1 | <?xml version="1.0" encoding="UTF-8" ?> |
---|
2 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><!-- This file was created with the aha Ansi HTML Adapter. http://ziz.delphigl.com/tool_aha.php --> |
---|
3 | <html xmlns="http://www.w3.org/1999/xhtml"> |
---|
4 | <head> |
---|
5 | <meta http-equiv="content-type" content="application/xhtml+xml; charset=UTF-8" /> |
---|
6 | <title>stdin</title> |
---|
7 | </head> |
---|
8 | <body> |
---|
9 | <pre><span style="font-weight:bold;"> |
---|
10 | ########################################################### |
---|
11 | testssl.sh 2.8 from https://testssl.sh/ |
---|
12 | (</span><span style="color:black;font-weight:bold;">1.582 2017/05/10 19:04:47</span><span |
---|
13 | style="font-weight:bold;">) |
---|
14 | |
---|
15 | This program is free software. Distribution and |
---|
16 | modification under GPLv2 permitted. |
---|
17 | USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! |
---|
18 | |
---|
19 | Please file bugs @ https://testssl.sh/bugs/ |
---|
20 | |
---|
21 | ###########################################################</span> |
---|
22 | |
---|
23 | Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers] |
---|
24 | on <snip>:<snip>testssl.sh/bin/openssl.Linux.x86_64 |
---|
25 | (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64") |
---|
26 | |
---|
27 | |
---|
28 | <span style="color:gray;background-color:black;"> Start 2017-06-23 07:33:40 -->> <snip> <<--</span> |
---|
29 | |
---|
30 | rDNS (<snip>): -- |
---|
31 | Service detected: HTTP |
---|
32 | |
---|
33 | |
---|
34 | <span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing protocols </span><span |
---|
35 | style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;">(via sockets except TLS 1.2, SPDY+HTTP2) </span> |
---|
36 | |
---|
37 | <span style="font-weight:bold;"> SSLv2 </span><span style="color:green;font-weight:bold;">not offered (OK)</span> |
---|
38 | <span style="font-weight:bold;"> SSLv3 </span><span style="color:green;font-weight:bold;">not offered (OK)</span> |
---|
39 | <span style="font-weight:bold;"> TLS 1 </span>offered |
---|
40 | <span style="font-weight:bold;"> TLS 1.1 </span>offered |
---|
41 | <span style="font-weight:bold;"> TLS 1.2 </span><span style="color:green;font-weight:bold;">offered (OK)</span> |
---|
42 | <span style="font-weight:bold;"> Version tolerance </span><span style="color:green;font-weight:bold;">downgraded to TLSv1.2 (OK)</span> |
---|
43 | <span style="font-weight:bold;"> SPDY/NPN </span>not offered |
---|
44 | <span style="font-weight:bold;"> HTTP2/ALPN </span>not offered |
---|
45 | |
---|
46 | <span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing ~standard cipher lists </span> |
---|
47 | |
---|
48 | <span style="font-weight:bold;"> Null Ciphers </span><span style="color:green;font-weight:bold;">not offered (OK)</span> |
---|
49 | <span style="font-weight:bold;"> Anonymous NULL Ciphers </span><span style="color:green;font-weight:bold;">not offered (OK)</span> |
---|
50 | <span style="font-weight:bold;"> Anonymous DH Ciphers </span><span style="color:green;font-weight:bold;">not offered (OK)</span> |
---|
51 | <span style="font-weight:bold;"> 40 Bit encryption </span><span style="color:green;font-weight:bold;">not offered (OK)</span> |
---|
52 | <span style="font-weight:bold;"> 56 Bit export ciphers </span><span style="color:green;font-weight:bold;">not offered (OK)</span> |
---|
53 | <span style="font-weight:bold;"> Export Ciphers (general) </span><span style="color:green;font-weight:bold;">not offered (OK)</span> |
---|
54 | <span style="font-weight:bold;"> Low (<=64 Bit) </span><span style="color:red;font-weight:bold;">offered (NOT ok)</span> |
---|
55 | <span style="font-weight:bold;"> DES Ciphers </span><span style="color:red;font-weight:bold;">offered (NOT ok)</span> |
---|
56 | <span style="font-weight:bold;"> "Medium" grade encryption </span><span style="color:red;">offered (NOT ok)</span> |
---|
57 | <span style="font-weight:bold;"> Triple DES Ciphers </span><span style="color:olive;">offered</span> |
---|
58 | <span style="font-weight:bold;"> High grade encryption </span><span style="color:green;font-weight:bold;">offered (OK)</span> |
---|
59 | |
---|
60 | |
---|
61 | <span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 </span> |
---|
62 | |
---|
63 | <span style="color:olive;"> No ciphers supporting Forward Secrecy offered</span> |
---|
64 | |
---|
65 | |
---|
66 | <span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing server preferences </span> |
---|
67 | |
---|
68 | <span style="font-weight:bold;"> Has server cipher order? </span><span style="color:red;">nope (NOT ok)</span> |
---|
69 | <span style="font-weight:bold;"> Negotiated protocol </span><span style="color:green;font-weight:bold;">TLSv1.2</span> |
---|
70 | <span style="font-weight:bold;"> Negotiated cipher </span><span style="color:green;font-weight:bold;">AES256-GCM-SHA384</span> (limited sense as client will pick) |
---|
71 | <span style="font-weight:bold;"> Negotiated cipher per proto</span> (limited sense as client will pick) |
---|
72 | AES256-SHA: TLSv1, TLSv1.1 |
---|
73 | AES256-GCM-SHA384: TLSv1.2 |
---|
74 | No further cipher order check has been done as order is determined by the client |
---|
75 | |
---|
76 | |
---|
77 | <span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing HTTP header response @ "/" </span> |
---|
78 | |
---|
79 | <span style="font-weight:bold;"> HTTP Status Code </span> 200 OK |
---|
80 | <span style="font-weight:bold;"> HTTP clock skew </span>0 sec from localtime |
---|
81 | <span style="font-weight:bold;"> Strict Transport Security </span>-- |
---|
82 | <span style="font-weight:bold;"> Public Key Pinning </span>-- |
---|
83 | <span style="font-weight:bold;"> Server banner </span>TwistedWeb/<span |
---|
84 | style="color:olive;">1</span><span style="color:olive;">3</span>.<span style="color:olive;">2</span>.<span |
---|
85 | style="color:olive;">0</span> |
---|
86 | <span style="font-weight:bold;"> Application banner </span>-- |
---|
87 | <span style="font-weight:bold;"> Cookie(s) </span>(none issued at "/") |
---|
88 | <span style="font-weight:bold;"> Security headers </span><span style="color:olive;">--</span> |
---|
89 | <span style="font-weight:bold;"> Reverse Proxy banner </span>-- |
---|
90 | |
---|
91 | |
---|
92 | <span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing vulnerabilities </span> |
---|
93 | |
---|
94 | <span style="font-weight:bold;"> Heartbleed</span> (CVE-2014-0160) <span |
---|
95 | style="color:green;font-weight:bold;">not vulnerable (OK)</span>, timed out |
---|
96 | <span style="font-weight:bold;"> CCS</span> (CVE-2014-0224) <span |
---|
97 | style="color:green;font-weight:bold;">not vulnerable (OK)</span> |
---|
98 | <span style="font-weight:bold;"> Secure Renegotiation </span>(CVE-2009-3555) <span |
---|
99 | style="color:green;font-weight:bold;">not vulnerable (OK)</span> |
---|
100 | <span style="font-weight:bold;"> Secure Client-Initiated Renegotiation </span><span |
---|
101 | style="color:red;">VULNERABLE (NOT ok)</span>, DoS threat |
---|
102 | <span style="font-weight:bold;"> CRIME, TLS </span>(CVE-2012-4929) <span |
---|
103 | style="color:green;">not vulnerable (OK)</span> |
---|
104 | <span style="font-weight:bold;"> BREACH</span> (CVE-2013-3587) <span |
---|
105 | style="color:green;font-weight:bold;">no HTTP compression (OK) </span> - only supplied "/" tested |
---|
106 | <span style="font-weight:bold;"> POODLE, SSL</span> (CVE-2014-3566) <span |
---|
107 | style="color:green;font-weight:bold;">not vulnerable (OK)</span> |
---|
108 | <span style="font-weight:bold;"> TLS_FALLBACK_SCSV</span> (RFC 7507), <span |
---|
109 | style="color:green;">Downgrade attack prevention supported (OK)</span> |
---|
110 | <span style="font-weight:bold;"> FREAK</span> (CVE-2015-0204) <span |
---|
111 | style="color:green;font-weight:bold;">not vulnerable (OK)</span> |
---|
112 | <span style="font-weight:bold;"> DROWN</span> (2016-0800, CVE-2016-0703) <span |
---|
113 | style="color:green;font-weight:bold;">not vulnerable on this port (OK)</span> |
---|
114 | make sure you don't use this certificate elsewhere with SSLv2 enabled services |
---|
115 | <span style="font-weight:bold;"> LOGJAM</span> (CVE-2015-4000), experimental <span |
---|
116 | style="color:green;font-weight:bold;">not vulnerable (OK)</span>, common primes not checked. See below for any DH ciphers + bit size |
---|
117 | <span style="font-weight:bold;"> BEAST</span> (CVE-2011-3389) TLS1:<span |
---|
118 | style="color:olive;font-weight:bold;"> DES-CBC-SHA DES-CBC3-SHA |
---|
119 | AES128-SHA AES256-SHA CAMELLIA128-SHA |
---|
120 | CAMELLIA256-SHA SEED-SHA</span> |
---|
121 | <span style="color:olive;font-weight:bold;">VULNERABLE</span> -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 |
---|
122 | <span style="font-weight:bold;"> RC4</span> (CVE-2013-2566, CVE-2015-2808) <span |
---|
123 | style="color:red;">VULNERABLE (NOT ok): </span><span style="color:red;">RC4-SHA </span><span |
---|
124 | style="color:red;">RC4-MD5 </span> |
---|
125 | |
---|
126 | |
---|
127 | <span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing all 183 locally available ciphers against the server, ordered by encryption strength </span> |
---|
128 | |
---|
129 | Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC) |
---|
130 | --------------------------------------------------------------------------------------------------------------------------- |
---|
131 | x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384 |
---|
132 | x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256 |
---|
133 | x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA |
---|
134 | x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
---|
135 | x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256 |
---|
136 | x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 |
---|
137 | x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA |
---|
138 | x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA |
---|
139 | x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
---|
140 | x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA |
---|
141 | x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5 |
---|
142 | x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA |
---|
143 | x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA |
---|
144 | |
---|
145 | |
---|
146 | <span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Running browser simulations via sockets (experimental) </span> |
---|
147 | |
---|
148 | Android 2.3.7 TLSv1.0 RC4-MD5 |
---|
149 | Android 4.1.1 TLSv1.0 AES256-SHA |
---|
150 | Android 4.2.2 TLSv1.0 AES256-SHA |
---|
151 | Android 4.4.2 TLSv1.2 AES256-GCM-SHA384 |
---|
152 | Android 5.0.0 TLSv1.2 AES256-SHA |
---|
153 | Android 6.0 TLSv1.2 AES128-GCM-SHA256 |
---|
154 | Android 7.0 TLSv1.2 AES128-GCM-SHA256 |
---|
155 | Baidu Jan 2015 TLSv1.0 CAMELLIA256-SHA |
---|
156 | BingPreview Jan 2015 TLSv1.2 AES256-GCM-SHA384 |
---|
157 | Chrome 48 OS X TLSv1.2 AES128-GCM-SHA256 |
---|
158 | Chrome 51 Win 7 TLSv1.2 AES128-GCM-SHA256 |
---|
159 | Edge 13 Win 10 TLSv1.2 AES256-GCM-SHA384 |
---|
160 | Edge 13 Win Phone 10 TLSv1.2 AES256-GCM-SHA384 |
---|
161 | Firefox 45 Win 7 TLSv1.2 AES128-SHA |
---|
162 | Firefox 49 Win 7 TLSv1.2 AES128-SHA |
---|
163 | Firefox 49 XP SP3 TLSv1.2 AES128-SHA |
---|
164 | Googlebot Feb 2015 TLSv1.2 AES128-GCM-SHA256 |
---|
165 | IE 11 Win 10 TLSv1.2 AES256-GCM-SHA384 |
---|
166 | IE 11 Win 7 TLSv1.2 AES256-GCM-SHA384 |
---|
167 | IE 11 Win 8.1 TLSv1.2 AES256-GCM-SHA384 |
---|
168 | IE 11 Win Phone 8.1 TLSv1.2 AES128-SHA256 |
---|
169 | IE 11 Win Phone 8.1 Update TLSv1.2 AES256-GCM-SHA384 |
---|
170 | IE 6 XP No connection |
---|
171 | IE 7 Vista TLSv1.0 AES128-SHA |
---|
172 | IE 8 Win 7 TLSv1.0 AES128-SHA |
---|
173 | IE 8 XP TLSv1.0 RC4-MD5 |
---|
174 | Java 6u45 TLSv1.0 RC4-MD5 |
---|
175 | Java 7u25 TLSv1.0 AES128-SHA |
---|
176 | Java 8b132 TLSv1.2 AES128-SHA256 |
---|
177 | OpenSSL 1.0.1l TLSv1.2 AES256-GCM-SHA384 |
---|
178 | OpenSSL 1.0.2e TLSv1.2 AES256-GCM-SHA384 |
---|
179 | Opera 17 Win 7 TLSv1.2 AES256-SHA |
---|
180 | Safari 5.1.9 OS X 10.6.8 TLSv1.0 AES128-SHA |
---|
181 | Safari 6.0.4 OS X 10.8.4 TLSv1.0 AES128-SHA |
---|
182 | Safari 7 OS X 10.9 TLSv1.2 AES256-SHA256 |
---|
183 | Safari 8 OS X 10.10 TLSv1.2 AES256-SHA256 |
---|
184 | Safari 9 iOS 9 TLSv1.2 AES256-GCM-SHA384 |
---|
185 | Safari 9 OS X 10.11 TLSv1.2 AES256-GCM-SHA384 |
---|
186 | Safari 10 OS X 10.12 TLSv1.2 AES256-GCM-SHA384 |
---|
187 | Apple ATS 9 iOS 9 No connection |
---|
188 | Tor 17.0.9 Win 7 TLSv1.0 CAMELLIA256-SHA |
---|
189 | Yahoo Slurp Jan 2015 TLSv1.2 AES256-GCM-SHA384 |
---|
190 | YandexBot Jan 2015 TLSv1.2 AES256-GCM-SHA384 |
---|
191 | |
---|
192 | <span style="color:gray;background-color:black;"> Done 2017-06-23 07:34:23 -->> <snip> <<--</span> |
---|
193 | |
---|
194 | |
---|
195 | </pre> |
---|
196 | </body> |
---|
197 | </html> |
---|