Created
March 27, 2017 11:45
-
-
Save captn3m0/023b56db7663ad15de3613612dc58e11 to your computer and use it in GitHub Desktop.
SBI SSL test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
No mapping file found | |
########################################################### | |
testssl.sh 2.8pre1 from https://testssl.sh/ | |
(114495b 2017-02-20 12:57:00 -- 1.573) | |
This program is free software. Distribution and | |
modification under GPLv2 permitted. | |
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! | |
Please file bugs @ https://testssl.sh/bugs/ | |
########################################################### | |
Using "OpenSSL 1.0.2k 26 Jan 2017" [~125 ciphers] | |
on me:/usr/bin/openssl | |
(built: "reproducible build, date unspecified", platform: "linux-x86_64") | |
Start 2017-03-27 17:12:05 -->> 14.140.253.100:443 (acs.onlinesbi.com) <<-- | |
further IP addresses: 2405:a700:c:100::26 | |
rDNS (14.140.253.100): 14.140.253.100.static-Mumbai-vsnl.net.in. | |
Service detected: HTTP | |
Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2) | |
SSLv2 not offered (OK) | |
SSLv3 not offered (OK) | |
TLS 1 offered | |
TLS 1.1 offered | |
TLS 1.2 offered (OK) | |
Version tolerance downgraded to TLSv1.2 (OK) | |
SPDY/NPN not offered | |
HTTP2/ALPN not offered | |
Testing ~standard cipher lists | |
Null Ciphers not offered (OK) | |
Anonymous NULL Ciphers not offered (OK) | |
Anonymous DH Ciphers not offered (OK) | |
40 Bit encryption Local problem: No 40 Bit encryption configured in /usr/bin/openssl | |
56 Bit export ciphers Local problem: No 56 Bit export ciphers configured in /usr/bin/openssl | |
Export Ciphers (general) Local problem: No Export Ciphers (general) configured in /usr/bin/openssl | |
Low (<=64 Bit) Local problem: No Low (<=64 Bit) configured in /usr/bin/openssl | |
DES Ciphers Local problem: No DES Ciphers configured in /usr/bin/openssl | |
"Medium" grade encryption not offered (OK) | |
Triple DES Ciphers offered | |
High grade encryption not offered | |
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 | |
No ciphers supporting Forward Secrecy offered | |
Testing server preferences | |
Has server cipher order? yes (OK) | |
Negotiated protocol TLSv1.2 | |
Negotiated cipher DES-CBC3-SHA | |
Cipher order | |
SSLv2: Local problem: /usr/bin/openssl doesn't support "s_client -ssl2" | |
SSLv3: Local problem: /usr/bin/openssl doesn't support "s_client -ssl3" | |
TLSv1: DES-CBC3-SHA | |
TLSv1.1: DES-CBC3-SHA | |
TLSv1.2: DES-CBC3-SHA | |
Testing server defaults (Server Hello) | |
TLS extensions (standard) "renegotiation info/#65281" | |
Session Tickets RFC 5077 (none) | |
SSL Session ID support yes | |
TLS clock skew -470 sec from localtime | |
Signature Algorithm SHA256 with RSA | |
Server key size RSA 2048 bits | |
Fingerprint / Serial SHA1 B495A1D883AD83E370A5CF1685D4EAF5B077BC46 / 3D845DB4F48E33DC442BC604E0D65B0B | |
SHA256 D192D84F4D651D655984C319F517E34B9186841120A8A0A0060DA98FEAB3B5C9 | |
Common Name (CN) "acs.onlinesbi.com" | |
subjectAltName (SAN) "acs.onlinesbi.com" | |
Issuer "Symantec Class 3 EV SSL CA - G3" ("Symantec Corporation" from "US") | |
Trust (hostname) Ok via SAN and CN (works w/o SNI) | |
Chain of trust "/home/nemo/projects/scripts/etc/*.pem" cannot be found / not readable | |
EV cert (experimental) yes | |
Certificate Expiration 562 >= 60 days (2016-09-17 05:30 --> 2018-10-11 05:29 +0530) | |
# of certificates provided 3 | |
Certificate Revocation List http://sr.symcb.com/sr.crl | |
OCSP URI http://sr.symcd.com | |
OCSP stapling -- | |
Testing HTTP header response @ "/" | |
HTTP Status Code 404 Not Found (Hint: supply a path which doesn't give a "404 Not Found") | |
HTTP clock skew -470 sec from localtime | |
Strict Transport Security -- | |
