Documente Academic
Documente Profesional
Documente Cultură
The server supports cipher suites that are not approved by PCI DSS requirements,
Non-compliant with NIST, HIPAA and PCI DSS
NIST guidelines and HIPAA guidance.
1
SSL Certificate Overview
RSA CERTIFICATE INFORMATION
Trusted Yes
Validation Level DV
CRL http://gp.symcb.com/gp.crl
OCSP http://gp.symcd.com
OCSP Must-Staple No
CERTIFICATE CHAIN
SHA256 cf88e4dfae11af2bd6c23515f598de31e040aeb8a35d7ab0183dca6ceafda456
PIN weohlzZzl9WRqLuG3FW+LzkYnolgAh+UEzq9quVEiKw=
RapidSSL SHA256 CA Intermediate CA
SHA256 0c427bb269700930378fdff9222a8084e44be120208a9d1c85da1818c55ccc4f
PIN Slt48iBVTjuRQJTjbzopminRrHSGtndY0/sj0lFf9Qk=
GeoTrust Global CA Self-signed Root CA
SHA256 ad8255ac5a2894e7bbf034870d25d635418e8c74f7b936ae1ea29055dc81e2e9
PIN h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU=
2
3
Test For Compliance With PCI DSS Requirements
Reference: PCI DSS 3.1 - Requirements 2.3 and 4.1
All the certificates provided by the server are trusted. Good configuration
SUPPORTED CIPHERS
TLSV1.2
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Good configuration
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Good configuration
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Good configuration
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with PCI DSS requirements
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Good configuration
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
4
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Good configuration
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256 Good configuration
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLSV1.1
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Good configuration
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Good configuration
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Good configuration
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with PCI DSS requirements
5
TLSV1.0
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Good configuration
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Good configuration
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Good configuration
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with PCI DSS requirements
SUPPORTED PROTOCOLS
TLSv1.0
TLSv1.0 Deprecated. Dropped in June 2018
TLSv1.1
TLSv1.1 Good configuration
TLSv1.2
TLSv1.2 Good configuration
6
P-256 (prime256v1) (256 bits)
P-256 (prime256v1) (256 bits) Good configuration
CVE-2016-2107
The server is not vulnerable to OpenSSL padding-oracle flaw (CVE-2016-2107). Not vulnerable
The server does not support client-initiated insecure renegotiation. Good configuration
HEARTBLEED
The server version of OpenSSL is not vulnerable to Heartbleed attack. Not vulnerable
CVE-2014-0224
The server is not vulnerable to CVE-2014-0224 (OpenSSL CCS flaw). Not vulnerable
7
Test For Compliance With HIPAA
Reference: HIPAA of 1996, Guidance Specifying the Technologies and Methodologies that Render Protected Health Information Unusable, Unreadable, or Indecipherable to
Unauthorized Individuals.
All the X509 certificates provided by the server are in version 3. Good configuration
The server does not support OCSP stapling for its RSA certificate. Its support allows better Non-compliant with HIPAA guidance
verification of the certificate validation status.
SUPPORTED PROTOCOLS
TLSv1.0
TLSv1.0 Good configuration
TLSv1.1
TLSv1.1 Good configuration
TLSv1.2
TLSv1.2 Good configuration
SUPPORTED CIPHERS
TLSV1.2
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with HIPAA guidance
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
8
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with HIPAA guidance
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Good configuration
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Good configuration
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256 Good configuration
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLSV1.1
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with HIPAA guidance
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
9
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with HIPAA guidance
TLSV1.0
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with HIPAA guidance
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Non-compliant with HIPAA guidance
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with HIPAA guidance
10
DIFFIE-HELLMAN PARAMETER SIZE
TLSV1.1 SUPPORTED
The server supports TLSv1.1 which is mandatory to comply with HIPAA guidance. Good configuration
TLSV1.2 SUPPORTED
The server supports TLSv1.2 which is the only SSL/TLS protocol that currently has no known flaws or Good configuration
exploitable weaknesses.
EC_POINT_FORMAT EXTENSION
11
Test For Compliance With NIST Guidelines
Reference: NIST Special Publication 800-52 Revision 1 - Section 3
All the X509 certificates provided by the server are in version 3. Good configuration
The server does not support OCSP stapling for its RSA certificate. Its support allows better Non-compliant with NIST guidelines
verification of the certificate validation status.
SUPPORTED CIPHERS
TLSV1.2
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with NIST guidelines
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with NIST guidelines
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with NIST guidelines
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
12
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Good configuration
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Good configuration
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384 Good configuration
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256 Good configuration
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256 Good configuration
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256 Good configuration
TLSV1.1
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with NIST guidelines
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with NIST guidelines
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Non-compliant with NIST guidelines
13
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with NIST guidelines
TLSV1.0
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA Good configuration
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Non-compliant with NIST guidelines
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with NIST guidelines
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA Good configuration
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA Non-compliant with NIST guidelines
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_IDEA_CBC_SHA Non-compliant with NIST guidelines
SUPPORTED PROTOCOLS
TLSv1.0
TLSv1.0 Good configuration
TLSv1.1
TLSv1.1 Good configuration
TLSv1.2
TLSv1.2 Good configuration
14
Diffie-Hellman parameter size: 2048 bits Good configuration
TLSV1.1 SUPPORTED
The server supports TLSv1.1 which is mandatory to comply with NIST guidelines. Good configuration
TLSV1.2 SUPPORTED
The server supports TLSv1.2 which is the only SSL/TLS protocol that currently has no known flaws or Good configuration
exploitable weaknesses.
EC_POINT_FORMAT EXTENSION
15
Test For Industry Best-Practices
DNSCAA
This domain does not have a Certification Authority Authorization (CAA) record. Information
The RSA certificate provided is NOT an Extended Validation (EV) certificate. Information
TLSv1.0 TLS_RSA_WITH_AES_128_CBC_SHA
TLSv1.0 TLS_RSA_WITH_AES_128_CBC_SHA Misconfiguration or weakness
TLSv1.1 TLS_RSA_WITH_AES_128_CBC_SHA
TLSv1.1 TLS_RSA_WITH_AES_128_CBC_SHA Misconfiguration or weakness
TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA
TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA Misconfiguration or weakness
The server does not prefer cipher suites providing strong Perfect Forward Secrecy (PFS). We advise Misconfiguration or weakness
to configure your server to prefer cipher suites with ECDHE or DHE key exchange.
ALWAYS-ON SSL
The HTTP version of the website redirects to the HTTPS version. Good configuration
The server provides HTTP Strict Transport Security for more than 6 months: 31536000 seconds Good configuration
The server does not enforce HTTP Public Key Pinning that helps preventing man-in-the-middle Information
attacks.
TLS_FALLBACK_SCSV
The server supports TLS_FALLBACK_SCSV extension for protocol downgrade attack prevention. Good configuration
The server does not support client-initiated secure renegotiation. Good configuration
16
17