10-11 23:08:21 -04:00
Julien Vehent	b009c71321	add operator flag to analyze.py	2014-10-11 20:52:18 -04:00
Julien Vehent	cdd34fce03	fix bug in status detection of analyze.py	2014-10-11 20:45:14 -04:00
Julien Vehent	b846ac9d5b	add json output to analyze.py via the -j flag	2014-10-11 19:37:08 -04:00
Julien Vehent	0da92f25b7	verify server side ordering is used in analyze.py	2014-10-11 00:34:07 -04:00
Julien Vehent	1c9d52c94c	First shot at ordering analysis. Not yet perfect, but somewhat useful...	2014-10-10 20:30:27 -04:00
Julien Vehent	a46e474337	add some fubar recommentations	2014-10-10 19:07:31 -04:00
Julien Vehent	f4d0d598c7	analyze.py add option to give path to specific openssl	2014-10-10 18:56:44 -04:00
Julien Vehent	37f04054f8	fix json date to use UTC	2014-10-10 18:16:22 -04:00
Julien Vehent	86edd481f6	analyze.py uses provided openssl only on linux 64	2014-10-10 18:00:10 -04:00
Julien Vehent	81ef37c593	gitignore update	2014-10-10 17:31:44 -04:00
Julien Vehent	b80b5cdd35	hide errors when json format is used	2014-10-10 17:27:58 -04:00
Julien Vehent	278dab4800	Fix json date argument to be compatible on macos	2014-10-10 17:27:29 -04:00
Julien Vehent	f6f4fe8b86	Find timeout binary on linux and mac	2014-10-10 17:19:44 -04:00
Julien Vehent	c7c91ff5f8	updated authors	2014-10-10 16:56:06 -04:00
Julien Vehent	d5685da796	check that provided openssl is executable, fall back to system one if not	2014-10-10 16:56:00 -04:00
Julien Vehent	26aa8f9408	cleanups	2014-10-10 16:55:34 -04:00
Julien Vehent	7d2c8b4cad	Use local ca bundle if none is found on the system, fixes issues with MacOS	2014-10-10 16:55:09 -04:00
Julien Vehent	cc1230efd9	Analysis wording changes	2014-10-09 10:09:44 -04:00
Julien Vehent	a722ad177d	updated README with analysis info	2014-10-09 10:03:19 -04:00
Julien Vehent	5665951b09	minor analysis wording changes	2014-10-09 09:57:40 -04:00
Julien Vehent	215dbd0c1a	ignore openssl errors in analyze.py	2014-10-09 09:54:30 -04:00
Julien Vehent	e9110c6bc8	gitignore	2014-10-09 09:36:08 -04:00
Julien Vehent	405b104583	improved configuration analysis	2014-10-09 09:35:59 -04:00
Julien Vehent	2858ef8116	Revert "no need to grep the input when we're using awk" This reverts commit `4c05897be2`.	2014-10-08 21:53:22 -04:00
Julien Vehent	34b2eb7819	First shot at cipherscan results analyzer	2014-10-08 21:53:05 -04:00
Hubert Kario	ca0ef2fc5c	fixes for the pull request #18 there were few small issues with the pull #18 even though jvehent merged it, this fixes them	2014-10-06 13:26:53 -04:00

1 2 3 4

163 Commits