Luigi Labigalini
fda447a5a8
README.md typo
2017-11-16 12:02:33 -08:00
Hubert Kario
cb6e027327
Merge pull request #142 from ebabani/master
...
Redirect dependency download output to stderr
2017-11-13 12:12:29 +01:00
Ergin Babani
3ecd5c5895
Redirect dependency download output to stderr
...
If running `analyze.py` for the first time the dependency downloading
output would be part of the json, and the command would fail due to
invalid json data.
2017-11-07 13:18:10 -05:00
Hubert Kario
17dcd0dc05
Merge pull request #138 from sunshuzhou/patch-1
...
Update cipherscan
2017-05-03 14:57:32 +02:00
Sun Shuzhou
2204ec21e9
Update cipherscan
2017-05-03 09:03:32 +08:00
Sun Shuzhou
c23d1ba64a
Update cipherscan
2017-05-02 21:38:03 +08:00
Hubert Kario
e9f3df4e9f
Merge pull request #135 from Jiab77/patch-1
...
Fixed symbolic link creation error and git output supression
2017-01-23 16:16:27 +01:00
Jonathan Barda
0b1d5331d6
Added requested changes
...
I may change `${BASH_SOURCE[0]}` by ` `basename $BASH_SOURCE` ` if you prefer
2017-01-23 16:12:34 +01:00
Jonathan Barda
717b9c0a13
Adapted changes as requested
...
Added some detail when required libraries are not present on the host and needs downloading
2017-01-23 15:27:04 +01:00
Jonathan Barda
5fd2e95c4d
Few fixes
...
Added `&>/dev/null` on git commands to suppress their output
Fixed the symbolic link creation that pointed to non existent path. `ecdsa` folder moved to `src/ecdsa`
2017-01-23 07:36:24 +01:00
Julien Vehent [:ulfr]
757bfefc6d
Merge pull request #134 from tycho/fix-benchmark-output
...
fix -b (benchmark) output
2017-01-13 16:19:56 -05:00
Julien Vehent [:ulfr]
1f2846d54e
Merge pull request #131 from castillar/master
...
Added info about OpenSSL proxy option to cipherscan script.
2017-01-13 16:15:15 -05:00
Julien Vehent [:ulfr]
6d66214fd1
Merge pull request #124 from firesock/master
...
Allow EC keys to have a smaller bitsize
2017-01-13 16:14:33 -05:00
Julien Vehent [:ulfr]
b1d37bf26d
Merge pull request #128 from tomato42/intolerance-tests
...
TLS version (in)tolerance scanner
2017-01-13 16:07:44 -05:00
Steven Noonan
981cf0744e
cipherscan: fix benchmark mode output
...
The microsecond measurement column wasn't being rendered.
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2017-01-01 14:15:23 -08:00
Steven Noonan
532ff712aa
cipherscan: always define a curves_ordering column value
...
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
2017-01-01 14:15:23 -08:00
Jos Purvis
c6934569bd
Update to fix OpenSSL version in info message
2016-12-02 21:07:24 -05:00
Jos Purvis
3fc28b001c
Added info about OpenSSL proxy option to cipherscan script.
2016-12-02 12:29:44 -05:00
Hubert Kario
fb8b4d73bf
interpreting the intolerance data
2016-10-11 22:46:02 +02:00
Hubert Kario
45bb7d0c28
TLS version (in)tolerance scanner
...
Since it is impossible to make openssl command line tool send
TLSv1.3 Client Hello message, add a python based tool to perform
TLS version intolerance scan
2016-10-05 01:00:11 +02:00
Julien Vehent [:ulfr]
e5b747d29b
Merge pull request #125 from tomato42/sort-cas-by-usage
...
sort CA's by count, not name
2016-09-30 15:30:48 -04:00
Julien Vehent [:ulfr]
197881da81
Merge pull request #126 from tomato42/npn
...
Add support for collecting supported NPN protocols
2016-09-17 08:11:03 -04:00
Hubert Kario
6a906a6267
add support for collecting supported NPN protocols
2016-09-16 23:06:34 +02:00
Hubert Kario
0120fff9bc
sort CA's by count, not name
2016-09-06 14:08:06 +02:00
Awad Mackie
bb3e89ec09
Update fubar EC parameter size to 256
2016-08-25 00:40:39 +01:00
Awad Mackie
3a2a43f91d
Hardcode minimum EC key size
2016-08-22 23:44:13 +01:00
Awad Mackie
955d55a6ba
Update EC check to use regexp and match all OpenSSL EC cipher suite variants
2016-08-22 23:33:28 +01:00
Awad Mackie
f5ad5806c3
Allow EC keys to have a smaller bitsize
2016-08-21 13:16:54 +01:00
Julien Vehent
74dd82e8ad
Update OpenSSL binary
2016-08-16 11:28:34 -04:00
Julien Vehent [:ulfr]
8b73962b72
Merge pull request #122 from tomato42/result-parser-update
...