Public Key Pinning -- | |
Server banner SBI | |
Application banner -- | |
Cookie(s) (none issued at "/") -- HTTP status 404 signals you maybe missed the web application | |
Security headers -- | |
Reverse Proxy banner -- | |
Testing vulnerabilities | |
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension | |
CCS (CVE-2014-0224) not vulnerable (OK) | |
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) | |
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat | |
CRIME, TLS (CVE-2012-4929) Local problem: /usr/bin/openssl lacks zlib support | |
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested | |
POODLE, SSL (CVE-2014-3566) Local problem: /usr/bin/openssl doesn't support "s_client -ssl3" | |
TLS_FALLBACK_SCSV (RFC 7507), Downgrade attack prevention NOT supported | |
FREAK (CVE-2015-0204) Local problem: /usr/bin/openssl doesn't have any EXPORT RSA ciphers configured | |
DROWN (2016-0800, CVE-2016-0703) not vulnerable on this port (OK) | |
make sure you don't use this certificate elsewhere with SSLv2 enabled services | |
https://censys.io/ipv4?q=D192D84F4D651D655984C319F517E34B9186841120A8A0A0060DA98FEAB3B5C9 could help you to find out | |
LOGJAM (CVE-2015-4000), experimental Local problem: /usr/bin/openssl doesn't have any DHE EXPORT ciphers configured | |
BEAST (CVE-2011-3389) Local problem: /usr/bin/openssl doesn't support "s_client -ssl3" | |
TLS1: DES-CBC3-SHA | |
VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 | |
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) | |
Testing all 125 locally available ciphers against the server, ordered by encryption strength | |
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits | |
------------------------------------------------------------------------ | |
x0a DES-CBC3-SHA RSA 3DES 168 | |
Running browser simulations via sockets (experimental) | |
Android 2.3.7 TLSv1.0 DES-CBC3-SHA | |
Android 4.1.1 TLSv1.0 DES-CBC3-SHA | |
Android 4.2.2 TLSv1.0 DES-CBC3-SHA | |
Android 4.4.2 TLSv1.2 DES-CBC3-SHA | |
Android 5.0.0 TLSv1.2 DES-CBC3-SHA | |
Android 6.0 TLSv1.2 DES-CBC3-SHA | |
Android 7.0 TLSv1.2 DES-CBC3-SHA | |
Baidu Jan 2015 TLSv1.0 DES-CBC3-SHA | |
BingPreview Jan 2015 TLSv1.2 DES-CBC3-SHA | |
Chrome 48 OS X TLSv1.2 DES-CBC3-SHA | |
Chrome 51 Win 7 TLSv1.2 DES-CBC3-SHA | |
Edge 13 Win 10 TLSv1.2 DES-CBC3-SHA | |
Edge 13 Win Phone 10 TLSv1.2 DES-CBC3-SHA | |
Firefox 45 Win 7 TLSv1.2 DES-CBC3-SHA | |
Firefox 49 Win 7 TLSv1.2 DES-CBC3-SHA | |
Firefox 49 XP SP3 TLSv1.2 DES-CBC3-SHA | |
Googlebot Feb 2015 TLSv1.2 DES-CBC3-SHA | |
IE 11 Win 10 TLSv1.2 DES-CBC3-SHA | |
IE 11 Win 7 TLSv1.2 DES-CBC3-SHA | |
IE 11 Win 8.1 TLSv1.2 DES-CBC3-SHA | |
IE 11 Win Phone 8.1 TLSv1.2 DES-CBC3-SHA | |
IE 11 Win Phone 8.1 Update TLSv1.2 DES-CBC3-SHA | |
IE 6 XP No connection | |
IE 7 Vista TLSv1.0 DES-CBC3-SHA | |
IE 8 Win 7 TLSv1.0 DES-CBC3-SHA | |
IE 8 XP TLSv1.0 DES-CBC3-SHA | |
Java 6u45 No connection | |
Java 7u25 TLSv1.0 DES-CBC3-SHA | |
Java 8b132 TLSv1.2 DES-CBC3-SHA | |
OpenSSL 1.0.1l TLSv1.2 DES-CBC3-SHA | |
OpenSSL 1.0.2e TLSv1.2 DES-CBC3-SHA | |
Opera 17 Win 7 TLSv1.2 DES-CBC3-SHA | |
Safari 5.1.9 OS X 10.6.8 TLSv1.0 DES-CBC3-SHA | |
Safari 6.0.4 OS X 10.8.4 TLSv1.0 DES-CBC3-SHA | |
Safari 7 OS X 10.9 TLSv1.2 DES-CBC3-SHA | |
Safari 8 OS X 10.10 TLSv1.2 DES-CBC3-SHA | |
Safari 9 iOS 9 TLSv1.2 DES-CBC3-SHA | |
Safari 9 OS X 10.11 TLSv1.2 DES-CBC3-SHA | |
Safari 10 OS X 10.12 TLSv1.2 DES-CBC3-SHA | |
Apple ATS 9 iOS 9 No connection | |
Tor 17.0.9 Win 7 TLSv1.0 DES-CBC3-SHA | |
Yahoo Slurp Jan 2015 TLSv1.2 DES-CBC3-SHA | |
YandexBot Jan 2015 TLSv1.2 DES-CBC3-SHA | |
Done 2017-03-27 17:13:30 -->> 14.140.253.100:443 (acs.onlinesbi.com) <<-- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment