Created
October 22, 2019 12:58
-
-
Save pbohman/bb90150a6e62456b07f715e43ec6ee54 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Testing protocols via sockets except NPN+ALPN | |
SSLv2 not offered (OK) | |
SSLv3 not offered (OK) | |
TLS 1 offered | |
TLS 1.1 offered | |
TLS 1.2 offered (OK) | |
TLS 1.3 offered (OK): final | |
NPN/SPDY not offered | |
ALPN/HTTP2 h2, http/1.1 (offered) | |
Testing cipher categories | |
NULL ciphers (no encryption) not offered (OK) | |
Anonymous NULL Ciphers (no authentication) not offered (OK) | |
Export ciphers (w/o ADH+NULL) not offered (OK) | |
LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK) | |
Triple DES Ciphers / IDEA not offered (OK) | |
Average: SEED + 128+256 Bit CBC ciphers offered | |
Strong encryption (AEAD ciphers) offered (OK) | |
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 | |
PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 | |
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA | |
Elliptic curves offered: prime256v1 X25519 | |
Testing server preferences | |
Has server cipher order? yes (OK) | |
Negotiated protocol TLSv1.2 | |
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Cipher order | |
TLSv1: ECDHE-RSA-AES128-SHA AES128-SHA ECDHE-RSA-AES256-SHA AES256-SHA | |
TLSv1.1: ECDHE-RSA-AES128-SHA AES128-SHA ECDHE-RSA-AES256-SHA AES256-SHA | |
TLSv1.2: ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA AES256-GCM-SHA384 AES256-SHA | |
Testing server defaults (Server Hello) | |
TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "extended master secret/#23" "application layer protocol negotiation/#16" | |
Session Ticket RFC 5077 hint no -- no lifetime advertised | |
SSL Session ID support yes | |
Session Resumption Tickets no, ID resumption test failed | |
TLS clock skew 0 sec from localtime | |
Signature Algorithm SHA256 with RSA | |
Server key size RSA 2048 bits | |
Server key usage Digital Signature, Key Encipherment |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment