diff --git a/ssh-audit.py b/ssh-audit.py
index 5f138e0..0797f95 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -360,7 +360,7 @@ class SSH2(object):  # pylint: disable=too-few-public-methods
 				'des-cbc': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
 				'des-cbc-ssh1': [[], [FAIL_WEAK_CIPHER], [WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
 				'3des-cbc': [['1.2.2,d0.28,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH74_UNSAFE, WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
-				'3des-ctr': [['d0.52']],
+				'3des-ctr': [['d0.52'], [FAIL_WEAK_CIPHER]],
 				'blowfish-cbc': [['1.2.2,d0.28,l10.2', '6.6,d0.52', '7.1,d0.52'], [FAIL_OPENSSH67_UNSAFE, FAIL_DBEAR53_DISABLED], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
 				'blowfish-ctr': [[], [FAIL_OPENSSH67_UNSAFE, FAIL_DBEAR53_DISABLED], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
 				'twofish-cbc': [['d0.28', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]],
@@ -2683,6 +2683,9 @@ def output_fingerprints(algs, sha256=True):
 		if algs.ssh2kex is not None:
 			host_keys = algs.ssh2kex.host_keys()
 			for host_key_type in algs.ssh2kex.host_keys():
+				if host_keys[host_key_type] is None:
+					continue
+
 				fp = SSH.Fingerprint(host_keys[host_key_type])
 
 				# Workaround for Python's order-indifference in dicts.  We might get a random RSA type (ssh-rsa, rsa-sha2-256, or rsa-sha2-512), so running the tool against the same server three times may give three different host key types here.  So if we have any RSA type, we will simply hard-code it to 'ssh-rsa'.