SSL Report: bourdiol.xyz ( )

Similar documents
SSL Report: printware.co.uk ( )

SSL Report: cartridgeworld.co.uk ( )

SSL Report: ( )

SSL Report: sharplesgroup.com ( )

SSL/TLS Security Assessment of e-vo.ru

SSL/TLS Server Test of

SSL/TLS Server Test of grupoconsultorefe.com

Install the ExtraHop session key forwarder on a Windows server

TLS1.2 IS DEAD BE READY FOR TLS1.3

Findings for

Coming of Age: A Longitudinal Study of TLS Deployment

SSL Visibility and Troubleshooting

State of TLS usage current and future. Dave Thompson

High-Tech Bridge s Free SSL Server Test API Developer Documentation Version v1.2 24th of January 2018

The State of TLS in httpd 2.4. William A. Rowe Jr.

Securing Communications with your Apache HTTP Server. Lars Eilebrecht

SSL/TLS Deployment Best Practices

SSL Server Rating Guide

But where'd that extra "s" come from, and what does it mean?

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Defeating All Man-in-the-Middle Attacks

TLS Security and Future

TLS 1.1 Security fixes and TLS extensions RFC4346

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

HTTPS is Fast and Hassle-free with Cloudflare

Scan Report Executive Summary

PROVING WHO YOU ARE TLS & THE PKI

Your Apps and Evolving Network Security Standards

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

TLS 1.2 Protocol Execution Transcript

How to Configure SSL Interception in the Firewall

CIS 5373 Systems Security

Legacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT

32c3. December 28, Nick goto fail;

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Secure Socket Layer Health Assessment

Internet SSL Survey 2010

Scan Report Executive Summary

Information Security CS 526

SSL Accelerated Services. Feature Description

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Overview of TLS v1.3. What s new, what s removed and what s changed?

Overview of TLS v1.3 What s new, what s removed and what s changed?

Internet security and privacy

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger

Requirements from the. Functional Package for Transport Layer Security (TLS)

BIG-IP System: SSL Administration. Version

Configuring SSL. SSL Overview CHAPTER

Datapath. Encryption

Configuring SSL. SSL Overview CHAPTER

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

BIG-IP System: SSL Administration. Version

Datapath. Encryption

ATS Test Documentation

Configuring SSL CHAPTER

Verifying Real-World Security Protocols from finding attacks to proving security theorems

Practical Issues with TLS Client Certificate Authentication

The Security Impact of HTTPS Interception

feature HTTPS Posture Assessment Ideal Configuration

One Year of SSL Internet Measurement ACSAC 2012

Progressively Securing RIOT-OS!

MTAT Applied Cryptography

Comodo Certificate Manager Software Version 5.0

TLS Decryption on Cisco Security Devices

Overview. SSL Cryptography Overview CHAPTER 1

Verify certificate chain with OpenSSL

13/11/2014. Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n. Pa rt 1 A b o u t S S L C e r t f i c a t e s. W h a t i s S S L / T L S

Key Management and Distribution

How to Configure SSL Interception in the Firewall

Ecosystem at Large

SSL247 SHA-2 MIGRATION

SECRETS OF THE ENCRYPTED INTERNET: WORLDWIDE CRYPTOGRAPHIC TRENDS

Transport Level Security

Comodo Certificate Manager Software Version 5.6

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

The Security Impact of HTTPS Interception

Operational User Guidance and Preparative

SSL/TLS FOR MORTALS.

Displaying SSL Configuration Information and Statistics

Scan Report Executive Summary

IBM Education Assistance for z/os V2R1

SSL247 SHA-2 MIGRATION

SSL/TLS Vulnerability Detection Using Black Box Approach

CVE / "POODLE"

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Data Security and Privacy. Topic 14: Authentication and Key Establishment

SECURE YOUR INTEGRATIONS. Maarten Smeets

Security Protocols and Infrastructures

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Exinda How To Guide: SSL Acceleration. Exinda ExOS Version Exinda Networks, Inc.

Norbert Muehr (Siemens PLM GTAC EMEA)

Moving your website to HTTPS - HSTS, TLS, HPKP, CSP and friends

Lab 7: Tunnelling and Web Security

ON THE SECURITY OF TLS RENEGOTIATION

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

CitiDirect BE Portal Security, technical requirements and configuration

Transcription:

Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > bourdiol.xyz > 217.70.180.152 SSL Report: bourdiol.xyz (217.70.180.152) Assessed on: Sun Apr 19 12:22:55 PDT 2015 HIDDEN Clear cache Scan Another» Summary Overall Rating Certificate 100 A Protocol Support 95 Key Exchange 90 Cipher Strength 90 0 20 40 60 80 100 Visit our documentation page for more information, configuration guides, and books. Known issues are documented here. This site works only in browsers with SNI support. This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. Authentication Server Key and Certificate #1 Common names Alternative names Prefix handling bourdiol.xyz Both (with and without WWW) Valid from Sat Apr 18 17:00:00 PDT 2015 Tue Apr 19 16:59:59 PDT 2016 (expires in 1 year) Key RSA 2048 bits (e 65537) Weak key (Debian) Issuer Extended Validation Revocation information Revocation status Trusted SHA256withRSA CRL, OCSP Good (not revoked) Additional Certificates (if supplied) Certificates provided Chain issues 3 (4196 bytes) ne 1 sur 5 19/04/2015 21:35

Additional Certificates (if supplied) #2 Subject Wed Sep 11 16:59:59 PDT 2024 (expires in 9 years and 4 months) Key RSA 2048 bits (e 65537) Issuer SHA384withRSA #3 Subject Fingerprint: eab040689a0d805b5d6fd654fc168cff00b78be3 Sat May 30 03:48:38 PDT 2020 (expires in 5 years and 1 month) Key RSA 4096 bits (e 65537) Issuer AddTrust External CA Root SHA384withRSA Certification Paths Path #1: Trusted 1 Sent by server 2 Sent by server 3 In trust store Fingerprint: 201a7ea6a4794330abae487accddaddbe5670a20 RSA 2048 bits (e 65537) / SHA256withRSA RSA 2048 bits (e 65537) / SHA384withRSA Self-signed Fingerprint: 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e RSA 4096 bits (e 65537) / SHA384withRSA Path #2: Trusted 1 Sent by server 2 Sent by server 3 Sent by server 4 In trust store Fingerprint: 201a7ea6a4794330abae487accddaddbe5670a20 RSA 2048 bits (e 65537) / SHA256withRSA RSA 2048 bits (e 65537) / SHA384withRSA Fingerprint: eab040689a0d805b5d6fd654fc168cff00b78be3 RSA 4096 bits (e 65537) / SHA384withRSA AddTrust External CA Root Self-signed Fingerprint: 02faf3e291435468607857694df5e45b68851868 RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate Configuration Protocols TLS 1.2 TLS 1.1 TLS 1.0 2 sur 5 19/04/2015 21:35

Protocols SSL 3 SSL 2 Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH 256 bits (eq. 3072 bits RSA) FS 112 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 112 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 Handshake Simulation Android 2.3.7 SNI 2 Protocol or cipher suite mismatch Fail 3 Android 4.0.4 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.1.1 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.2.2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.3 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.4.2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 Android 5.0.0 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Baidu Jan 2015 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 BingPreview Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 Chrome 40 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 31.3.0 ESR / Win 7 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 35 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Googlebot Feb 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 IE 6 / XP FS 1 SNI 2 Protocol or cipher suite mismatch Fail 3 IE 7 / Vista TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 IE 8 / XP FS 1 SNI 2 Protocol or cipher suite mismatch Fail 3 IE 8-10 / Win 7 R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 IE 11 / Win 7 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 IE 11 / Win 8.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 Java 6u45 SNI 2 Protocol or cipher suite mismatch Fail 3 Java 7u25 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Java 8u31 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256 OpenSSL 1.0.1l R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 OpenSSL 1.0.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 3 sur 5 19/04/2015 21:35

Handshake Simulation Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Safari 6 / ios 6.0.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 6.0.4 / OS X 10.8.4 R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Safari 7 / ios 7.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 7 / OS X 10.9 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 8 / ios 8.1.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 8 / OS X 10.10 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Yahoo Slurp Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 YandexBot Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). Protocol Details Secure Renegotiation Secure Client-Initiated Renegotiation Insecure Client-Initiated Renegotiation BEAST attack POODLE (SSLv3) POODLE (TLS) Downgrade attack prevention TLS compression RC4 Heartbeat (extension) Heartbleed (vulnerability) OpenSSL CCS vuln. (CVE-2014-0224) Forward Secrecy Next Protocol Negotiation (NPN) Session resumption (caching) Session resumption (tickets) OCSP stapling Strict Transport Security (HSTS) Public Key Pinning (HPKP) Long handshake intolerance TLS extension intolerance Supported t mitigated server-side (more info) TLS 1.0: 0xc014, SSL 3 not supported (more info) (more info), TLS_FALLBACK_SCSV supported (more info) (more info) (more info) (with most browsers) ROBUST (more info) TLS version intolerance TLS 2.98 SSL 2 handshake compatibility Miscellaneous Test date Sun Apr 19 12:21:02 PDT 2015 Test duration 113.33 seconds HTTP status code 200 HTTP server signature Server hostname Apache/2.4.12 gpaas12.dc0.gandi.net 4 sur 5 19/04/2015 21:35

SSL Report v1.15.1 Copyright 2009-2015 Qualys, Inc. All Rights Reserved. Terms and Conditions 5 sur 5 19/04/2015 21:35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback