Last active
March 18, 2017 11:45
-
-
Save kissgyorgy/54601c883891991f28e49ac1be572be2 to your computer and use it in GitHub Desktop.
Pyton Crypto lib matrix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Subdomain Marked OpenSSL OpenSSL Certifi OSCrypto urllib3 | |
| expired.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| wrong.host.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| self-signed.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| untrusted-root.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| revoked.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| incomplete-chain.badssl.com ⚠ ❌ ❌ ✅ ❌ | |
| sha256.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| 1000-sans.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| 10000-sans.badssl.com ✅ ❌ ❌ ✅ ❌ | |
| ecc256.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| ecc384.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| rsa8192.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| mixed-script.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| very.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| mixed.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| mixed-favicon.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| http-password.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| http-login.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| http-dynamic-login.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| http-credit-card.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| cbc.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| rc4-md5.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| rc4.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| 3des.badssl.com ❌ ❌ ❌ ✅ ❌ | |
| null.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| mozilla-old.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| mozilla-intermediate.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| mozilla-modern.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| dh480.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| dh512.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| dh1024.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| dh2048.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| dh-small-subgroup.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| dh-composite.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| static-rsa.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| hsts.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| upgrade.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| preloaded-hsts.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| subdomain.preloaded-hsts.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| https-everywhere.badssl.com ✅ ✅ ✅ ✅ ✅ | |
| http.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| spoofed-favicon.badssl.com ⚠ ✅ ✅ ✅ ✅ | |
| pinning-test.badssl.com ❌ ✅ ✅ ✅ ✅ | |
| long-extended-subdomain-name-containin ✅ ✅ ✅ ✅ ✅ | |
| longextendedsubdomainnamewithoutdashes ✅ ✅ ✅ ✅ ✅ | |
| superfish.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| edellroot.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| dsdtestprovider.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| sha1-2016.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| sha1-2017.badssl.com ❌ ❌ ❌ ❌ ❌ | |
| badssl.com ✅ ✅ ✅ ✅ ✅ | |
| officecontrol.hu ✅ ✅ ✅ ✅ ✅ | |
| google.com ✅ ✅ ✅ ✅ ✅ | |
| facebook.com ✅ ✅ ✅ ✅ ✅ | |
| twitter.com ✅ ✅ ✅ ✅ ✅ | |
| instagram.com ✅ ✅ ✅ ✅ ✅ | |
| anteus.hu ❌ ❌ ❌ ✅ ❌ | |
| ✅ - cryptolib says the certificate is fine | |
| ❌ - cryptolib says there is something wrong with the configuration | |
| Marked shows which result should be accepted or rejected. | |
| urllib3 is basically the same as OpenSSL | |
| Tested on OS X 10.11.6 so OSCrypto used Mac OS X crypto library framework | |
| Note: anteus.hu doesn't send the full intermediate chain, so it's definitely a swrong configuration, but OS X accepts it... probably because of AIA chasing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment