Comparing to outdated JSON spec (v5.0)

[janbrasna]

Some time ago the location of uptodate JSON specs moved from S3 security.mozilla.org (where the last published is v5.0 from 6/19) to ghio ssl-config.mozilla.org (where the current guidelines spec v5.7 from 5/23 is located).

So the URL has to change to keep tracking the newer config updates:

cipherscan/analyze.py

Line 399 in 5866911

sstlsurl = "https://statics.tls.security.mozilla.org/server-side-tls-conf.json"

(+ the local snapshot for offline/failover also needs to be updated beyond v5.0…)

and also checked to see how the JSON structure changed over time (it doesn't follow semver meaning breaking changes in the actual json data/schema happens even between minor versions).

[janbrasna]

So basically the only change to support the current format would be from foo.openssl_ciphers to foo.ciphers.openssl, otherwise updating from v5.0 to v5.7 guidelines should be pretty straightforward.

It may need some tweaks in analyze.py logic regarding enforcing ordering etc., that has probably changed over time, too…

Besides that, the only quirk would be:

mozilla.org:443 has obscure or unknown ssl/tls
Changes needed to match the old level:
* enable TLSv1.3

o_O