Browse Source

SHA1 signature is now deprecated

undefined
aeris 2 months ago
parent
commit
3b942a6d87
5 changed files with 13 additions and 12 deletions
  1. +6
    -6
      lib/cryptcheck/ssh/server.rb
  2. +2
    -2
      lib/cryptcheck/tls/grade.rb
  3. +2
    -1
      output/https.erb
  4. +2
    -2
      output/smtp.erb
  5. +1
    -1
      output/xmpp.erb

+ 6
- 6
lib/cryptcheck/ssh/server.rb View File

@@ -13,8 +13,8 @@ module CryptCheck
'ecdh-sha2-nistp384' => nil, # NIST
'ecdh-sha2-nistp256' => nil, # NIST
'diffie-hellman-group-exchange-sha256' => :green, # DLP (PFS)
'diffie-hellman-group-exchange-sha1' => :yellow, # DLP (PFS)
'diffie-hellman-group14-sha1' => :yellow, # 2048 bits < 3072 bits
'diffie-hellman-group-exchange-sha1' => :red, # DLP (PFS)
'diffie-hellman-group14-sha1' => :red, # 2048 bits < 3072 bits
'diffie-hellman-group1-sha1' => :red # 768 bits < 1024 bits
}

@@ -41,10 +41,10 @@ module CryptCheck
'hmac-sha2-256-etm@openssh.com' => :green,
'hmac-sha2-512' => nil,
'hmac-sha2-256' => nil,
'hmac-sha1-etm@openssh.com' => :green,
'hmac-sha1' => nil,
'hmac-sha1-96-etm@openssh.com' => :red, # EXPORT
'hmac-sha1-96' => :red, # EXPORT
'hmac-sha1-etm@openssh.com' => :red, # SHA1
'hmac-sha1' => :red, # SHA1
'hmac-sha1-96-etm@openssh.com' => :red, # EXPORT, SHA1
'hmac-sha1-96' => :red, # EXPORT, SHA1
'hmac-ripemd160-etm@openssh.com' => :green,
'hmac-ripemd160' => nil,
'hmac-md5-etm@openssh.com' => :red, # MD5


+ 2
- 2
lib/cryptcheck/tls/grade.rb View File

@@ -87,12 +87,12 @@ module CryptCheck
ALL_ERROR
end

ALL_DANGER = %i()
ALL_DANGER = %i(sha1_sig)
def all_danger
ALL_DANGER
end

ALL_WARNING = %i(sha1_sig)
ALL_WARNING = %i()
def all_warning
ALL_WARNING
end


+ 2
- 1
output/https.erb View File

@@ -73,6 +73,7 @@
<td class="info">HSTS</td>
</tr>
<% r[1].each do |n|
n = n.first.last
s = n.server
%>
<tr>
@@ -102,7 +103,7 @@
<%= "#{key.size} (#{key.type.to_s.upcase})" %>
<span class="sr-only">(<%= key.size < 2048 ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sha1_sig? ? :warning : :success %>">
<td class="<%= s.sha1_sig? ? :danger : :success %>">
<%= s.sha1_sig? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1_sig? ? '☹' : '☺' %>)</span>
</td>


+ 2
- 2
output/smtp.erb View File

@@ -56,7 +56,7 @@
</tr>
<tr>
<td>Key size (bits)</td>
<td class="warning">SHA1 sig</td>
<td class="danger">SHA1 sig</td>

<td class="critical">SSL v2</td>
<td class="critical">SSL v3</td>
@@ -104,7 +104,7 @@
<%= "#{key.size} (#{key.type.to_s.upcase})" %>
<span class="sr-only">(<%= key.size < 2048 ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sha1_sig? ? :warning : :success %>">
<td class="<%= s.sha1_sig? ? :danger : :success %>">
<%= s.sha1_sig? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1_sig? ? '☹' : '☺' %>)</span>
</td>


+ 1
- 1
output/xmpp.erb View File

@@ -100,7 +100,7 @@
<%= "#{key.size} (#{key.type.to_s.upcase})" %>
<span class="sr-only">(<%= key.size < 2048 ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sha1_sig? ? :warning : :success %>">
<td class="<%= s.sha1_sig? ? :danger : :success %>">
<%= s.sha1_sig? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1_sig? ? '☹' : '☺' %>)</span>
</td>


Loading…
Cancel
Save