########################################################### testssl.sh 2.8 from https://testssl.sh/ (1.582 2017/05/10 19:04:47) This program is free software. Distribution and modification under GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Please file bugs @ https://testssl.sh/bugs/ ########################################################### Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers] on <snip>:<snip>testssl.sh/bin/openssl.Linux.x86_64 (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64") Start 2017-06-23 07:33:40 -->> <snip> <<-- rDNS (<snip>): -- Service detected: HTTP Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2) SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered TLS 1.1 offered TLS 1.2 offered (OK) Version tolerance downgraded to TLSv1.2 (OK) SPDY/NPN not offered HTTP2/ALPN not offered Testing ~standard cipher lists Null Ciphers not offered (OK) Anonymous NULL Ciphers not offered (OK) Anonymous DH Ciphers not offered (OK) 40 Bit encryption not offered (OK) 56 Bit export ciphers not offered (OK) Export Ciphers (general) not offered (OK) Low (<=64 Bit) offered (NOT ok) DES Ciphers offered (NOT ok) "Medium" grade encryption offered (NOT ok) Triple DES Ciphers offered High grade encryption offered (OK) Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 No ciphers supporting Forward Secrecy offered Testing server preferences Has server cipher order? nope (NOT ok) Negotiated protocol TLSv1.2 Negotiated cipher AES256-GCM-SHA384 (limited sense as client will pick) Negotiated cipher per proto (limited sense as client will pick) AES256-SHA: TLSv1, TLSv1.1 AES256-GCM-SHA384: TLSv1.2 No further cipher order check has been done as order is determined by the client Testing HTTP header response @ "/" HTTP Status Code 200 OK HTTP clock skew 0 sec from localtime Strict Transport Security -- Public Key Pinning -- Server banner TwistedWeb/13.2.0 Application banner -- Cookie(s) (none issued at "/") Security headers -- Reverse Proxy banner -- Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK), timed out CCS (CVE-2014-0224) not vulnerable (OK) Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507), Downgrade attack prevention supported (OK) FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (2016-0800, CVE-2016-0703) not vulnerable on this port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services LOGJAM (CVE-2015-4000), experimental not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size BEAST (CVE-2011-3389) TLS1: DES-CBC-SHA DES-CBC3-SHA AES128-SHA AES256-SHA CAMELLIA128-SHA CAMELLIA256-SHA SEED-SHA VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 RC4 (CVE-2013-2566, CVE-2015-2808) VULNERABLE (NOT ok): RC4-SHA RC4-MD5 Testing all 183 locally available ciphers against the server, ordered by encryption strength Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC) --------------------------------------------------------------------------------------------------------------------------- x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5 x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA Running browser simulations via sockets (experimental) Android 2.3.7 TLSv1.0 RC4-MD5 Android 4.1.1 TLSv1.0 AES256-SHA Android 4.2.2 TLSv1.0 AES256-SHA Android 4.4.2 TLSv1.2 AES256-GCM-SHA384 Android 5.0.0 TLSv1.2 AES256-SHA Android 6.0 TLSv1.2 AES128-GCM-SHA256 Android 7.0 TLSv1.2 AES128-GCM-SHA256 Baidu Jan 2015 TLSv1.0 CAMELLIA256-SHA BingPreview Jan 2015 TLSv1.2 AES256-GCM-SHA384 Chrome 48 OS X TLSv1.2 AES128-GCM-SHA256 Chrome 51 Win 7 TLSv1.2 AES128-GCM-SHA256 Edge 13 Win 10 TLSv1.2 AES256-GCM-SHA384 Edge 13 Win Phone 10 TLSv1.2 AES256-GCM-SHA384 Firefox 45 Win 7 TLSv1.2 AES128-SHA Firefox 49 Win 7 TLSv1.2 AES128-SHA Firefox 49 XP SP3 TLSv1.2 AES128-SHA Googlebot Feb 2015 TLSv1.2 AES128-GCM-SHA256 IE 11 Win 10 TLSv1.2 AES256-GCM-SHA384 IE 11 Win 7 TLSv1.2 AES256-GCM-SHA384 IE 11 Win 8.1 TLSv1.2 AES256-GCM-SHA384 IE 11 Win Phone 8.1 TLSv1.2 AES128-SHA256 IE 11 Win Phone 8.1 Update TLSv1.2 AES256-GCM-SHA384 IE 6 XP No connection IE 7 Vista TLSv1.0 AES128-SHA IE 8 Win 7 TLSv1.0 AES128-SHA IE 8 XP TLSv1.0 RC4-MD5 Java 6u45 TLSv1.0 RC4-MD5 Java 7u25 TLSv1.0 AES128-SHA Java 8b132 TLSv1.2 AES128-SHA256 OpenSSL 1.0.1l TLSv1.2 AES256-GCM-SHA384 OpenSSL 1.0.2e TLSv1.2 AES256-GCM-SHA384 Opera 17 Win 7 TLSv1.2 AES256-SHA Safari 5.1.9 OS X 10.6.8 TLSv1.0 AES128-SHA Safari 6.0.4 OS X 10.8.4 TLSv1.0 AES128-SHA Safari 7 OS X 10.9 TLSv1.2 AES256-SHA256 Safari 8 OS X 10.10 TLSv1.2 AES256-SHA256 Safari 9 iOS 9 TLSv1.2 AES256-GCM-SHA384 Safari 9 OS X 10.11 TLSv1.2 AES256-GCM-SHA384 Safari 10 OS X 10.12 TLSv1.2 AES256-GCM-SHA384 Apple ATS 9 iOS 9 No connection Tor 17.0.9 Win 7 TLSv1.0 CAMELLIA256-SHA Yahoo Slurp Jan 2015 TLSv1.2 AES256-GCM-SHA384 YandexBot Jan 2015 TLSv1.2 AES256-GCM-SHA384 Done 2017-06-23 07:34:23 -->> <snip> <<--