make script work again
[tls-check.git] / tls-check
index bb2fc63..0445084 100755 (executable)
--- a/tls-check
+++ b/tls-check
@@ -93,26 +93,18 @@ def test_host(host, port, wait_time=0, options=[]):
 # cipher classification
 class CipherStrength(Enum):
     unknown = -1
-    exp = 0
-    low = 1
-    medium = 2
     high = 3
     
     def colorName(self):
-        if self == CipherStrength.unknown:
-            return self.name
-        elif self.value == CipherStrength.high.value:
+        if self.value == CipherStrength.high.value:
             return ConsoleFormat.color(self.name, ConsoleFormat.GREEN)
-        elif self.value == CipherStrength.medium.value:
-            return ConsoleFormat.color(self.name, ConsoleFormat.YELLOW)
         else:
-            return ConsoleFormat.color(self.name, ConsoleFormat.RED)
+            return ConsoleFormat.color(self.name, ConsoleFormat.YELLOW)
 
 CipherProps = namedtuple('CipherProps', 'bits, strength, isPfs')
 
 class CipherPropsProvider:
     def __init__(self):
-        self.medium = set(list_ciphers("MEDIUM"))
         self.high = set(list_ciphers("HIGH"))
         self.props = {}
     
@@ -123,8 +115,14 @@ class CipherPropsProvider:
             protocol = protocol[:pos]
         # as OpenSSL about this cipher
         cipherInfo = subprocess.check_output(["openssl", "ciphers", "-v", "-"+protocol, cipher]).decode('UTF-8').strip()
-        assert '\n' not in cipherInfo, "Cipher "+cipher+" produced unexpected output:\n"+cipherInfo
-        cipherInfoFields = cipherInfo.split()
+        cipherInfoFields = None
+        for line in cipherInfo.split('\n'):
+            line = line.split()
+            if line[0] == cipher:
+                cipherInfoFields = line
+                break
+        if cipherInfoFields is None:
+            raise Exception("Cannot determine cipher properties of {0} (protocol: {1})".format(cipher, protocol))
         # get # of bits
         encMatch = re.match(r'^Enc=([0-9A-Za-z]+)\(([0-9]+)\)$', cipherInfoFields[4])
         if encMatch is None:
@@ -141,12 +139,7 @@ class CipherPropsProvider:
         kx = kxMatch.group(1)
         isPfs = kx in ('DH', 'DH(512)', 'ECDH')
         # determine security level
-        isMedium = cipher in self.medium
-        isHigh = cipher in self.high
-        assert isMedium+isHigh <= 1, "Cipher "+cipher+" is more than one from EXP, LOW, MEDIUM, HIGH"
-        if isMedium:
-            strength = CipherStrength.medium
-        elif isHigh:
+        if cipher in self.high:
             strength = CipherStrength.high
         else:
             strength = CipherStrength.unknown