-
-
Save jpluimers/3a3c675b9bea5854114a to your computer and use it in GitHub Desktop.
testssl store.embarcadero.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
########################################################### | |
testssl.sh 2.7dev from https://testssl.sh/dev/ | |
(4eacc75 2015-10-11 10:03:19 -- 1.401) | |
This program is free software. Distribution and | |
modification under GPLv2 permitted. | |
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! | |
Please file bugs @ https://testssl.sh/bugs/ | |
########################################################### | |
Using "OpenSSL 1.0.2-chacha (1.0.2e-dev)" [~181 ciphers] on | |
retinambpro1tb.fritz.box:./bin/openssl.Darwin.x86_64 | |
(built: "Aug 27 20:29:14 2015", platform: "darwin64-x86_64-cc") | |
Testing now (2015-10-11 11:37) ---> 89.1.11.134:443 (store.embarcadero.com) <--- | |
rDNS (89.1.11.134): -- | |
Service detected: HTTP | |
--> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN) | |
SSLv2 not offered (OK) | |
SSLv3 not offered (OK) | |
TLS 1 offered | |
TLS 1.1 offered | |
TLS 1.2 offered (OK) | |
SPDY/NPN not offered | |
--> Testing ~standard cipher lists | |
Null Ciphers not offered (OK) | |
Anonymous NULL Ciphers not offered (OK) | |
Anonymous DH Ciphers not offered (OK) | |
40 Bit encryption not offered (OK) | |
56 Bit encryption not offered (OK) | |
Export Ciphers (general) not offered (OK) | |
Low (<=64 Bit) not offered (OK) | |
DES Ciphers not offered (OK) | |
Medium grade encryption offered (NOT ok) | |
Triple DES Ciphers offered (NOT ok) | |
High grade encryption offered (OK) | |
--> Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here | |
PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA ECDHE-RSA-AES128-SHA | |
--> Testing server preferences | |
Has server cipher order? yes (OK) | |
Negotiated protocol TLSv1.2 | |
Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH | |
Cipher order | |
TLSv1: ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA SEED-SHA CAMELLIA128-SHA IDEA-CBC-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA | |
TLSv1.1: ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA SEED-SHA CAMELLIA128-SHA IDEA-CBC-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA | |
TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA SEED-SHA CAMELLIA128-SHA IDEA-CBC-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA | |
--> Testing server defaults (Server Hello) | |
TLS server extensions server name, renegotiation info, EC point formats, session ticket, heartbeat | |
Session Tickets RFC 5077 300 seconds | |
Server key size 2048 bit | |
Signature Algorithm SHA256 with RSA | |
Fingerprint / Serial SHA1 CE044AD662AF73BE5A7CC0DDB2CEE5371568CED9 / 038398BF35BD254FB9316A67FC3D51F5 | |
SHA256 CF15316E5C2AFBE3C4B8407C6F3621D4BB806F99B980600E5A3A085D9EC2E83A | |
Common Name (CN) store.embarcadero.com (works w/o SNI) | |
subjectAltName (SAN) store.embarcadero.com | |
Issuer Symantec Class 3 Secure Server CA - G4 (Symantec Corporation from US) | |
EV cert (experimental) no | |
Certificate Expiration >= 60 days (2014-12-03 01:00 --> 2018-01-06 00:59 +0100) | |
# of certificates provided 2 | |
Chain of trust (experim.) NOT ok: mozilla: (chain incomplete) | |
OK: microsoft linux java | |
Certificate Revocation List http://ss.symcb.com/ss.crl | |
OCSP URI http://ss.symcd.com | |
OCSP stapling not offered | |
TLS timestamp random values, no fingerprinting possible | |
--> Testing HTTP header response @ "/" | |
HTTP Status Code 302 Found, redirecting to "https://store.embarcadero.com/542/purl-buynow" | |
HTTP clock skew -1 sec from localtime | |
Strict Transport Security -- | |
Public Key Pinning -- | |
Server banner Apache | |
Application banner -- | |
Cookie(s) (none issued at "/") | |
Security headers -- | |
Reverse Proxy banner -- | |
--> Testing vulnerabilities | |
Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out) | |
CCS (CVE-2014-0224) not vulnerable (OK) | |
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) | |
Secure Client-Initiated Renegotiation not vulnerable (OK) | |
CRIME, TLS (CVE-2012-4929) not vulnerable (OK) | |
BREACH (CVE-2013-3587) NOT ok: uses gzip HTTP compression (only supplied "/" tested) | |
POODLE, SSL (CVE-2014-3566) not vulnerable (OK) | |
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK) | |
FREAK (CVE-2015-0204) not vulnerable (OK) | |
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size | |
BEAST (CVE-2011-3389) TLS1: IDEA-CBC-SHA DES-CBC3-SHA | |
EDH-RSA-DES-CBC3-SHA AES128-SHA DHE-RSA-AES128-SHA | |
AES256-SHA DHE-RSA-AES256-SHA CAMELLIA128-SHA | |
DHE-RSA-CAMELLIA128-SHA CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA SEED-SHA DHE-RSA-SEED-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA | |
VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 | |
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) | |
--> Testing all locally available 181 ciphers against the server, ordered by encryption strength | |
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC) | |
----------------------------------------------------------------------------------------------------------------------- | |
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | |
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | |
x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | |
x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | |
x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA | |
x88 DHE-RSA-CAMELLIA256-SHA DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | |
x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384 | |
x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256 | |
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA | |
x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | |
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | |
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | |
x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | |
x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
x9a DHE-RSA-SEED-SHA DH 2048 SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA | |
x45 DHE-RSA-CAMELLIA128-SHA DH 2048 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | |
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256 | |
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 | |
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA | |
x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA | |
x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | |
x07 IDEA-CBC-SHA RSA IDEA 128 TLS_RSA_WITH_IDEA_CBC_SHA | |
xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | |
x16 EDH-RSA-DES-CBC3-SHA DH 2048 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | |
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
Done now (2015-10-11 11:37) ---> 89.1.11.134:443 (store.embarcadero.com) <--- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment