SSL Report: sharplesgroup.com ( )

Similar documents
SSL Report: printware.co.uk ( )

SSL Report: cartridgeworld.co.uk ( )

SSL Report: bourdiol.xyz ( )

SSL Report: ( )

SSL/TLS Security Assessment of e-vo.ru

SSL/TLS Server Test of

SSL/TLS Server Test of grupoconsultorefe.com

Install the ExtraHop session key forwarder on a Windows server

TLS1.2 IS DEAD BE READY FOR TLS1.3

SSL Server Rating Guide

Findings for

How to Configure SSL Interception in the Firewall

State of TLS usage current and future. Dave Thompson

High-Tech Bridge s Free SSL Server Test API Developer Documentation Version v1.2 24th of January 2018

SSL Visibility and Troubleshooting

Requirements from the. Functional Package for Transport Layer Security (TLS)

Coming of Age: A Longitudinal Study of TLS Deployment

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

But where'd that extra "s" come from, and what does it mean?

Internet SSL Survey 2010

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

Your Apps and Evolving Network Security Standards

The State of TLS in httpd 2.4. William A. Rowe Jr.

SSL/TLS Deployment Best Practices

HTTPS is Fast and Hassle-free with Cloudflare

Securing Communications with your Apache HTTP Server. Lars Eilebrecht

Legacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT

TLS Security and Future

TLS 1.2 Protocol Execution Transcript

Defeating All Man-in-the-Middle Attacks

feature HTTPS Posture Assessment Ideal Configuration

TLS 1.1 Security fixes and TLS extensions RFC4346

How to Configure SSL Interception in the Firewall

PROVING WHO YOU ARE TLS & THE PKI

SSL Accelerated Services. Feature Description

Security Protocols and Infrastructures

SSL247 SHA-2 MIGRATION

Information Security CS 526

Configuring SSL. SSL Overview CHAPTER

Datapath. Encryption

Secure Socket Layer Health Assessment

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Scan Report Executive Summary

IBM Education Assistance for z/os V2R1

SSL247 SHA-2 MIGRATION

32c3. December 28, Nick goto fail;

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger

Configuring SSL. SSL Overview CHAPTER

Datapath. Encryption

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Create Decryption Policies to Control HTTPS Traffic

CIS 5373 Systems Security

Overview of TLS v1.3 What s new, what s removed and what s changed?

Practical Issues with TLS Client Certificate Authentication

Overview of TLS v1.3. What s new, what s removed and what s changed?

MTAT Applied Cryptography

The Security Impact of HTTPS Interception

Configuring SSL CHAPTER

Progressively Securing RIOT-OS!

VisiBroker for Visual Studio 2013

Scan Report Executive Summary

Barracuda Firewall Release Notes 6.6.X

ATS Test Documentation

Security Protocols and Infrastructures. Winter Term 2010/2011

13/11/2014. Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n. Pa rt 1 A b o u t S S L C e r t f i c a t e s. W h a t i s S S L / T L S

BIG-IP System: SSL Administration. Version

Verifying Real-World Security Protocols from finding attacks to proving security theorems

One Year of SSL Internet Measurement ACSAC 2012

SECRETS OF THE ENCRYPTED INTERNET: WORLDWIDE CRYPTOGRAPHIC TRENDS

Ecosystem at Large

Comodo Certificate Manager Software Version 5.0

Internet security and privacy

Transport Level Security

Orbix Release Notes

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

Secure Internet Communication

Configuring and Using SSL

Overview. SSL Cryptography Overview CHAPTER 1

BIG-IP System: SSL Administration. Version

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Security Protocols and Infrastructures. Winter Term 2015/2016

Managing SSL/TLS Traffic Flows

Comodo Certificate Manager Software Version 5.6

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Encrypted Phone Configuration File Setup

High -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018

SSL/TLS Vulnerability Detection Using Black Box Approach

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Exinda How To Guide: SSL Acceleration. Exinda ExOS Version Exinda Networks, Inc.

Verify certificate chain with OpenSSL

Configuring Secure Socket Layer HTTP

BG96 SSL AT Commands Manual

TLS Decryption on Cisco Security Devices

Release Notes Version 7.8

Installation and usage of SSL certificates: Your guide to getting it right

IBM i Version 7.2. Security Secure Sockets Layer IBM

Nubo Software Thin Client Common Criteria Addendum. Document Version: 1.2. Copyright 2018 by Nubo Inc. All rights reserved

McAfee Network Security Platform 9.1

Secure Web Appliance. SSL Intercept

Transcription:

1 of 5 26/06/2015 14:28 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > sharplesgroup.com SSL Report: sharplesgroup.com (176.58.116.26) Assessed on: Fri, 26 Jun 2015 13:00:39 UTC HIDDEN Clear cache Scan Another» Summary Overall Rating Certificate 0 Protocol Support 95 Key Exchange 90 Cipher Strength 90 If certificate name mismatch is ignored: B 0 20 40 60 80 100 Visit our documentation page for more information, configuration guides, and books. Known issues are documented here. This server's certificate is not trusted, see below for details. Intermediate certificate has a weak signature. Upgrade to SHA2 as soon as possible to avoid browser warnings. MORE INFO» This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO» This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. Authentication Server Key and Certificate #1 Common names Alternative names Valid from *.wpengine.com MISMATCH *.wpengine.com wpengine.com Mon, 03 v 201401:44:06 UTC Sat, 19 May 201822:01:42 UTC (expires in 2 years and 10 months) Weak key (Debian) Extended Validation Certificate Transparency Revocation information Revocation status Trusted SHA256withRSA CRL, OCSP Good (not revoked) NOT TRUSTED (Why?) Additional Certificates (if supplied) Certificates provided Chain issues 3 (3166 bytes) ne #2 Subject

2 of 5 26/06/2015 14:28 Additional Certificates (if supplied) Fri, 20 May 2022 21:39:32 UTC (expires in 6 years and 10 months) SHA256withRSA #3 Subject Fingerprint: 7359755c6df9a0abc3060bce369564c8ec4542a3 Tue, 21 Aug 2018 04:00:00 UTC (expires in 3 years and 1 month) Equifax / Equifax Secure Certificate Authority SHA1withRSA WEAK Certification Paths Path #1: Trusted 1 Sent by server 2 Sent by server 3 In trust store *.wpengine.com Fingerprint: e8aa9732a208af327c97f9c241735fe067816603 Self-signed Fingerprint: de28f4a4ffe5b92fa3c503d1a349a7f9962a8212 RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate Path #2: Trusted 1 Sent by server 2 Sent by server 3 Sent by server 4 In trust store *.wpengine.com Fingerprint: e8aa9732a208af327c97f9c241735fe067816603 Fingerprint: 7359755c6df9a0abc3060bce369564c8ec4542a3 RSA 2048 bits (e 65537) / SHA1withRSA WEAK SIGNATURE Equifax / Equifax Secure Certificate Authority Self-signed Fingerprint: d23209ad23d314232174e40d7f9d62139786633a RSA 1024 bits (e 65537) / SHA1withRSA WEAK KEY IN MOZILLA'S TRUST STORE MORE INFO» Weak or insecure signature, but no impact on root certificate Configuration Protocols TLS 1.2 TLS 1.1 TLS 1.0 SSL 3 SSL 2 Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256

3 of 5 26/06/2015 14:28 Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK 128 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128 Handshake Simulation Android 2.3.7 SNI 2 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) FS 128 Android 4.0.4 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Android 4.1.1 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Android 4.2.2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Android 4.3 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Android 4.4.2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Android 5.0.0 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Baidu Jan 2015 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 BingPreview Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Chrome 42 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 31.3.0 ESR / Win 7 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 37 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Googlebot Feb 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 IE 6 / XP FS 1 SNI 2 Protocol or cipher suite mismatch Fail 3 IE 7 / Vista TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 IE 8 / XP FS 1 SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5) FS RC4 128 IE 8-10 / Win 7 R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 IE 11 / Win 7 R TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) FS 128 IE 11 / Win 8.1 R TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) FS 128 IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) FS 128 Java 6u45 SNI 2 Client does not support DH parameters > 1024 bits Fail 3 Java 7u25 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Java 8u31 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) FS 128 OpenSSL 1.0.1l R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128

4 of 5 26/06/2015 14:28 Handshake Simulation OpenSSL 1.0.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Safari 6 / ios 6.0.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 Safari 6.0.4 / OS X 10.8.4 R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Safari 7 / ios 7.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 Safari 7 / OS X 10.9 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 Safari 8 / ios 8.1.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 Safari 8 / OS X 10.10 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 Yahoo Slurp Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 YandexBot Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). Protocol Details Secure Renegotiation Secure Client-Initiated Renegotiation Supported Insecure Client-Initiated Renegotiation BEAST attack POODLE (SSLv3) POODLE (TLS) Downgrade attack prevention TLS compression RC4 Heartbeat (extension) Heartbleed (vulnerability) OpenSSL CCS vuln. (CVE-2014-0224) Forward Secrecy Next Protocol Negotiation (NPN) Session resumption (caching) Session resumption (tickets) OCSP stapling Strict Transport Security (HSTS) Public Key Pinning (HPKP) Long handshake intolerance TLS extension intolerance TLS version intolerance t mitigated server-side (more info) TLS 1.0: 0xc013, SSL 3 not supported (more info) (more info), TLS_FALLBACK_SCSV supported (more info) WEAK (more info) (more info) (more info) (with most browsers) ROBUST (more info) (IDs assigned but not accepted) Incorrect SNI alerts - Uses common DH prime SSL 2 handshake compatibility Miscellaneous Test date Test duration Fri, 26 Jun 2015 12:58:16 UTC 142.301 seconds HTTP status code 301 HTTP forwarding HTTP server signature Server hostname http://www.sharplesgroup.com nginx li503-26.members.linode.com

5 of 5 26/06/2015 14:28 Why is my certificate not trusted? There are many reasons why a certificate may not be trusted. The exact problem is indicated on the report card in bright red. The problems fall into three categories: 1. Invalid certificate 2. Invalid configuration 3. Unknown Certificate Authority 1. Invalid certificate A certificate is invalid if: It is used before its activation date It is used after its expiry date Certificate hostnames don't match the site hostname It has been revoked 2. Invalid configuration In some cases, the certificate chain does not contain all the necessary certificates to connect the web server certificate to one of the root certificates in our trust store. Less commonly, one of the certificates in the chain (other than the web server certificate) will have expired, and that invalidates the entire chain. 3. Unknown Certificate Authority In order for trust to be established, we must have the root certificate of the signing Certificate Authority in our trust store. SSL Labs does not maintain its own trust store; instead we use the store maintained by Mozilla. If we mark a web site as not trusted, that means that the average web user's browser will not trust it either. For certain special groups of users, such web sites can still be secure. For example, if you can securely verify that a self-signed web site is operated by a person you trust, then you can trust that self-signed web site too. Or, if you work for an organisation that manages its own trust, and you have their own root certificate already embedded in your browser. Such special cases do not work for the general public, however, and this is what we indicate on our report card. 4. Interoperability issues In some rare cases trust cannot be established because of interoperability issues between our code and the code or configuration running on the server. We manually review such cases, but if you encounter such an issue please feel free to contact us. Such problems are very difficult to troubleshoot and you may be able to provide us with information that might help us determine the root cause. SSL Report v1.18.1 Copyright 2009-2015 Qualys, Inc. All Rights Reserved. Terms and Conditions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback