search

hcrudolph / ciphersuite.info

A searchable directory of TLS ciphersuites and related security details.
https://ciphersuite.info
MIT License
82 stars 14 forks source link

Some data returned by API is incorrect #173

Open NMZXYCDRL opened 1 year ago

NMZXYCDRL commented 1 year ago

Recently, I found that some data obtained from the api is incorrect. The tls_version field has redundant tls1.2 and tls1.3,Even all ciphersuites have the value TLS1.3

> curl -s https://ciphersuite.info/api/cs/ | grep -o '"TLS1.3"' | wc -l
348
> curl -s https://ciphersuite.info/api/cs/ | grep -o '"TLS1.2"' | wc -l
339

An old ciphersuite have tls1.2 and tls 1.3

https://ciphersuite.info/api/cs/TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA/

returns :

  "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA": {
    "gnutls_name": "",
    "openssl_name": "",
    "hex_byte_1": "0x00",
    "hex_byte_2": "0x19",
    "protocol_version": "TLS EXPORT",
    "kex_algorithm": "DH",
    "auth_algorithm": "anon",
    "enc_algorithm": "DES40 CBC",
    "hash_algorithm": "SHA",
    "security": "insecure",
    "tls_version": [
      "TLS1.0",
      "TLS1.1",
      "TLS1.2",
      "TLS1.3"
    ]
  }
}
hcrudolph commented 1 year ago

Thanks for reporting this issue! I suspect this has to do with the different way we display support by TLS version now (see d305cd15acf5364effcd96fcb2d43f7f9308e9c2 and 0e91616e42c7b1bf4a0e94bedc3eb3d2e8f17e4d), since even modern TLS1.3 implementations may support older cipher suites. Nevertheless, this should be made more explicit via the API as well.