Result parser update
2016-07-23 10:30:52 -04:00
Julien Vehent [:ulfr]
4a6cb350c8
Merge pull request #123 from tomato42/certificate-verification-time
...
changing time of verification for certificate chains
2016-07-23 10:29:11 -04:00
Julien Vehent [:ulfr]
38f5ffba9d
Merge pull request #121 from tomato42/better-ca-handling
...
Better CA certificate handling
2016-07-23 10:27:00 -04:00
Hubert Kario
a5ec045000
changing time of verification for certificate chains
...
allow to run the analysis of certificate chains later after the
data was collected, allows also for re-analysis of archival data
2016-07-20 21:17:37 +02:00
Hubert Kario
7bb272e353
single-out 3DES ciphers
...
3DES is the weakest cipher from the ones that are still officially
standing, so report more detailed statistics about it
2016-07-20 20:51:51 +02:00
Hubert Kario
bbeac6107a
add FF 44 ciphers
...
since FF 44 has a different cipher set than FF 35, especially the
drop of DSS and RC4, it will be useful to have connection
statistics for it
2016-07-20 20:50:26 +02:00
Hubert Kario
7834cd0748
fold some long lines
...
long lines hard to read, make Hulk sad
2016-07-20 20:45:15 +02:00
Hubert Kario
94efc235d0
use more robust trust path building by default
...
use the -trusted_first flag to openssl, so that it tries alternative
trust paths to verify validity of server presented certificate
2016-07-20 20:43:47 +02:00
Hubert Kario
f9f3407bb4
scripts to create CApath directories with roots or intermediaries
...
In case the user has a set of certificates *and* intermediaries,
it is necessary to prime both the `ca_trusted` directory and the
`ca_files` directories with respectively all root CA's and
all CA's (root or intermediate)
2016-07-20 20:40:35 +02:00
Julien Vehent [:ulfr]
189695c0b1
Merge pull request #120 from tomato42/top1m-info
...
add README for the top1m folder
2016-07-20 14:30:22 -04:00
Hubert Kario
e9808a1bcb
report errors in cert file searching
...
since the certificates are separate from results file, they can get
missing (or an incorrect set can be used)
provide a clear message about what file is missing
2016-07-20 20:21:28 +02:00
Hubert Kario
985e26c71a
add README for the top1m folder
...
since the top-1m.csv.zip is not static, tell the users where it
can be found
also add a generic explanation about files in the folder
2016-07-20 20:16:39 +02:00
Julien Vehent [:ulfr]
5d930c2d32
Merge pull request #117 from adamcrosby/master
...
Fallback to local JSON if urllib fails to retrieve updated list
2016-02-29 08:58:05 -05:00
Adam Crosby
34f92a6838
Added adamcrobsy to contributors list
2016-02-29 08:23:14 -05:00
Adam Crosby
55cdb74ff7
Added fallback to use local json recommendations file if urllib fails to connect (including SNI errors), fixes issue #116
2016-02-29 08:21:04 -05:00
Julien Vehent
9f0226e00b
analyze.py: update example of json input
2016-02-24 10:52:18 -05:00
Julien Vehent
639bc45bf7
analyze.py refactoring to use online recommendations
2016-02-24 10:48:28 -05:00
Julien Vehent
18b0d1b952
Update linux openssl binary
2015-12-17 15:06:10 -05:00
Julien Vehent
6d2b850679
Merge pull request #105 from Emantor/intermediate-fix
...
Update analyze.py
2015-11-19 13:16:32 -05:00
Emantor
536ff90b86
ECDHE-ECDSA-DES-CBC3-SHA was missing too
...
Fix `ECDHE-ECDSA-DES-CBC3-SHA` as well.
2015-11-19 16:58:49 +01:00
Julien Vehent
a9cfcc8376
Merge pull request #107 from tomato42/ecdsa-certs
...
properly detect ECDSA certs for size compare
2015-11-19 08:54:43 -05:00