Investigate sslyze usage and output to extract new scan data - Githubissues

cds-snc / pulse

Archived: [Project has been split out into two components, @ https://github.com/cds-snc/tracker and https://github.com/cds-snc/track-web ] Check whether a Government of Canada domain is adhering to best security practices.

Other

6 stars 1 forks source link

Investigate sslyze usage and output to extract new scan data #113

Closed buckley-w-david closed 6 years ago

buckley-w-david commented 6 years ago

Measurements that were not previously being recorded are part of the ITPIN specification, and as such we need to be able to scan for them.

[x] TLS v1.0 and 1.1 support
[x] SHA-256+ certificate
[x] Uses recommended cyphers
[x] ITPIN compliance

buckley-w-david commented 6 years ago

TLS v1.0 and 1.1 support is already being measured and is available in the sslyze results in the "TLSv1.0" and "TLSv1.1" columns

buckley-w-david commented 6 years ago

Cipher usage will require an edit to domain-scan to expose that information from a scan. I will add it and it will be available under the "Accepted Ciphers" column

buckley-w-david commented 6 years ago

Signature Algorithm is already being measured by sslyze, and is available in the "Signature Algorithm" column.

buckley-w-david commented 6 years ago

Locations and methods to get all of the new data has been figured out, that means this part is done 🎉