File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 196196WEB_TLS_OCSP_STAPLING_BAD = NO_POINTS
197197WEB_TLS_OCSP_STAPLING_WORST_STATUS = STATUS_NOTICE
198198
199- TLS_KEX_RSA_PKCS_GOOD = FULL_WEIGHT_POINTS
200- TLS_KEX_RSA_PKCS_OK = FULL_WEIGHT_POINTS
201- TLS_KEX_RSA_PKCS_BAD = NO_POINTS
202- TLS_KEX_RSA_PKCS_WORST_STATUS = STATUS_NOTICE
203-
204199WEB_TLS_KEX_HASH_FUNC_GOOD = FULL_WEIGHT_POINTS
205200WEB_TLS_KEX_HASH_FUNC_OK = FULL_WEIGHT_POINTS
206201WEB_TLS_KEX_HASH_FUNC_BAD = NO_POINTS
Original file line number Diff line number Diff line change 132132 (OpenSslDigestNidEnum .SHA224 , OpenSslEvpPkeyEnum .RSA ),
133133 (OpenSslDigestNidEnum .SHA224 , OpenSslEvpPkeyEnum .DSA ),
134134]
135- # NCSC 3.3.2.1: RSA PKCS must not be used.
136- # Failing these algs means the server has no RSA or RSA in PSS only, either is fine.
137- SIGNATURE_ALGORITHMS_RSA_PKCS = [
138- # (OpenSslDigestNidEnum.MD5, OpenSslEvpPkeyEnum.RSA),
139- (OpenSslDigestNidEnum .SHA1 , OpenSslEvpPkeyEnum .RSA ),
140- (OpenSslDigestNidEnum .SHA224 , OpenSslEvpPkeyEnum .RSA ),
141- (OpenSslDigestNidEnum .SHA512 , OpenSslEvpPkeyEnum .RSA ),
142- (OpenSslDigestNidEnum .SHA384 , OpenSslEvpPkeyEnum .RSA ),
143- (OpenSslDigestNidEnum .SHA256 , OpenSslEvpPkeyEnum .RSA ),
144- ]
145135
146136# Mail servers with an increased connection limit,
147137# matched by substring matching on their hostname.
You can’t perform that action at this time.
0 commit comments