Context Navigation

Back to Ticket #3065

Ticket #3065: testssl-result.xhtml

File testssl-result.xhtml, 13.4 KB (added by Jay-C, 7 years ago)
Test results from testssl.sh. Redacted for privacy.

Line
1	<?xml version="1.0" encoding="UTF-8" ?>
2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><!-- This file was created with the aha Ansi HTML Adapter. http://ziz.delphigl.com/tool_aha.php -->
3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>
5	<meta http-equiv="content-type" content="application/xhtml+xml; charset=UTF-8" />
6	<title>stdin</title>
7	</head>
8	<body>
9	<pre><span style="font-weight:bold;">
10	###########################################################
11	testssl.sh 2.8 from https://testssl.sh/
12	(</span><span style="color:black;font-weight:bold;">1.582 2017/05/10 19:04:47</span><span
13	style="font-weight:bold;">)
14
15	This program is free software. Distribution and
16	modification under GPLv2 permitted.
17	USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
18
19	Please file bugs @ https://testssl.sh/bugs/
20
21	###########################################################</span>
22
23	Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
24	on <snip>:<snip>testssl.sh/bin/openssl.Linux.x86_64
25	(built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
26
27
28	<span style="color:gray;background-color:black;"> Start 2017-06-23 07:33:40 -->> <snip> <<--</span>
29
30	rDNS (<snip>): --
31	Service detected: HTTP
32
33
34	<span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing protocols </span><span
35	style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;">(via sockets except TLS 1.2, SPDY+HTTP2) </span>
36
37	<span style="font-weight:bold;"> SSLv2 </span><span style="color:green;font-weight:bold;">not offered (OK)</span>
38	<span style="font-weight:bold;"> SSLv3 </span><span style="color:green;font-weight:bold;">not offered (OK)</span>
39	<span style="font-weight:bold;"> TLS 1 </span>offered
40	<span style="font-weight:bold;"> TLS 1.1 </span>offered
41	<span style="font-weight:bold;"> TLS 1.2 </span><span style="color:green;font-weight:bold;">offered (OK)</span>
42	<span style="font-weight:bold;"> Version tolerance </span><span style="color:green;font-weight:bold;">downgraded to TLSv1.2 (OK)</span>
43	<span style="font-weight:bold;"> SPDY/NPN </span>not offered
44	<span style="font-weight:bold;"> HTTP2/ALPN </span>not offered
45
46	<span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing ~standard cipher lists </span>
47
48	<span style="font-weight:bold;"> Null Ciphers </span><span style="color:green;font-weight:bold;">not offered (OK)</span>
49	<span style="font-weight:bold;"> Anonymous NULL Ciphers </span><span style="color:green;font-weight:bold;">not offered (OK)</span>
50	<span style="font-weight:bold;"> Anonymous DH Ciphers </span><span style="color:green;font-weight:bold;">not offered (OK)</span>
51	<span style="font-weight:bold;"> 40 Bit encryption </span><span style="color:green;font-weight:bold;">not offered (OK)</span>
52	<span style="font-weight:bold;"> 56 Bit export ciphers </span><span style="color:green;font-weight:bold;">not offered (OK)</span>
53	<span style="font-weight:bold;"> Export Ciphers (general) </span><span style="color:green;font-weight:bold;">not offered (OK)</span>
54	<span style="font-weight:bold;"> Low (<=64 Bit) </span><span style="color:red;font-weight:bold;">offered (NOT ok)</span>
55	<span style="font-weight:bold;"> DES Ciphers </span><span style="color:red;font-weight:bold;">offered (NOT ok)</span>
56	<span style="font-weight:bold;"> "Medium" grade encryption </span><span style="color:red;">offered (NOT ok)</span>
57	<span style="font-weight:bold;"> Triple DES Ciphers </span><span style="color:olive;">offered</span>
58	<span style="font-weight:bold;"> High grade encryption </span><span style="color:green;font-weight:bold;">offered (OK)</span>
59
60
61	<span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 </span>
62
63	<span style="color:olive;"> No ciphers supporting Forward Secrecy offered</span>
64
65
66	<span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing server preferences </span>
67
68	<span style="font-weight:bold;"> Has server cipher order? </span><span style="color:red;">nope (NOT ok)</span>
69	<span style="font-weight:bold;"> Negotiated protocol </span><span style="color:green;font-weight:bold;">TLSv1.2</span>
70	<span style="font-weight:bold;"> Negotiated cipher </span><span style="color:green;font-weight:bold;">AES256-GCM-SHA384</span> (limited sense as client will pick)
71	<span style="font-weight:bold;"> Negotiated cipher per proto</span> (limited sense as client will pick)
72	AES256-SHA: TLSv1, TLSv1.1
73	AES256-GCM-SHA384: TLSv1.2
74	No further cipher order check has been done as order is determined by the client
75
76
77	<span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing HTTP header response @ "/" </span>
78
79	<span style="font-weight:bold;"> HTTP Status Code </span> 200 OK
80	<span style="font-weight:bold;"> HTTP clock skew </span>0 sec from localtime
81	<span style="font-weight:bold;"> Strict Transport Security </span>--
82	<span style="font-weight:bold;"> Public Key Pinning </span>--
83	<span style="font-weight:bold;"> Server banner </span>TwistedWeb/<span
84	style="color:olive;">1</span><span style="color:olive;">3</span>.<span style="color:olive;">2</span>.<span
85	style="color:olive;">0</span>
86	<span style="font-weight:bold;"> Application banner </span>--
87	<span style="font-weight:bold;"> Cookie(s) </span>(none issued at "/")
88	<span style="font-weight:bold;"> Security headers </span><span style="color:olive;">--</span>
89	<span style="font-weight:bold;"> Reverse Proxy banner </span>--
90
91
92	<span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing vulnerabilities </span>
93
94	<span style="font-weight:bold;"> Heartbleed</span> (CVE-2014-0160) <span
95	style="color:green;font-weight:bold;">not vulnerable (OK)</span>, timed out
96	<span style="font-weight:bold;"> CCS</span> (CVE-2014-0224) <span
97	style="color:green;font-weight:bold;">not vulnerable (OK)</span>
98	<span style="font-weight:bold;"> Secure Renegotiation </span>(CVE-2009-3555) <span
99	style="color:green;font-weight:bold;">not vulnerable (OK)</span>
100	<span style="font-weight:bold;"> Secure Client-Initiated Renegotiation </span><span
101	style="color:red;">VULNERABLE (NOT ok)</span>, DoS threat
102	<span style="font-weight:bold;"> CRIME, TLS </span>(CVE-2012-4929) <span
103	style="color:green;">not vulnerable (OK)</span>
104	<span style="font-weight:bold;"> BREACH</span> (CVE-2013-3587) <span
105	style="color:green;font-weight:bold;">no HTTP compression (OK) </span> - only supplied "/" tested
106	<span style="font-weight:bold;"> POODLE, SSL</span> (CVE-2014-3566) <span
107	style="color:green;font-weight:bold;">not vulnerable (OK)</span>
108	<span style="font-weight:bold;"> TLS_FALLBACK_SCSV</span> (RFC 7507), <span
109	style="color:green;">Downgrade attack prevention supported (OK)</span>
110	<span style="font-weight:bold;"> FREAK</span> (CVE-2015-0204) <span
111	style="color:green;font-weight:bold;">not vulnerable (OK)</span>
112	<span style="font-weight:bold;"> DROWN</span> (2016-0800, CVE-2016-0703) <span
113	style="color:green;font-weight:bold;">not vulnerable on this port (OK)</span>
114	make sure you don't use this certificate elsewhere with SSLv2 enabled services
115	<span style="font-weight:bold;"> LOGJAM</span> (CVE-2015-4000), experimental <span
116	style="color:green;font-weight:bold;">not vulnerable (OK)</span>, common primes not checked. See below for any DH ciphers + bit size
117	<span style="font-weight:bold;"> BEAST</span> (CVE-2011-3389) TLS1:<span
118	style="color:olive;font-weight:bold;"> DES-CBC-SHA DES-CBC3-SHA
119	AES128-SHA AES256-SHA CAMELLIA128-SHA
120	CAMELLIA256-SHA SEED-SHA</span>
121	<span style="color:olive;font-weight:bold;">VULNERABLE</span> -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
122	<span style="font-weight:bold;"> RC4</span> (CVE-2013-2566, CVE-2015-2808) <span
123	style="color:red;">VULNERABLE (NOT ok): </span><span style="color:red;">RC4-SHA </span><span
124	style="color:red;">RC4-MD5 </span>
125
126
127	<span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Testing all 183 locally available ciphers against the server, ordered by encryption strength </span>
128
129	Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
130	---------------------------------------------------------------------------------------------------------------------------
131	x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
132	x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
133	x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
134	x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
135	x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
136	x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
137	x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
138	x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA
139	x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
140	x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA
141	x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5
142	x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
143	x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA
144
145
146	<span style="font-weight:bold;"></span><span style="text-decoration:underline;font-weight:bold;"> Running browser simulations via sockets (experimental) </span>
147
148	Android 2.3.7 TLSv1.0 RC4-MD5
149	Android 4.1.1 TLSv1.0 AES256-SHA
150	Android 4.2.2 TLSv1.0 AES256-SHA
151	Android 4.4.2 TLSv1.2 AES256-GCM-SHA384
152	Android 5.0.0 TLSv1.2 AES256-SHA
153	Android 6.0 TLSv1.2 AES128-GCM-SHA256
154	Android 7.0 TLSv1.2 AES128-GCM-SHA256
155	Baidu Jan 2015 TLSv1.0 CAMELLIA256-SHA
156	BingPreview Jan 2015 TLSv1.2 AES256-GCM-SHA384
157	Chrome 48 OS X TLSv1.2 AES128-GCM-SHA256
158	Chrome 51 Win 7 TLSv1.2 AES128-GCM-SHA256
159	Edge 13 Win 10 TLSv1.2 AES256-GCM-SHA384
160	Edge 13 Win Phone 10 TLSv1.2 AES256-GCM-SHA384
161	Firefox 45 Win 7 TLSv1.2 AES128-SHA
162	Firefox 49 Win 7 TLSv1.2 AES128-SHA
163	Firefox 49 XP SP3 TLSv1.2 AES128-SHA
164	Googlebot Feb 2015 TLSv1.2 AES128-GCM-SHA256
165	IE 11 Win 10 TLSv1.2 AES256-GCM-SHA384
166	IE 11 Win 7 TLSv1.2 AES256-GCM-SHA384
167	IE 11 Win 8.1 TLSv1.2 AES256-GCM-SHA384
168	IE 11 Win Phone 8.1 TLSv1.2 AES128-SHA256
169	IE 11 Win Phone 8.1 Update TLSv1.2 AES256-GCM-SHA384
170	IE 6 XP No connection
171	IE 7 Vista TLSv1.0 AES128-SHA
172	IE 8 Win 7 TLSv1.0 AES128-SHA
173	IE 8 XP TLSv1.0 RC4-MD5
174	Java 6u45 TLSv1.0 RC4-MD5
175	Java 7u25 TLSv1.0 AES128-SHA
176	Java 8b132 TLSv1.2 AES128-SHA256
177	OpenSSL 1.0.1l TLSv1.2 AES256-GCM-SHA384
178	OpenSSL 1.0.2e TLSv1.2 AES256-GCM-SHA384
179	Opera 17 Win 7 TLSv1.2 AES256-SHA
180	Safari 5.1.9 OS X 10.6.8 TLSv1.0 AES128-SHA
181	Safari 6.0.4 OS X 10.8.4 TLSv1.0 AES128-SHA
182	Safari 7 OS X 10.9 TLSv1.2 AES256-SHA256
183	Safari 8 OS X 10.10 TLSv1.2 AES256-SHA256
184	Safari 9 iOS 9 TLSv1.2 AES256-GCM-SHA384
185	Safari 9 OS X 10.11 TLSv1.2 AES256-GCM-SHA384
186	Safari 10 OS X 10.12 TLSv1.2 AES256-GCM-SHA384
187	Apple ATS 9 iOS 9 No connection
188	Tor 17.0.9 Win 7 TLSv1.0 CAMELLIA256-SHA
189	Yahoo Slurp Jan 2015 TLSv1.2 AES256-GCM-SHA384
190	YandexBot Jan 2015 TLSv1.2 AES256-GCM-SHA384
191
192	<span style="color:gray;background-color:black;"> Done 2017-06-23 07:34:23 -->> <snip> <<--</span>
193
194
195	</pre>
196	</body>
197	</html>

Download in other formats:

Original Format