Address rating for STARTTLS tests
STARTTLS tests should always give a bad rating because of the missing trust 1) . That's why we don't provide more details as "T". Maybe we decide later to provide an environment variable which still shows this warning but divulges more details. TBC. Documentation is missing for STARTTLS + grades. 1) There might be cases also for STARTTLS where encryption is enforced and e.g. the certificate fingerprint is validated. As this is highly protcol specific we won't test that.
This commit is contained in:
parent
fe5e10ff9d
commit
127cf95e22
|
@ -20546,6 +20546,14 @@ run_grading() {
|
|||
pr_headlineln " Calculating grades (experimental)"
|
||||
outln
|
||||
|
||||
if [[ -n "$STARTTLS_PROTOCOL" ]]; then
|
||||
pr_bold " Grade "; pr_svrty_critical "T"
|
||||
outln " - STARTTLS encryption is opportunistic"
|
||||
outln " (Further details would lead to a false sense of security)"
|
||||
fileout "grade" "CRITICAL" "T, No more details shown as it would lead to a false sense of security"
|
||||
return 0
|
||||
fi
|
||||
|
||||
# Sort the reasons. This is just nicer to read in genereal
|
||||
IFS=$'\n' sorted_reasons=($(sort -ru <<<"${GRADE_CAP_REASONS[*]}"))
|
||||
IFS=$'\n' sorted_warnings=($(sort -u <<<"${GRADE_WARNINGS[*]}"))
|
||||
|
|
Loading…
Reference in New Issue