API tools faq
paste
Advertisement
freddy87

Untitled

freddy87
Jul 27th, 2016
126
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.37 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Authentication
  3. Server Key and Certificate #1
  4. Subject www.auckland.ac.nz
  5. Fingerprint SHA1: a41fb1b66370ad2346b5dc1f85075ced2c73cb0d
  6. Pin SHA256: EH5y/Qm+zqz1Gt//rmoE1ZWbFSc8zdp3qdqtx+9TIW0=
  7. Common names www.auckland.ac.nz
  8. Alternative names www.auckland.ac.nz auckland.ac.nz
  9. Valid from Tue, 31 Mar 2015 08:04:15 UTC
  10. Valid until Sat, 31 Mar 2018 08:04:01 UTC (expires in 1 year and 8 months)
  11. Key RSA 2048 bits (e 65537)
  12. Weak key (Debian) No
  13. Issuer QuoVadis Global SSL ICA G2
  14. AIA: http://trust.quovadisglobal.com/qvsslg2.crt
  15. Signature algorithm SHA256withRSA
  16. Extended Validation No
  17. Certificate Transparency No
  18. OCSP Must Staple No
  19. Revocation information CRL, OCSP
  20. CRL: http://crl.quovadisglobal.com/qvsslg2.crl
  21. OCSP: http://ocsp.quovadisglobal.com
  22. Revocation status Good (not revoked)
  23. Trusted Yes
  24.  
  25.  
  26. Additional Certificates (if supplied)
  27. Certificates provided 3 (4146 bytes)
  28. Chain issues Contains anchor
  29. #2
  30. Subject QuoVadis Global SSL ICA G2
  31. Fingerprint SHA1: 6036330e1643a0cee19c8af780e0f3e8f59ca1a3
  32. Pin SHA256: tYkfFN27P1GUjH5ME128BCg302dL2iwOYhz5wwFJb50=
  33. Valid until Thu, 01 Jun 2023 13:35:05 UTC (expires in 6 years and 10 months)
  34. Key RSA 2048 bits (e 65537)
  35. Issuer QuoVadis Root CA 2
  36. Signature algorithm SHA256withRSA
  37. #3
  38. Subject QuoVadis Root CA 2 In trust store
  39. Fingerprint SHA1: ca3afbcf1240364b44b216208880483919937cf7
  40. Pin SHA256: j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g=
  41. Valid until Mon, 24 Nov 2031 18:23:33 UTC (expires in 15 years and 3 months)
  42. Key RSA 4096 bits (e 65537)
  43. Issuer QuoVadis Root CA 2 Self-signed
  44. Signature algorithm SHA1withRSA Weak, but no impact on root certificate
  45.  
  46.  
  47. Certification Paths
  48. Path #1: Trusted
  49. 1 Sent by server www.auckland.ac.nz
  50. Fingerprint SHA1: a41fb1b66370ad2346b5dc1f85075ced2c73cb0d
  51. Pin SHA256: EH5y/Qm+zqz1Gt//rmoE1ZWbFSc8zdp3qdqtx+9TIW0=
  52. RSA 2048 bits (e 65537) / SHA256withRSA
  53. 2 Sent by server QuoVadis Global SSL ICA G2
  54. Fingerprint SHA1: 6036330e1643a0cee19c8af780e0f3e8f59ca1a3
  55. Pin SHA256: tYkfFN27P1GUjH5ME128BCg302dL2iwOYhz5wwFJb50=
  56. RSA 2048 bits (e 65537) / SHA256withRSA
  57. 3 Sent by server
  58. In trust store QuoVadis Root CA 2 Self-signed
  59. Fingerprint SHA1: ca3afbcf1240364b44b216208880483919937cf7
  60. Pin SHA256: j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g=
  61. RSA 4096 bits (e 65537) / SHA1withRSA
  62. Weak or insecure signature, but no impact on root certificate
  63. Configuration
  64. Protocols
  65. TLS 1.2 Yes
  66. TLS 1.1 Yes
  67. TLS 1.0 Yes
  68. SSL 3 No
  69. SSL 2 No
  70.  
  71.  
  72. Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites at the end)
  73. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
  74. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
  75. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS 112
  76. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
  77. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
  78. TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
  79. TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
  80. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
  81. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
  82. TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
  83. TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
  84. TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
  85.  
  86.  
  87. Handshake Simulation
  88. Android 2.3.7 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
  89. Android 4.0.4 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  90. Android 4.1.1 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  91. Android 4.2.2 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  92. Android 4.3 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  93. Android 4.4.2 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  94. Android 5.0.0 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
  95. Android 6.0 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
  96. Baidu Jan 2015 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  97. BingPreview Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  98. Chrome 51 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  99. Firefox 31.3.0 ESR / Win 7 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
  100. Firefox 46 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
  101. Firefox 47 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
  102. Googlebot Feb 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
  103. IE 6 / XP No FS 1 No SNI 2 Server sent fatal alert: handshake_failure
  104. IE 7 / Vista RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
  105. IE 8 / XP No FS 1 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA
  106. IE 8-10 / Win 7 R RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
  107. IE 11 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
  108. IE 11 / Win 8.1 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
  109. IE 10 / Win Phone 8.0 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
  110. IE 11 / Win Phone 8.1 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1 FS
  111. IE 11 / Win Phone 8.1 Update R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH secp256r1 FS
  112. IE 11 / Win 10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  113. Edge 13 / Win 10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  114. Edge 13 / Win Phone 10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  115. Java 6u45 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA No FS
  116. Java 7u25 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  117. Java 8u31 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
  118. OpenSSL 0.9.8y RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA No FS
  119. OpenSSL 1.0.1l R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  120. OpenSSL 1.0.2e R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  121. Safari 5.1.9 / OS X 10.6.8 RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  122. Safari 6 / iOS 6.0.1 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  123. Safari 6.0.4 / OS X 10.8.4 R RSA 2048 (SHA256) TLS 1.0 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  124. Safari 7 / iOS 7.1 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  125. Safari 7 / OS X 10.9 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  126. Safari 8 / iOS 8.4 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  127. Safari 8 / OS X 10.10 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDH secp256r1 FS
  128. Safari 9 / iOS 9 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  129. Safari 9 / OS X 10.11 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  130. Apple ATS 9 / iOS 9 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  131. Yahoo Slurp Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  132. YandexBot Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
  133. (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
  134. (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
  135. (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
  136. (R) Denotes a reference browser or client, with which we expect better effective security.
  137. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
  138.  
  139.  
  140. Protocol Details
  141. DROWN (experimental) No, server keys and hostname not seen elsewhere with SSLv2
  142. (1) For a better understanding of this test, please read this longer explanation
  143. (2) Key usage data kindly provided by the Censys network search engine; original DROWN test here
  144. (3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete
  145. Secure Renegotiation Supported
  146. Secure Client-Initiated Renegotiation Yes
  147. Insecure Client-Initiated Renegotiation No
  148. BEAST attack Not mitigated server-side (more info) TLS 1.0: 0xc012
  149. POODLE (SSLv3) No, SSL 3 not supported (more info)
  150. POODLE (TLS) No (more info)
  151. Downgrade attack prevention Yes, TLS_FALLBACK_SCSV supported (more info)
  152. SSL/TLS compression No
  153. RC4 No
  154. Heartbeat (extension) No
  155. Heartbleed (vulnerability) No (more info)
  156. OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
  157. OpenSSL Padding Oracle vuln.
  158. (CVE-2016-2107) No (more info)
  159. Forward Secrecy With modern browsers (more info)
  160. ALPN No
  161. NPN No
  162. Session resumption (caching) Yes
  163. Session resumption (tickets) No
  164. OCSP stapling No
  165. Strict Transport Security (HSTS) Yes
  166. max-age=31536000
  167. HSTS Preloading Not in: Chrome Edge Firefox IE Tor
  168. Public Key Pinning (HPKP) No
  169. Public Key Pinning Report-Only No
  170. Long handshake intolerance No
  171. TLS extension intolerance No
  172. TLS version intolerance No
  173. Incorrect SNI alerts No
  174. Uses common DH primes No, DHE suites not supported
  175. DH public server param (Ys) reuse No, DHE suites not supported
  176. SSL 2 handshake compatibility Yes
  177.  
  178.  
  179. Miscellaneous
  180. Test date Wed, 27 Jul 2016 20:29:59 UTC
  181. Test duration 117.219 seconds
  182. HTTP status code 200
  183. HTTP server signature Apache/2.2.15 (Red Hat)
  184. Server hostname www.auckland.ac.nz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!