-
-
Save jpluimers/b870533f3c66965510ef to your computer and use it in GitHub Desktop.
forums.embarcadero.com:563 NNTP over SSL is still very vulnerable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[1m | |
########################################################### | |
testssl.sh 2.6rc3 from https://testssl.sh/dev/ | |
([1;30mdddb163 2015-08-27 20:39:20 -- 1.361[m[1m) | |
This program is free software. Distribution and | |
modification under GPLv2 permitted. | |
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! | |
Please file bugs @ https://testssl.sh/bugs/ | |
###########################################################[m | |
Using "OpenSSL 1.0.2-chacha (1.0.2e-dev)" [~181 ciphers] on | |
retinambpro1tb.fritz.box:./bin/openssl.Darwin.x86_64 | |
(built: "reproducible build, date unspecified", platform: "darwin64-x86_64-cc") | |
[7mTesting now (2015-08-27 22:31) ---> 204.216.225.61:563 (forums.embarcadero.com) <---[m | |
rDNS (204.216.225.61): -- | |
Service detected: NNTP, thus skipping HTTP specific checks | |
[1;34m--> Testing protocols [m(via sockets except TLS 1.2 and SPDY/NPN) | |
[1m SSLv2 [m[1;32mnot offered (OK)[m | |
[m[1m SSLv3 [m[0;31moffered (NOT ok)[m | |
[1m TLS 1 [moffered | |
[1m TLS 1.1 [mnot offered | |
[1m TLS 1.2 [m[0;33mnot offered (NOT ok)[m | |
[1m SPDY/NPN [mnot offered | |
[1;34m--> Testing ~standard cipher lists[m | |
[1m Null Ciphers [m[1;32mnot offered (OK)[m | |
[1m Anonymous NULL Ciphers [m[1;32mnot offered (OK)[m | |
[1m Anonymous DH Ciphers [m[1;32mnot offered (OK)[m | |
[1m 40 Bit encryption [m[1;31moffered (NOT ok)[m | |
[1m 56 Bit encryption [m[1;32mnot offered (OK)[m | |
[1m Export Ciphers (general) [m[1;31moffered (NOT ok)[m | |
[1m Low (<=64 Bit) [m[1;31moffered (NOT ok)[m | |
[1m DES Ciphers [m[1;31moffered (NOT ok)[m | |
[1m Medium grade encryption [m[0;31moffered (NOT ok)[m | |
[1m Triple DES Ciphers [m[0;33moffered (NOT ok)[m | |
[1m High grade encryption [m[1;32moffered (OK)[m | |
[1;34m--> Testing (perfect) forward secrecy, (P)FS[m -- omitting 3DES, RC4 and Null Encryption here | |
[0;32m PFS is offered (OK)[m DHE-RSA-AES128-SHA | |
[1;34m--> Testing server preferences[m | |
[1m Has server cipher order? [m[0;31mnope (NOT ok)[m | |
[1m Negotiated protocol [mTLSv1 | |
[1m Negotiated cipher [mDHE-RSA-AES128-SHA, [0;31m768 bit DH[m (limited sense as client will pick) | |
[1m Negotiated cipher per proto[m (limited sense as client will pick) | |
DHE-RSA-AES128-SHA: SSLv3, TLSv1 | |
No further cipher order check as order is determined by the client | |
[1;34m--> Testing server defaults (Server Hello)[m | |
[1m TLS server extensions [mrenegotiation info | |
[1m Session Tickets RFC 5077 [m(none) | |
[1m Server key size [m2048 bit | |
[1m Signature Algorithm [m[0;32mSHA256 with RSA[m | |
[1m Fingerprint / Serial [mSHA1 3E220AA3CF04F7159B0E9AAF67932B2E41C23D82 / 119A7F27A37BEBF1 | |
SHA256 CF64906E17B20DD33E171F1D26569B334C8C10479B2A6E10CD6EB0CD235AF883 | |
[1m Common Name (CN) [m[4m*.embarcadero.com[m (matches certificate directly) | |
[1m subjectAltName (SAN) [m(B[0;4m*.embarcadero.com(B[m (B[0;4membarcadero.com(B[m | |
[1m Issuer [m(B[0;4mGo Daddy Secure Certificate Authority - G2(B[m ((B[0;4mGoDaddy.com, Inc.(B[m from (B[0;4mUS(B[m) | |
[1m EV cert[m (experimental) no | |
[1m Certificate Expiration [m[0;32m>= 60 days[m (2015-03-17 19:32 --> 2018-10-12 01:08 +0200) | |
[1m # of certificates provided[m 4 | |
[1m Certificate Revocation List [mhttp://crl.godaddy.com/gdig2s1-87.crl | |
[1m OCSP URI [mhttp://ocsp.godaddy.com/ | |
[1m OCSP stapling [m not offered | |
[1m TLS clock skew[m -3 sec from localtime | |
[1;34m--> Testing vulnerabilities[m | |
[1m Heartbleed[m (CVE-2014-0160) [1;32mnot vulnerable (OK)[m (timed out) | |
[1m CCS[m (CVE-2014-0224) [1;32mnot vulnerable (OK)[m | |
[1m Secure Renegotiation [m(CVE 2009-3555) [1;32mnot vulnerable (OK)[m | |
[1m Secure Client-Initiated Renegotiation [m[0;31mVULNERABLE (NOT ok)[m, DoS threat | |
[1m CRIME, TLS [m(CVE-2012-4929) [0;35mLocal problem: ./bin/openssl.Darwin.x86_64 lacks zlib support[m | |
[1m POODLE, SSL[m (CVE-2014-3566) [0;31mVULNERABLE (NOT ok)[m, uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below) | |
[1m TLS_FALLBACK_SCSV[m (RFC 7507), experim. [0;33mDowngrade attack prevention NOT supported[m | |
[1m FREAK[m (CVE-2015-0204) [1;31mVULNERABLE (NOT ok)[m, uses EXPORT RSA ciphers | |
[1m LOGJAM[m (CVE-2015-4000), experimental [1;31mVULNERABLE (NOT ok)[m, uses DHE EXPORT ciphers | |
[1m BEAST[m (CVE-2011-3389) SSL3:[0;33m EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA | |
EDH-RSA-DES-CBC-SHA DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA | |
EXP-DES-CBC-SHA[m | |
TLS1:[0;33m EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA | |
EDH-RSA-DES-CBC-SHA DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA | |
EXP-DES-CBC-SHA[m | |
[1m RC4[m (CVE-2013-2566, CVE-2015-2808) [0;31mVULNERABLE (NOT ok): [m[0;31mRC4-SHA [m[0;31mRC4-MD5 [m[0;31mRC4-MD5 [m[0;31mEXP-RC4-MD5 [m[0;31mEXP-RC4-MD5 [m | |
[1;34m--> Testing all locally available 181 ciphers against the server[m, ordered by encryption strength | |
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC) | |
----------------------------------------------------------------------------------------------------------------------- | |
x33 DHE-RSA-AES128-SHA DH [0;31m768 [m AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA | |
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA | |
x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA | |
x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5 | |
x010080 RC4-MD5 RSA RC4 128 SSL_CK_RC4_128_WITH_MD5 | |
x16 EDH-RSA-DES-CBC3-SHA DH [0;31m768 [m 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | |
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA | |
x15 EDH-RSA-DES-CBC-SHA DH [0;31m768 [m DES 56 TLS_DHE_RSA_WITH_DES_CBC_SHA | |
x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA | |
x14 EXP-EDH-RSA-DES-CBC-SHA DH(512) DES 40,export TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | |
x08 EXP-DES-CBC-SHA RSA(512) DES 40,export TLS_RSA_EXPORT_WITH_DES40_CBC_SHA | |
x03 EXP-RC4-MD5 RSA(512) RC4 40,export TLS_RSA_EXPORT_WITH_RC4_40_MD5 | |
x020080 EXP-RC4-MD5 RSA(512) RC4 40,export SSL_CK_RC4_128_EXPORT40_WITH_MD5 | |
[7mDone now (2015-08-27 22:33) ---> 204.216.225.61:563 (forums.embarcadero.com) <---[m | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment