Merge pull request #177 from hcrudolph/development

Additional vulnerbilities, style improvements, dependency updates

.gitignore

@@ -1,7 +1,7 @@
 # Custom rules
 .DS_Store
-*.css.map
 .vscode/
+custom.css
 migrations/
 media/
 

directory/fixtures/00_vulnerabilities.yaml

@@ -83,3 +83,8 @@
   fields:
     severity: 2
     description: 'The GOST algorithms are Russian cryptographic standard algorithms. Their security is not proven and its use is not recommended by the IETF. (see <a href="https://www.rfc-editor.org/rfc/rfc9189" class="alert-link" target="_blank" rel="noopener noreferrer">ietf.org</a>)'
+- model: directory.Vulnerability
+  pk: 'Raccoon Attack'
+  fields:
+    severity: 0
+    description: 'The so-called <a href ="https://raccoon-attack.com" class="alert-link" target="_blank" rel="noopener noreferrer">Raccoon Attack</a> affects the specifications of TLS 1.2 and below when using a DH(E) key exchange. According to the researchers, while very hard to exploit, in rare circumstances this timing attack allows attackers to decrypt the connection between users and the server. A fix has been introduced in the TLS 1.3 specification.'

directory/fixtures/01_technologies.yaml

@@ -96,12 +96,12 @@
   pk: 'DH'
   fields:
     long_name: 'Diffie-Hellman'
-    vulnerabilities: ['Non-ephemeral Key Exchange']
+    vulnerabilities: ['Non-ephemeral Key Exchange', 'Raccoon Attack']
 - model: directory.KexAlgorithm
   pk: 'DHE'
   fields:
     long_name: 'Diffie-Hellman Ephemeral'
-    vulnerabilities: []
+    vulnerabilities: ['Raccoon Attack']
 - model: directory.KexAlgorithm
   pk: 'ECDH'
   fields:

directory/helpers.py

@@ -50,6 +50,9 @@ def filter_cs_tls(ciphersuites, tls_version):
         return ciphersuites.filter(tls_version__major=1, tls_version__minor=2)
     elif tls_version == 'tls13':
         return ciphersuites.filter(tls_version__major=1, tls_version__minor=3)
+    elif tls_version == 'xtls13':
+        return ciphersuites.filter(tls_version__major=1, tls_version__minor=3)\
+            .exclude(tls_version__minor=2)
     else:
         return ciphersuites
 

directory/templates/directory/detail_cs.html

@@ -5,40 +5,40 @@
     <div class="row flex-row justify-content-center">
         <div class="col-lg-8 col-lg-offset-2">
             <h1 class="mb-4">
-            {% if cipher_suite.insecure %}<span class="text-danger">Insecure</span>
-            {% elif cipher_suite.weak %}<span class="text-warning">Weak</span>
-            {% elif cipher_suite.secure %}<span class="text-secure">Secure</span>
-            {% else %}<span class="text-success">Recommended</span>
+            {% if cipher_suite.insecure %}<span class="badge bg-danger">Insecure</span>
+            {% elif cipher_suite.weak %}<span class="badge bg-warning">Weak</span>
+            {% elif cipher_suite.secure %}<span class="badge bg-secure">Secure</span>
+            {% else %}<span class="badge bg-success">Recommended</span>
             {% endif %}
-            Cipher Suite
+            <span class="break-all">{{ cipher_suite.name }}</span>
             </h1>
         </div>
     </div>
 
     <div class="row flex-row justify-content-center">
         <div class="col-lg-8 col-lg-offset-2">
             <dl class="dl-horizontal">
-                <dt><b>IANA name:</b></dt>
-                <dd class="long-string">{{ cipher_suite.name }} </dd>
+                <dt>IANA name:</dt>
+                <dd>{{ cipher_suite.name }} </dd>
                 {% if cipher_suite.openssl_name %}
-                    <dt><b>OpenSSL name:</b></dt>
-                    <dd class="long-string">{{ cipher_suite.openssl_name }}</dd>
+                    <dt>OpenSSL name:</dt>
+                    <dd>{{ cipher_suite.openssl_name }}</dd>
                 {% endif %}
                 {% if cipher_suite.gnutls_name %}
-                    <dt><b>GnuTLS name:</b></dt>
-                    <dd class="long-string">{{ cipher_suite.gnutls_name }}</dd>
+                    <dt>GnuTLS name:</dt>
+                    <dd>{{ cipher_suite.gnutls_name }}</dd>
                 {% endif %}
-                <dt><b>Hex code:</b></dt>
+                <dt>Hex code:</dt>
                 <dd>{{ cipher_suite.hex_byte_1 }}, {{ cipher_suite.hex_byte_2 }}</dd>
-                <dt><b>TLS Version(s):</b></dt>
+                <dt>TLS Version(s):</dt>
                 <dd>
                     {% for version in cipher_suite.tls_version.all %}
                         {{ version }}{% if not forloop.last %}, {% endif %}
                     {% endfor %}
                 </dd>
                 <hr />
                 {% for algo in related_tech %}
-                <dt><b>{% cycle 'Protocol' 'Key Exchange' 'Authentication' 'Encryption' 'Hash' as atype %}:</b></dt>
+                <dt>{% cycle 'Protocol' 'Key Exchange' 'Authentication' 'Encryption' 'Hash' as atype %}:</dt>
                 <dd>
                     {% if atype == 'Key Exchange' and cipher_suite.kex_algorithm.pfs_support %}
                         <span class="badge bg-secondary" data-bs-toggle="tooltip" data-bs-placement="left" title="Perfect Forward Secrecy">PFS</span>
@@ -84,7 +84,7 @@ <h1 class="mb-4">
                 {% endfor %}
                 <hr />
                 {% if referring_rfc_list %}
-                    <dt><b>Included in RFC:</b></dt>
+                    <dt>Included in RFC:</dt>
                     <dd>
                         <ul class="rfclist">
                         {% for rfc in referring_rfc_list %}
@@ -94,7 +94,7 @@ <h1 class="mb-4">
                     </dd>
                 {% endif %}
 
-                <dt><b>Machine-readable:</b></dt>
+                <dt>Machine-readable:</dt>
                 <dd><a href="/api/cs/{{ cipher_suite.name }}">application/json</a></dd>
             </dl>
         </div>

directory/templates/directory/detail_rfc.html

@@ -11,38 +11,37 @@ <h1>RFC {{ rfc.number }}</h1>
     <div class="row flex-row justify-content-center">
         <div class="col-lg-8 col-lg-offset-2">
             <dl class="dl-horizontal">
-                <dt><b>Title:</b></dt>
+                <dt>Title:</dt>
                 <dd>{{ rfc.title }}</td>
 
-                <dt><b>Status:</b></dt>
+                <dt>Status:</dt>
                 <dd>{{ rfc_status_code }}</dd>
 
-                <dt><b>Publication:</b></dt>
+                <dt>Publication:</dt>
                 <dd>{{ rfc.release_year }}</dd>
 
                 {% for rel_rfc in related_docs %}
                     <b>Related documents:</b> <a href="/rfc/{{ rel_rfc.number }}">{{ rel_rfc }}</a>
                 {% endfor %}
 
-                <dt><b>View on ietf.org:</b></dt>
+                <dt>View on ietf.org:</dt>
                 <dd><a href="{{ rfc.url }}" target="_blank" rel="noopener noreferrer">{{ rfc.url }} <span class="glyphicon glyphicon-share" aria-hidden="true"></span></a></dd>
 
             {% if defined_cipher_suites %}
-            <dt><b>Defined Cipher suites:</b></dt>
+            <dt>Defined Cipher suites:</dt>
             <dd>
             <ul class="minimallist">
                 {% for cipher_suite in defined_cipher_suites %}
                     <li>
-                        <a class="long-string" href="/cs/{{ cipher_suite.name }}/">{{ cipher_suite.name }}</a>
+                        <a href="/cs/{{ cipher_suite.name }}/">{{ cipher_suite.name }}</a>
                     </li>
                 {% endfor %}
             </ul>
             </dd>
             {% endif %}
             <hr />
-            <dt><b>Machine-readable:</b></dt>
+            <dt>Machine-readable:</dt>
             <dd><a href="/api/rfc/{{ rfc.number }}">application/json</a></dd>
-
             </dl>
             </div>
         </div>

directory/templates/directory/head.html

@@ -1,15 +1,13 @@
 {% load static sass_tags compress %}
 <meta charset="utf-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
-<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
+<meta name="viewport" content="width=device-width, initial-scale=1"/>
 <meta name="author" content="Hans Christian Rudolph"/>
-<meta name="description" content=""/>
+<meta name="description" content="A searchable directory of TLS ciphersuites"/>
 <title>Ciphersuite Info</title>
 <link rel="shortcut icon" type="image/x-icon" href="{% static 'img/favicon.ico' %}">
 {% compress css %}
-<link rel="stylesheet" type="text/css" href="{% sass_src 'scss/bootstrap.scss' %}"/>
 <link rel="stylesheet" type="text/css" href="{% sass_src 'scss/custom.scss' %}"/>
-<link rel="stylesheet" type="text/css" href="{% static 'css/bootstrap-icons.css' %}"/>
+<link rel="stylesheet" type="text/css" href="{% static 'css/bootstrap-icons.min.css' %}"/>
 <link rel="stylesheet" type="text/css" href="{% static 'css/fonts.css' %}"/>
 <link rel="stylesheet" type="text/css" href="{% static 'css/emoji.css' %}"/>
 {% endcompress %}

directory/templates/directory/index.html

@@ -11,10 +11,10 @@
     </div>
     {% endfor %}
     <div class="row flex-row justify-content-center">
-        <div class="col-lg-8 col-lg-offset-2 mb-4">
+        <div class="col-lg-8 col-lg-offset-2 mb-2">
             <h1 class="title-heading centered-text">TLS Ciphersuite Search</h1>
         </div><!-- end column -->
-        <div class="col-lg-8 col-lg-offset-2">
+        <div class="col-lg-6 col-lg-offset-3">
             <div id="custom-search-input">
                 <form class="form-group input-group input-group-lg" action="/search?q={{ search_form.get_search_term }}" method="get">
                     {{ search_form }}
@@ -28,8 +28,8 @@ <h1 class="title-heading centered-text">TLS Ciphersuite Search</h1>
     <div class="row flex-row justify-content-center">
         <div class="col-lg-6 col-md-offset-3">
             <div class="alert alert-light mt-3 centered-text" role="alert">
-                <i class="bi bi-info-circle-fill"></i>
-                Search for a particular cipher suite by using IANA, OpenSSL or GnuTLS name format, e.g. "<a class="alert-link nowrap" href="/search/?q=TLS_DHE_DSS_WITH_AES_256_CBC_SHA256">TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</a>", "<a class="alert-link nowrap" href="/search/?q=DHE-DSS-AES256-SHA256">DHE-DSS-AES256-SHA256</a>" or "<a class="alert-link nowrap" href="/search/?q=TLS_DHE_DSS_AES_256_CBC_SHA256">TLS_DHE_DSS_AES_256_CBC_SHA256</a>".
+                <i class="bi bi-info-circle-fill align-middle"></i>
+                Search for a particular cipher suite by using IANA, OpenSSL or GnuTLS name format, e.g. "<a class="alert-link break-all" href="/search/?q=TLS_DHE_DSS_WITH_AES_256_CBC_SHA256">TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</a>", "<a class="alert-link break-all" href="/search/?q=DHE-DSS-AES256-SHA256">DHE-DSS-AES256-SHA256</a>", or "<a class="alert-link break-all" href="/search/?q=TLS_DHE_DSS_AES_256_CBC_SHA256">TLS_DHE_DSS_AES_256_CBC_SHA256</a>".
             </div>
         </div>
     </div><!-- end row -->

directory/templates/directory/index_cs.html

@@ -6,7 +6,7 @@
 {% with params=request.GET.urlencode %}
     <div class="row flex-row justify-content-center">
         <div class="col-lg-8 col-lg-offset-2">
-                <h1>{{ count }} Cipher Suites</h1>
+            <h1>{{ count }} Cipher Suites</h1>
         </div><!-- end column -->
         <div class="col-lg-8 col-xl-offset-2">
             {% include "directory/list_filters.html" %}
@@ -18,13 +18,15 @@ <h1>{{ count }} Cipher Suites</h1>
         {% if results %}
             <ul class="prettylist">
                 {% for cipher_suite in results %}
-                <li><a class="long-string" href="/cs/{{ cipher_suite.name }}/">
+                <li><a href="/cs/{{ cipher_suite.name }}/">
                     {% if cipher_suite.insecure %}<span class="badge bg-fixed-width bg-danger">Insecure</span>
                     {% elif cipher_suite.weak %}<span class="badge bg-fixed-width bg-warning">Weak</span>
                     {% elif cipher_suite.secure %}<span class="badge bg-fixed-width bg-secure">Secure</span>
                     {% else %}<span class="badge bg-fixed-width bg-success">Recommended</span>
                     {% endif %}
-                    {{ cipher_suite.name }}</a></li>
+                    <span class="break-all">{{ cipher_suite.name }}</span>
+                    </a>
+                </li>
                 {% endfor %}
             </ul>
         {% else %}

directory/templates/directory/index_rfc.html

@@ -9,21 +9,21 @@
             <h1>RFCs</h1>
         </div><!-- end column -->
         <div class="col-lg-8 col-lg-offset-2">
-            <div class="d-flex justify-content-between align-items-center flex-wrap">
-                <div class="btn-group my-3">
-                    <button id="sortDropdownButton" type="button" class="btn btn-light dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false">
-                        Sort by <span class="caret"></span>
+            <div class="d-flex justify-content-between flex-wrap">
+                <div class="btn-group my-2">
+                    <button type="button" class="btn btn-secondary dropdown-toggle" data-bs-toggle="dropdown">
+                        Sort by
                     </button>
-                    <div class="dropdown-menu" aria-labelledby="sortDropdownButton">
-                        <a class="dropdown-item" href="{% relative_url 'number-asc' 'sorting' params %}">Number ascending</a>
-                        <a class="dropdown-item" href="{% relative_url 'number-desc' 'sorting' params %}">Number descending</a>
-                        <a class="dropdown-item" href="{% relative_url 'title-asc' 'sorting' params %}">Title ascending</a>
-                        <a class="dropdown-item" href="{% relative_url 'title-desc' 'sorting' params %}">Title descending</a>
-                    </div>
+                    <ul class="dropdown-menu">
+                        <li><a class="dropdown-item {% if sorting == 'number-asc' %}active{% endif %}" href="{% relative_url 'number-asc' 'sort' params %}">Number ascending</a></li>
+                        <li><a class="dropdown-item {% if sorting == 'number-desc' %}active{% endif %}" href="{% relative_url 'number-desc' 'sort' params %}">Number descending</a></li>
+                        <li><a class="dropdown-item {% if sorting == 'title-asc' %}active{% endif %}" href="{% relative_url 'title-asc' 'sort' params %}">Title ascending</a></li>
+                        <li><a class="dropdown-item {% if sorting == 'title-desc' %}active{% endif %}" href="{% relative_url 'title-desc' 'sort' params %}">Title descending</a></li>
+                    </ul>
                 </div> <!-- end button group -->
-                <div class="btn-group" role="group" aria-label="...">
-                    <a href="{% relative_url 'false' 'singlepage' params %}" class="btn btn-light {% if singlepage != 'true' %}active{% endif %}">Paginated</a>
-                    <a href="{% relative_url 'true' 'singlepage' params %}" class="btn btn-light {% if singlepage == 'true' %}active{% endif %}">Single Page</a>
+                <div class="btn-group my-2">
+                    <a href="{% relative_url 'false' 'singlepage' params %}" class="btn btn-outline-secondary {% if singlepage != 'true' %}active{% endif %}">Paginated</a>
+                    <a href="{% relative_url 'true' 'singlepage' params %}" class="btn btn-outline-secondary {% if singlepage == 'true' %}active{% endif %}">Single Page</a>
                 </div>
             </div>
         </div>

directory/templates/directory/js.html

@@ -1,5 +1,4 @@
 {% load static compress %}
 {% compress js %}
-<script src={% static "js/bootstrap.bundle.min.js" %}></script>
-<script src={% static "js/custom.js" %}></script>
+<script src="{% static 'js/bootstrap.bundle.min.js' %}"></script>
 {% endcompress %}