Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###########################################################
- testssl.sh 2.8rc1 from https://testssl.sh/dev/
- (424cf23 2016-08-09 10:35:58 -- 1.531)
- This program is free software. Distribution and
- modification under GPLv2 permitted.
- USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
- Please file bugs @ https://testssl.sh/bugs/
- ###########################################################
- Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
- on a006:./bin/openssl.Linux.x86_64
- (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
- Start 2016-08-17 21:32:36 -->> 192.168.1.1:443 (r7) <<--
- rDNS (192.168.1.1):
- Service detected: HTTP
- Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2)
- SSLv2 not offered (OK)
- SSLv3 not offered (OK)
- TLS 1 offered
- TLS 1.1 offered
- TLS 1.2 offered (OK)
- Version tolerance downgraded to TLSv1.2 (OK)
- SPDY/NPN not offered
- HTTP2/ALPN not offered
- Testing ~standard cipher lists
- Null Ciphers not offered (OK)
- Anonymous NULL Ciphers not offered (OK)
- Anonymous DH Ciphers not offered (OK)
- 40 Bit encryption not offered (OK)
- 56 Bit encryption not offered (OK)
- Export Ciphers (general) not offered (OK)
- Low (<=64 Bit) not offered (OK)
- DES Ciphers not offered (OK)
- Medium grade encryption not offered (OK)
- Triple DES Ciphers offered
- High grade encryption offered (OK)
- Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption as well as 3DES and RC4 here
- PFS is offered (OK) ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
- Elliptic curves offered: prime256v1
- Testing server preferences
- Has server cipher order? yes (OK)
- Negotiated protocol TLSv1.2
- Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH
- Cipher order
- TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
- TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
- TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA
- Testing server defaults (Server Hello)
- TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15"
- Session Tickets RFC 5077 300 seconds (PFS requires session ticket keys to be rotated <= daily)
- SSL Session ID support yes
- TLS clock skew random values, no fingerprinting possible
- Signature Algorithm SHA1 with RSA
- Server key size RSA 2048 bits
- Fingerprint / Serial SHA1 8CA67181742164606AF4130C1CAD2800DB811C05 / ADE768238EFA7326
- SHA256 185D3F08D1F6EF23E9B5447995D7311253B60F48B202CBC547E022FCCB60A788
- Common Name (CN) "NewMedia-NET GmbH"
- subjectAltName (SAN) --
- Issuer self-signed (NOT ok)
- Trust (hostname) certificate does not match supplied URI
- Chain of trust NOT ok (self signed)
- EV cert (experimental) no
- Certificate Expiration 3648 >= 60 days (2016-08-16 03:35 --> 2026-08-14 03:35 -0700)
- # of certificates provided 1
- Certificate Revocation List --
- OCSP URI --
- OCSP stapling --
- Testing HTTP header response @ "/"
- HTTP Status Code 401 Unauthorized WWW-Authenticate: Basic realm="r7"
- HTTP clock skew 0 sec from localtime
- Strict Transport Security --
- Public Key Pinning --
- Server banner httpd
- Application banner --
- Cookie(s) (none issued at "/")
- Security headers --
- Reverse Proxy banner --
- Testing vulnerabilities
- Heartbleed (CVE-2014-0160) not vulnerable (OK)
- CCS (CVE-2014-0224) not vulnerable (OK)
- Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
- Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
- CRIME, TLS (CVE-2012-4929) VULNERABLE (NOT ok)
- BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested
- POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
- TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK)
- FREAK (CVE-2015-0204) not vulnerable (OK)
- DROWN (2016-0800, CVE-2016-0703), exper. not vulnerable on this port (OK)
- make sure you don't use this certificate elsewhere with SSLv2 enabled services
- https://censys.io/ipv4?q=185D3F08D1F6EF23E9B5447995D7311253B60F48B202CBC547E022FCCB60A788 could help you to find out
- LOGJAM (CVE-2015-4000), experimental not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
- BEAST (CVE-2011-3389) TLS1: DES-CBC3-SHA AES128-SHA
- AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA
- VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
- RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
- Testing all 183 locally available ciphers against the server, ordered by encryption strength
- Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
- ---------------------------------------------------------------------------------------------------------------------------
- xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
- x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
- x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
- xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
- x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
- x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
- x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Running browser simulations via sockets (experimental)
- Android 2.3.7 TLSv1.0 AES128-SHA
- Android 4.0.4 TLSv1.0 ECDHE-RSA-AES128-SHA
- Android 4.1.1 TLSv1.0 ECDHE-RSA-AES128-SHA
- Android 4.2.2 TLSv1.0 ECDHE-RSA-AES128-SHA
- Android 4.3 TLSv1.0 ECDHE-RSA-AES128-SHA
- Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Baidu Jan 2015 TLSv1.0 ECDHE-RSA-AES128-SHA
- BingPreview Jan 2015 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Chrome 47 / OSX TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Firefox 31.3.0ESR / Win7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Firefox 42 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- GoogleBot Feb 2015 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- IE 6 XP No connection
- IE 7 Vista TLSv1.0 ECDHE-RSA-AES128-SHA
- IE 8 XP TLSv1.0 DES-CBC3-SHA
- IE 8-10 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA
- IE 11 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA256
- IE 11 Win 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA256
- IE 10 Win Phone 8.0 TLSv1.0 ECDHE-RSA-AES128-SHA
- IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA256
- IE 11 Win Phone 8.1 Update TLSv1.2 ECDHE-RSA-AES128-SHA256
- IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Java 6u45 TLSv1.0 AES128-SHA
- Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA
- Java 8u31 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- OpenSSL 0.9.8y TLSv1.0 AES128-SHA
- OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-RSA-AES128-SHA
- Safari 6 iOS 6.0.1 TLSv1.2 ECDHE-RSA-AES128-SHA256
- Safari 6.0.4 OS X 10.8.4 TLSv1.0 ECDHE-RSA-AES128-SHA
- Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES128-SHA256
- Safari 7 OS X 10.9 TLSv1.2 ECDHE-RSA-AES128-SHA256
- Safari 8 iOS 8.4 TLSv1.2 ECDHE-RSA-AES128-SHA256
- Safari 8 OS X 10.10 TLSv1.2 ECDHE-RSA-AES128-SHA256
- Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
- Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement