-
-
Save jpluimers/a4312ca7883dd9fd58b2 to your computer and use it in GitHub Desktop.
testssl quality.embarcadero.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
########################################################### | |
testssl.sh 2.7dev from https://testssl.sh/dev/ | |
(4eacc75 2015-10-11 10:03:19 -- 1.401) | |
This program is free software. Distribution and | |
modification under GPLv2 permitted. | |
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! | |
Please file bugs @ https://testssl.sh/bugs/ | |
########################################################### | |
Using "OpenSSL 1.0.2-chacha (1.0.2e-dev)" [~181 ciphers] on | |
retinambpro1tb.fritz.box:./bin/openssl.Darwin.x86_64 | |
(built: "Aug 27 20:29:14 2015", platform: "darwin64-x86_64-cc") | |
Testing now (2015-10-11 11:24) ---> 207.211.86.153:443 (quality.embarcadero.com) <--- | |
rDNS (207.211.86.153): -- | |
Service detected: HTTP | |
--> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN) | |
SSLv2 not offered (OK) | |
SSLv3 offered (NOT ok) | |
TLS 1 offered | |
TLS 1.1 offered | |
TLS 1.2 offered (OK) | |
SPDY/NPN not offered | |
--> Testing ~standard cipher lists | |
Null Ciphers not offered (OK) | |
Anonymous NULL Ciphers not offered (OK) | |
Anonymous DH Ciphers not offered (OK) | |
40 Bit encryption not offered (OK) | |
56 Bit encryption not offered (OK) | |
Export Ciphers (general) not offered (OK) | |
Low (<=64 Bit) not offered (OK) | |
DES Ciphers not offered (OK) | |
Medium grade encryption offered (NOT ok) | |
Triple DES Ciphers offered (NOT ok) | |
High grade encryption offered (OK) | |
--> Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here | |
PFS is offered (OK) ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-RC4-SHA | |
--> Testing server preferences | |
Has server cipher order? nope (NOT ok) | |
Negotiated protocol TLSv1.2 | |
Negotiated cipher ECDHE-RSA-AES128-SHA256, 256 bit ECDH (limited sense as client will pick) | |
Negotiated cipher per proto (limited sense as client will pick) | |
ECDHE-RSA-AES128-SHA: SSLv3, TLSv1, TLSv1.1 | |
ECDHE-RSA-AES128-SHA256: TLSv1.2 | |
No further cipher order check has been done as order is determined by the client | |
--> Testing server defaults (Server Hello) | |
TLS server extensions renegotiation info | |
Session Tickets RFC 5077 (none) | |
Server key size 2048 bit | |
Signature Algorithm SHA256 with RSA | |
Fingerprint / Serial SHA1 3E220AA3CF04F7159B0E9AAF67932B2E41C23D82 / 119A7F27A37BEBF1 | |
SHA256 CF64906E17B20DD33E171F1D26569B334C8C10479B2A6E10CD6EB0CD235AF883 | |
Common Name (CN) *.embarcadero.com (wildcard certificate match) (CN in response to request w/o SNI: *.embarcadero.com) | |
subjectAltName (SAN) *.embarcadero.com embarcadero.com | |
Issuer Go Daddy Secure Certificate Authority - G2 (GoDaddy.com, Inc. from US) | |
EV cert (experimental) no | |
Certificate Expiration >= 60 days (2015-03-17 19:32 --> 2018-10-12 01:08 +0200) | |
# of certificates provided 4 | |
Chain of trust (experim.) NOT ok: mozilla: (self signed CA in chain) | |
OK: microsoft linux java | |
Certificate Revocation List http://crl.godaddy.com/gdig2s1-87.crl | |
OCSP URI http://ocsp.godaddy.com/ | |
OCSP stapling not offered | |
TLS clock skew -1 sec from localtime | |
--> Testing HTTP header response @ "/" | |
HTTP Status Code 302 Moved Temporarily, redirecting to "https://quality.embarcadero.com/secure/MyJiraHome.jspa" | |
HTTP clock skew -1 sec from localtime | |
Strict Transport Security -- | |
Public Key Pinning -- | |
Server banner Apache-Coyote/1.1 | |
Application banner -- | |
Cookie(s) 2 issued: 1/2 secure, 1/2 HttpOnly | |
Security headers X-Content-Type-Options: nosniff | |
Reverse Proxy banner -- | |
--> Testing vulnerabilities | |
Heartbleed (CVE-2014-0160) not vulnerable (OK) (timed out) | |
CCS (CVE-2014-0224) not vulnerable (OK) | |
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) | |
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat | |
CRIME, TLS (CVE-2012-4929) not vulnerable (OK) | |
BREACH (CVE-2013-3587) no HTTP compression (OK) (only supplied "/" tested) | |
POODLE, SSL (CVE-2014-3566) VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below) | |
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention NOT supported | |
FREAK (CVE-2015-0204) not vulnerable (OK) | |
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size | |
BEAST (CVE-2011-3389) SSL3: DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA | |
AES128-SHA DHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA | |
ECDHE-RSA-AES128-SHA | |
TLS1: DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA | |
AES128-SHA DHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA | |
ECDHE-RSA-AES128-SHA | |
VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 | |
RC4 (CVE-2013-2566, CVE-2015-2808) VULNERABLE (NOT ok): ECDHE-RSA-RC4-SHA RC4-SHA RC4-MD5 RC4-MD5 | |
--> Testing all locally available 181 ciphers against the server, ordered by encryption strength | |
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC) | |
----------------------------------------------------------------------------------------------------------------------- | |
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | |
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
x67 DHE-RSA-AES128-SHA256 DH 768 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | |
x33 DHE-RSA-AES128-SHA DH 768 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 | |
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA | |
xc011 ECDHE-RSA-RC4-SHA ECDH 256 RC4 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA | |
x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA | |
x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5 | |
x010080 RC4-MD5 RSA RC4 128 SSL_CK_RC4_128_WITH_MD5 | |
xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | |
x16 EDH-RSA-DES-CBC3-SHA DH 768 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | |
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
Done now (2015-10-11 11:27) ---> 207.211.86.153:443 (quality.embarcadero.com) <--- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment