SSL/TLS Server Test of grupoconsultorefe.com

Similar documents
SSL/TLS Server Test of

SSL/TLS Security Assessment of e-vo.ru

SSL Report: ( )

High-Tech Bridge s Free SSL Server Test API Developer Documentation Version v1.2 24th of January 2018

SSL Report: printware.co.uk ( )

SSL Report: bourdiol.xyz ( )

SSL Report: sharplesgroup.com ( )

SSL Report: cartridgeworld.co.uk ( )

Findings for

TLS1.2 IS DEAD BE READY FOR TLS1.3

Scan Report Executive Summary

Requirements from the. Functional Package for Transport Layer Security (TLS)

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

SSL Server Rating Guide

Scan Report Executive Summary

TLS 1.1 Security fixes and TLS extensions RFC4346

But where'd that extra "s" come from, and what does it mean?

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Bugzilla ID: Bugzilla Summary:

SSL/TLS: Still Alive? Pascal Junod // HEIG-VD

Version: $Revision: 1142 $

32c3. December 28, Nick goto fail;

Ecosystem at Large

IBM Education Assistance for z/os V2R1

SSL Visibility and Troubleshooting

CIS 5373 Systems Security

Micro Focus VisiBroker 8.5 SP4 for Visual Studio Release Notes

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger

Micro Focus VisiBroker 8.5 SP4. VisiBroker for zlinux Release Notes

Coming of Age: A Longitudinal Study of TLS Deployment

Legacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT

TLS Security and Future

No Need for Black Chambers

feature HTTPS Posture Assessment Ideal Configuration

PROVING WHO YOU ARE TLS & THE PKI

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com

State of TLS usage current and future. Dave Thompson

Defeating All Man-in-the-Middle Attacks

Xerox Product Security

Preventing POODLE Attacks on ecopy ShareScan

Comodo Certificate Manager Software Version 5.0

BIG-IP System: SSL Administration. Version

Encryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Scan Report Executive Summary

BIG-IP System: SSL Administration. Version

13/11/2014. Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n. Pa rt 1 A b o u t S S L C e r t f i c a t e s. W h a t i s S S L / T L S

CS 161 Computer Security

The State of TLS in httpd 2.4. William A. Rowe Jr.

Information Security CS 526

SSL GOOD PRACTICE GUIDE

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

IHE Change Proposal. Tracking information: Change Proposal Status: Date of last update: Sep 13, 2018 Charles Parisot, Vassil Peytchev, John Moehrke

TLS 1.2 Protocol Execution Transcript

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

Verify certificate chain with OpenSSL

Usage of SP800-56A in Industry Standard Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols

PDxxxxx {P/N} {Doc Description} PRELIMINARY PDS-104_SECURED_WEB_BROWSING_UG. PDS-104G - Secured web browsing certificate management.

Datapath. Encryption

High -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018

Internet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)

Install the ExtraHop session key forwarder on a Windows server

VisiBroker for Visual Studio 2013

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND

Cyber Security Advisory

Security Improvements on Cast Iron

DANE, why we need it. Daniel Stirnimann Bern, 29. March SWITCH 1

SSL/TLS Deployment Best Practices

Datapath. Encryption

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Your Apps and Evolving Network Security Standards

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

Securing Communications with your Apache HTTP Server. Lars Eilebrecht

Secure Socket Layer Health Assessment

Scan Report Executive Summary

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Attacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016

CSE484 Final Study Guide

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Comodo Certificate Manager Software Version 5.6

A Federal Agency Guide to Complying with Binding Operational Directive (BOD) 18-01

What is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services

Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.

Moving your website to HTTPS - HSTS, TLS, HPKP, CSP and friends

E-commerce security: SSL/TLS, SET and others. 4.1

Transport Level Security

The Security Impact of HTTPS Interception

Can HTTP Strict Transport Security Meaningfully Help Secure the Web? nicolle neulist June 2, 2012 Security B-Sides Detroit

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

How to Configure SSL Interception in the Firewall

Installation and usage of SSL certificates: Your guide to getting it right

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

TLS/sRTP Voice Recording AddPac Technology

One Year of SSL Internet Measurement ACSAC 2012

HTTPS is Fast and Hassle-free with Cloudflare

CSE 565 Computer Security Fall 2018

Exposing The Misuse of The Foundation of Online Security

A Technology Brief on SSL/TLS Traffic

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

Transcription:

SSL/TLS Server Test of grupoconsultorefe.com Test SSL/TLS implementation of any service on any port for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. GRUPOCONSULTOREFE.COM FINAL GRADE October 24th 2017 22:45 CEST 162.255.117.58:443 COMPLIANCE WITH 1

SSL Certificate Overview RSA CERTIFICATE INFORMATION Issuer Trusted Common Name Key Type/Size Subject Alternative Names Transparency Validation Level CRL OCSP OCSP Must-Staple Supports OCSP Stapling Valid From Valid To COMODO RSA Domain Validation Secure Server CA Yes grupoconsultorefe.com RSA 2048 bits sha256withrsaencryption DNS:grupoconsultorefe.com, DNS:crispenvironments.com, DNS:esperanzacontigo.org, DNS:www.crispenvironments.com, DNS:www.esperanzacontigo.org, DNS:www.grupoconsultorefe.com No DV http://crl.comodoca.com/comodorsadomainvalidationsecureserverca.crl http://ocsp.comodoca.com No Yes August 23rd 2017, 02:00 CEST February 22nd 2018, 00:59 CET CERTIFICATE CHAIN grupoconsultorefe.com Server certificate Key Type/Size SHA256 PIN Expires in RSA 2048 bits sha256withrsaencryption f56d3023af93798cc013e7d0e434d28a3d31ec336c366b993d5fef38cabbe4fa mlvk2v2bbpry+3ufpuaahlvqhyaonfoz3jmkjiltja4= 120 days COMODO RSA Domain Validation Secure Server CA Intermediate CA Key Type/Size SHA256 PIN Expires in RSA 2048 bits sha384withrsaencryption 39df71b20e752359b043877384440f181016fcba83909d1f0480b6b13d1238b7 klo23nt2ehfdxcfx3ehtdresmz3asj1muo+4aidjiuy= 4,128 days COMODO RSA Certification Authority Intermediate CA Key Type/Size SHA256 PIN Expires in RSA 4096 bits sha384withrsaencryption cf1895b94a858aeb07eeb4dfb6da49d97983f5c6e84d0dbab4c3adcdb4c29929 grx4ta9hpzx6tshkmcrvpaptqgo67cydnvprlg5yrme= 949 days AddTrust External CA Root Self-signed Root CA 2

Key Type/Size SHA256 PIN Expires in RSA 2048 bits sha1withrsaencryption df63f84c2b3463781bf13c7deafb11c68393f493a67035dc87693cedf11a9247 lcppfqbkrlj3ecvfakeip0+44vaojuymbnoaeuk7teu= 949 days CERTIFICATE CHAIN CONTINUED grupoconsultorefe.com Server certificate Key Type/Size SHA256 PIN Expires in RSA 2048 bits sha256withrsaencryption f56d3023af93798cc013e7d0e434d28a3d31ec336c366b993d5fef38cabbe4fa mlvk2v2bbpry+3ufpuaahlvqhyaonfoz3jmkjiltja4= 120 days COMODO RSA Domain Validation Secure Server CA Intermediate CA Key Type/Size SHA256 PIN Expires in RSA 2048 bits sha384withrsaencryption 39df71b20e752359b043877384440f181016fcba83909d1f0480b6b13d1238b7 klo23nt2ehfdxcfx3ehtdresmz3asj1muo+4aidjiuy= 4,128 days COMODO RSA Certification Authority Self-signed Root CA Key Type/Size SHA256 PIN Expires in RSA 4096 bits sha384withrsaencryption fa45b88ceead60037909aa6cc10667de2d45de5c39f90f51b4f1d9748602b1b2 grx4ta9hpzx6tshkmcrvpaptqgo67cydnvprlg5yrme= 7,391 days 3

Test For Compliance With PCI DSS Requirements Reference: PCI DSS 3.1 - Requirements 2.3 and 4.1 CERTIFICATES ARE TRUSTED All the certificates provided by the server are trusted. SUPPORTED CIPHERS List of all cipher suites supported by the server: TLSV1.2 256 256 256 256 256 256 256 256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 256 384 384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLSV1.1 TLSV1.0 SUPPORTED PROTOCOLS List of all SSL/TLS protocols supported by the server: TLSv1.0 TLSv1.0 TLSv1.1 TLSv1.1 TLSv1.2 Deprecated. Dropped in June 2018 5

TLSv1.2 DIFFIE-HELLMAN PARAMETER SIZE Diffie-Hellman parameter size: 2048 bits SUPPORTED ELLIPTIC CURVES List of all elliptic curves supported by the server: secp256k1 (256 bits) secp256k1 (256 bits) P-384 (secp384r1) (384 bits) P-384 (secp384r1) (384 bits) P-521 (secp521r1) (521 bits) P-521 (secp521r1) (521 bits) P-256 (prime256v1) (256 bits) P-256 (prime256v1) (256 bits) K-283 (sect283k1) (281 bits) K-283 (sect283k1) (281 bits) B-283 (sect283r1) (282 bits) B-283 (sect283r1) (282 bits) K-409 (sect409k1) (407 bits) K-409 (sect409k1) (407 bits) B-409 (sect409r1) (409 bits) B-409 (sect409r1) (409 bits) K-571 (sect571k1) (570 bits) K-571 (sect571k1) (570 bits) B-571 (sect571r1) (570 bits) B-571 (sect571r1) (570 bits) brainpoolp256r1 (256 bits) brainpoolp256r1 (256 bits) brainpoolp384r1 (384 bits) brainpoolp384r1 (384 bits) brainpoolp512r1 (512 bits) brainpoolp512r1 (512 bits) POODLE OVER TLS The server is not vulnerable to POODLE over TLS. Not vulnerable CVE-2016-2107 The server is not vulnerable to OpenSSL padding-oracle flaw (CVE-2016-2107). Not vulnerable SERVER DOES NOT SUPPORT CLIENT-INITIATED INSECURE RENEGOTIATION The server does not support client-initiated insecure renegotiation. HEARTBLEED The server version of OpenSSL is not vulnerable to Heartbleed attack. Not vulnerable CVE-2014-0224 The server is not vulnerable to CVE-2014-0224 (OpenSSL CCS flaw). Not vulnerable 6

7

Test For Compliance With HIPAA Reference: HIPAA of 1996, Guidance Specifying the Technologies and Methodologies that Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals. X509 CERTIFICATES ARE IN VERSION 3 All the X509 certificates provided by the server are in version 3. SERVER SUPPORTS OCSP STAPLING The server supports OCSP stapling, which allows better verification of the certificate validation status. SUPPORTED PROTOCOLS List of all SSL/TLS protocols supported by the server: TLSv1.0 TLSv1.0 TLSv1.1 TLSv1.1 TLSv1.2 TLSv1.2 SUPPORTED CIPHERS List of all cipher suites supported by the server: TLSV1.2 256 256 256 256 256 256 256 8

256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 256 384 384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLSV1.1 TLSV1.0 9

DIFFIE-HELLMAN PARAMETER SIZE Diffie-Hellman parameter size: 2048 bits SUPPORTED ELLIPTIC CURVES List of all elliptic curves supported by the server: secp256k1 (256 bits) secp256k1 (256 bits) P-384 (secp384r1) (384 bits) P-384 (secp384r1) (384 bits) P-521 (secp521r1) (521 bits) P-521 (secp521r1) (521 bits) P-256 (prime256v1) (256 bits) P-256 (prime256v1) (256 bits) K-283 (sect283k1) (281 bits) K-283 (sect283k1) (281 bits) B-283 (sect283r1) (282 bits) B-283 (sect283r1) (282 bits) K-409 (sect409k1) (407 bits) K-409 (sect409k1) (407 bits) B-409 (sect409r1) (409 bits) B-409 (sect409r1) (409 bits) K-571 (sect571k1) (570 bits) K-571 (sect571k1) (570 bits) B-571 (sect571r1) (570 bits) B-571 (sect571r1) (570 bits) brainpoolp256r1 (256 bits) brainpoolp256r1 (256 bits) brainpoolp384r1 (384 bits) brainpoolp384r1 (384 bits) brainpoolp512r1 (512 bits) brainpoolp512r1 (512 bits) TLSV1.1 SUPPORTED The server supports TLSv1.1 which is mandatory to comply with HIPAA guidance. TLSV1.2 SUPPORTED The server supports TLSv1.2 which is the only SSL/TLS protocol that currently has no known flaws or exploitable weaknesses. EC_POINT_FORMAT EXTENSION The server supports the EC_POINT_FORMAT TLS extension. 10

11

Test For Compliance With NIST Guidelines Reference: NIST Special Publication 800-52 Revision 1 - Section 3 X509 CERTIFICATES ARE IN VERSION 3 All the X509 certificates provided by the server are in version 3. SERVER SUPPORTS OCSP STAPLING The server supports OCSP stapling, which allows better verification of the certificate validation status. SUPPORTED CIPHERS List of all cipher suites supported by the server: TLSV1.2 256 256 256 256 256 256 256 256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 256 12

384 384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLSV1.1 TLSV1.0 SUPPORTED PROTOCOLS List of all SSL/TLS protocols supported by the server: TLSv1.0 13

TLSv1.0 TLSv1.1 TLSv1.1 TLSv1.2 TLSv1.2 DIFFIE-HELLMAN PARAMETER SIZE Diffie-Hellman parameter size: 2048 bits SUPPORTED ELLIPTIC CURVES List of all elliptic curves supported by the server: secp256k1 (256 bits) secp256k1 (256 bits) P-384 (secp384r1) (384 bits) P-384 (secp384r1) (384 bits) P-521 (secp521r1) (521 bits) P-521 (secp521r1) (521 bits) P-256 (prime256v1) (256 bits) P-256 (prime256v1) (256 bits) K-283 (sect283k1) (281 bits) K-283 (sect283k1) (281 bits) B-283 (sect283r1) (282 bits) B-283 (sect283r1) (282 bits) K-409 (sect409k1) (407 bits) K-409 (sect409k1) (407 bits) B-409 (sect409r1) (409 bits) B-409 (sect409r1) (409 bits) K-571 (sect571k1) (570 bits) K-571 (sect571k1) (570 bits) B-571 (sect571r1) (570 bits) B-571 (sect571r1) (570 bits) brainpoolp256r1 (256 bits) brainpoolp256r1 (256 bits) brainpoolp384r1 (384 bits) brainpoolp384r1 (384 bits) brainpoolp512r1 (512 bits) brainpoolp512r1 (512 bits) TLSV1.1 SUPPORTED The server supports TLSv1.1 which is mandatory to comply with NIST guidelines. TLSV1.2 SUPPORTED The server supports TLSv1.2 which is the only SSL/TLS protocol that currently has no known flaws or exploitable weaknesses. EC_POINT_FORMAT EXTENSION The server supports the EC_POINT_FORMAT TLS extension. 14

Test For Industry Best-Practices DNSCAA This domain does not have a Certification Authority Authorization (CAA) record. Information CERTIFICATES DO NOT PROVIDE EV The RSA certificate provided is NOT an Extended Validation (EV) certificate. Information SERVER DOES NOT HAVE CIPHER PREFERENCE The server does not prefer cipher suites. We advise to enable this feature in order to enforce usage of the best cipher suites selected. Misconfiguration or weakness HTTP SITE DOES NOT REDIRECT The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection. Misconfiguration or weakness SERVER DOES NOT PROVIDE HSTS The server does not enforce HTTP Strict Transport Security. We advise to enable it to enforce the user to browse the website in HTTPS. Misconfiguration or weakness SERVER DOES NOT PROVIDE HPKP The server does not enforce HTTP Public Key Pinning that helps preventing man-in-the-middle attacks. Information TLS_FALLBACK_SCSV The server supports TLS_FALLBACK_SCSV extension for protocol downgrade attack prevention. SERVER DOES NOT SUPPORT CLIENT-INITIATED SECURE RENEGOTIATION The server does not support client-initiated secure renegotiation. SERVER-INITIATED SECURE RENEGOTIATION The server supports secure server-initiated renegotiation. SERVER DOES NOT SUPPORT TLS COMPRESSION TLS compression is not supported by the server. 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback