From f92d3988af87bc72d28edf85e0b11d8de27f41c5 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Mon, 4 Dec 2017 21:53:39 +0100
Subject: [PATCH] Better consistency (cipher coloring)

Especially for yellow=low the key exchange is considered
to be equal now. That needs to be subject to reconsideration.
---
 testssl.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 647e070..c9dee61 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -4877,18 +4877,18 @@ pr_cipher_quality() {
                          pr_svrty_high "$text"
                          return 2
                          ;;
-                    *CBC*)
-                         pr_svrty_medium "$text"
-                         return 3
-                         ;; # FIXME BEAST: We miss some CBC ciphers here, need to work w/ a list
                     *GCM*|*CHACHA20*)
                          pr_done_best "$text"
                          return 7
                          ;; #best ones
-                    ECDHE*AES*)
+                    ECDHE*AES*|DHE*AES*SHA*|*CAMELLIA*SHA)
                          pr_svrty_low "$text"
                          return 4
                          ;; # it's CBC. --> lucky13
+                    *CBC*)
+                         pr_svrty_medium "$text"
+                         return 3
+                         ;; # FIXME BEAST: We miss some CBC ciphers here, need to work w/ a list
                     *)
                          out "$text"
                          return 5
@@ -4907,7 +4907,7 @@ pr_cipher_quality() {
                pr_svrty_high "$text"
                return 2
                ;;
-          *ECDHE*AES*CBC*)
+          *ECDHE*AES*CBC*|*DHE*AES*SHA*|*RSA*AES*SHA*|*CAMELLIA*SHA*)
                pr_svrty_low "$text"
                return 4
                ;;