![]() Encryption Bits Cipher Suite Name (IANA/RFC) Hexcode Cipher Suite Name (OpenSSL) KeyExch. Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2īEAST (CVE-2011-3389) not vulnerable (OK), no SS元 or TLS1 ![]() Make sure you don't use this certificate elsewhere with SSLv2 enabled services TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered ![]() POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support only supplied "/" testedĬan be ignored for static pages or if no secrets in the page Secure Client-Initiated Renegotiation not vulnerable (OK)ĬRIME, TLS (CVE-2012-4929) not vulnerable (OK)īREACH (CVE-2013-3587) potentially NOT ok, uses gzip HTTP compression. Secure Renegotiation (RFC 5746) supported (OK) Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension Security headers X-Frame-Options SAMEORIGIN Strict Transport Security 366 days=31622400 s, just this domain Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated = 30 days ( 22:41 -> 22:41)Ĭertificate Transparency yes (certificate extension) "application layer protocol negotiation/#16" "status request/#5" "max fragment length/#1" "EC point formats/#11" "session ticket/#35" TLS extensions (standard) "renegotiation info/#65281" "server name/#0" Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) Testing robust (perfect) forward secrecy, (P)FS - omitting Null Authentication/Encryption, 3DES, RC4 ![]() Non-FS Strong encryption (AEAD ciphers) offered (OK)įorward Secure Strong encryption (AEAD ciphers) offered (OK) Obsolete: SEED + 128+256 Bit CBC cipher offered ![]() LOW: 64 Bit + DES, RC, MD5 (w/o export) not offered (OK) NULL ciphers (no encryption) not offered (OK)Īnonymous NULL Ciphers (no authentication) not offered (OK)Įxport ciphers (w/o ADH+NULL) not offered (OK) TLS 1.3 not offered and downgraded to a weaker protocol I recently used this tool and it provides a comprehensive report related to SSL.Įxample output: Testing protocols via sockets except NPN+ALPN ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |