Created
April 9, 2020 12:42
-
-
Save straight-shoota/d767dfa330e126519c4b60e27b656b58 to your computer and use it in GitHub Desktop.
Crystal SSL Server testssl.sh reports
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
No engine or GOST support via engine with your /usr/bin/openssl | |
########################################################### | |
testssl.sh 3.1dev from https://testssl.sh/dev/ | |
(c90bd84fe 2020-04-09 13:59:35 -- ) | |
This program is free software. Distribution and | |
modification under GPLv2 permitted. | |
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! | |
Please file bugs @ https://testssl.sh/bugs/ | |
########################################################### | |
Using "OpenSSL 1.1.1 11 Sep 2018" [~79 ciphers] | |
on PaulMiki:/usr/bin/openssl | |
(built: "Nov 12 16:58:35 2019", platform: "debian-amd64") | |
Start 2020-04-09 14:09:22 -->> 0.0.0.0:38303 (0.0.0.0) <<-- | |
rDNS (0.0.0.0): (instructed to minimize DNS queries) | |
Service detected: HTTP | |
Testing protocols via sockets except NPN+ALPN | |
SSLv2 not offered (OK) | |
SSLv3 not offered (OK) | |
TLS 1 not offered | |
TLS 1.1 not offered | |
TLS 1.2 offered (OK) | |
TLS 1.3 offered (OK): final | |
NPN/SPDY not offered | |
ALPN/HTTP2 not offered | |
Testing cipher categories | |
NULL ciphers (no encryption) not offered (OK) | |
Anonymous NULL Ciphers (no authentication) not offered (OK) | |
Export ciphers (w/o ADH+NULL) not offered (OK) | |
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK) | |
Triple DES Ciphers / IDEA not offered | |
Obsolete: SEED + 128+256 Bit CBC cipher not offered | |
non-FS Strong encryption (AEAD ciphers) not offered | |
Forward Secure Strong encryption (AEAD ciphers) offered (OK) | |
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 | |
PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 | |
Elliptic curves offered: prime256v1 | |
Testing server preferences | |
Has server cipher order? yes (OK) -- TLS 1.3 and below | |
Negotiated protocol TLSv1.3 | |
Negotiated cipher TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Cipher order | |
TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 | |
TLSv1.3: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 | |
Testing server defaults (Server Hello) | |
TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "supported versions/#43" "key share/#51" "max fragment length/#1" "extended master secret/#23" | |
Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily | |
SSL Session ID support yes | |
Session Resumption Tickets: yes, ID: yes | |
TLS clock skew Random values, no fingerprinting possible | |
Signature Algorithm SHA256 with RSA | |
Server key size RSA 2048 bits | |
Server key usage -- | |
Server extended key usage -- | |
Serial / Fingerprints AB49190C891CDF37 / SHA1 E4F0D4AADCE1D103935B0DE9C1E73297A1A7D6DD | |
SHA256 C7F2EFC757B7A48F6340D833CFCD33D667041F3ED4305F140ADCB3465620EC94 | |
Common Name (CN) (no CN field in subject) | |
subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining | |
Issuer (Internet Widgits Pty Ltd from AR) | |
Trust (hostname) certificate does not match supplied URI | |
Chain of trust NOT ok (self signed) | |
EV cert (experimental) no | |
ETS/"eTLS", visibility info not present | |
Certificate Validity (UTC) 8588 >= 60 days (2016-05-29 17:03 --> 2043-10-14 16:03) | |
>= 10 years is way too long | |
# of certificates provided 1 | |
Certificate Revocation List -- | |
OCSP URI -- | |
NOT ok -- neither CRL nor OCSP URI provided | |
OCSP stapling not offered | |
OCSP must staple extension -- | |
DNS CAA RR (experimental) (instructed to minimize DNS queries) | |
Certificate Transparency -- | |
Testing HTTP header response @ "/" | |
HTTP Status Code 200 OK | |
HTTP clock skew Got no HTTP time, maybe try different URL? | |
Strict Transport Security not offered | |
Public Key Pinning -- | |
Server banner (no "Server" line in header, interesting!) | |
Application banner -- | |
Cookie(s) (none issued at "/") | |
Security headers -- | |
Reverse Proxy banner -- | |
Testing vulnerabilities | |
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension | |
CCS (CVE-2014-0224) not vulnerable (OK) | |
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session tickets | |
ROBOT Server does not support any cipher suites that use RSA key transport | |
Secure Renegotiation (RFC 5746) supported (OK) | |
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat | |
CRIME, TLS (CVE-2012-4929) not vulnerable (OK) | |
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested | |
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support | |
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible (OK), no protocol below TLS 1.2 offered | |
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) | |
FREAK (CVE-2015-0204) not vulnerable (OK) | |
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) | |
make sure you don't use this certificate elsewhere with SSLv2 enabled services | |
https://censys.io/ipv4?q=C7F2EFC757B7A48F6340D833CFCD33D667041F3ED4305F140ADCB3465620EC94 could help you to find out | |
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 | |
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1 | |
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK) | |
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) | |
Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength | |
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) | |
----------------------------------------------------------------------------------------------------------------------------- | |
x1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384 | |
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 256 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 | |
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 256 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | |
x1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256 | |
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
Running client simulations (HTTP) via sockets | |
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Android 7.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Chrome 74 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Firefox 71 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
IE 6 XP No connection | |
IE 8 Win 7 No connection | |
IE 8 XP No connection | |
IE 11 Win 7 No connection | |
IE 11 Win 8.1 No connection | |
IE 11 Win Phone 8.1 No connection | |
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Edge 17 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Opera 66 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Safari 12.1 (iOS 12.2) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Java 6u45 No connection | |
Java 7u25 No connection | |
Java 8u161 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Thunderbird (68.3) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Done 2020-04-09 14:10:11 [ 172s] -->> 0.0.0.0:38303 (0.0.0.0) <<-- | |
Finished in 2:53 minutes | |
0 examples, 0 failures, 0 errors, 0 pending |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
No engine or GOST support via engine with your /usr/bin/openssl | |
########################################################### | |
testssl.sh 3.1dev from https://testssl.sh/dev/ | |
(c90bd84fe 2020-04-09 13:59:35 -- ) | |
This program is free software. Distribution and | |
modification under GPLv2 permitted. | |
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! | |
Please file bugs @ https://testssl.sh/bugs/ | |
########################################################### | |
Using "OpenSSL 1.1.1 11 Sep 2018" [~79 ciphers] | |
on PaulMiki:/usr/bin/openssl | |
(built: "Nov 12 16:58:35 2019", platform: "debian-amd64") | |
Start 2020-04-09 14:09:39 -->> 0.0.0.0:33869 (0.0.0.0) <<-- | |
rDNS (0.0.0.0): (instructed to minimize DNS queries) | |
Service detected: HTTP | |
Testing protocols via sockets except NPN+ALPN | |
SSLv2 not offered (OK) | |
SSLv3 not offered (OK) | |
TLS 1 offered (deprecated) | |
TLS 1.1 offered (deprecated) | |
TLS 1.2 offered (OK) | |
TLS 1.3 offered (OK): final | |
NPN/SPDY not offered | |
ALPN/HTTP2 not offered | |
Testing cipher categories | |
NULL ciphers (no encryption) not offered (OK) | |
Anonymous NULL Ciphers (no authentication) not offered (OK) | |
Export ciphers (w/o ADH+NULL) not offered (OK) | |
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK) | |
Triple DES Ciphers / IDEA not offered | |
Obsolete: SEED + 128+256 Bit CBC cipher offered | |
non-FS Strong encryption (AEAD ciphers) offered (OK) | |
Forward Secure Strong encryption (AEAD ciphers) offered (OK) | |
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 | |
PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 | |
ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA | |
Elliptic curves offered: prime256v1 | |
Testing server preferences | |
Has server cipher order? yes (OK) -- TLS 1.3 and below | |
Negotiated protocol TLSv1.3 | |
Negotiated cipher TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Cipher order | |
TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA | |
TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA | |
TLSv1.2: ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 | |
AES256-SHA256 AES128-SHA AES256-SHA | |
TLSv1.3: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 | |
Testing server defaults (Server Hello) | |
TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "supported versions/#43" "key share/#51" "max fragment length/#1" "encrypt-then-mac/#22" "extended master secret/#23" | |
Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily | |
SSL Session ID support yes | |
Session Resumption Tickets: yes, ID: yes | |
TLS clock skew Random values, no fingerprinting possible | |
Signature Algorithm SHA256 with RSA | |
Server key size RSA 2048 bits | |
Server key usage -- | |
Server extended key usage -- | |
Serial / Fingerprints AB49190C891CDF37 / SHA1 E4F0D4AADCE1D103935B0DE9C1E73297A1A7D6DD | |
SHA256 C7F2EFC757B7A48F6340D833CFCD33D667041F3ED4305F140ADCB3465620EC94 | |
Common Name (CN) (no CN field in subject) | |
subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining | |
Issuer (Internet Widgits Pty Ltd from AR) | |
Trust (hostname) certificate does not match supplied URI | |
Chain of trust NOT ok (self signed) | |
EV cert (experimental) no | |
ETS/"eTLS", visibility info not present | |
Certificate Validity (UTC) 8588 >= 60 days (2016-05-29 17:03 --> 2043-10-14 16:03) | |
>= 10 years is way too long | |
# of certificates provided 1 | |
Certificate Revocation List -- | |
OCSP URI -- | |
NOT ok -- neither CRL nor OCSP URI provided | |
OCSP stapling not offered | |
OCSP must staple extension -- | |
DNS CAA RR (experimental) (instructed to minimize DNS queries) | |
Certificate Transparency -- | |
Testing HTTP header response @ "/" | |
HTTP Status Code 200 OK | |
HTTP clock skew Got no HTTP time, maybe try different URL? | |
Strict Transport Security not offered | |
Public Key Pinning -- | |
Server banner (no "Server" line in header, interesting!) | |
Application banner -- | |
Cookie(s) (none issued at "/") | |
Security headers -- | |
Reverse Proxy banner -- | |
Testing vulnerabilities | |
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension | |
CCS (CVE-2014-0224) not vulnerable (OK) | |
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session tickets | |
ROBOT not vulnerable (OK) | |
Secure Renegotiation (RFC 5746) supported (OK) | |
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat | |
CRIME, TLS (CVE-2012-4929) not vulnerable (OK) | |
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested | |
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support | |
TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK) | |
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK) | |
FREAK (CVE-2015-0204) not vulnerable (OK) | |
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) | |
make sure you don't use this certificate elsewhere with SSLv2 enabled services | |
https://censys.io/ipv4?q=C7F2EFC757B7A48F6340D833CFCD33D667041F3ED4305F140ADCB3465620EC94 could help you to find out | |
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 | |
BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA | |
VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated) | |
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches | |
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) | |
Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength | |
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) | |
----------------------------------------------------------------------------------------------------------------------------- | |
x1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384 | |
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 256 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 | |
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | |
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | |
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 256 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | |
x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384 | |
x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256 | |
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA | |
x1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256 | |
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | |
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | |
x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256 | |
x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 | |
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA | |
Running client simulations (HTTP) via sockets | |
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Android 7.0 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 256 bit ECDH (P-256) | |
Android 8.1 (native) TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 256 bit ECDH (P-256) | |
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Chrome 74 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Chrome 79 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Firefox 66 (Win 8.1/10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Firefox 71 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
IE 6 XP No connection | |
IE 8 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256) | |
IE 8 XP No connection | |
IE 11 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256) | |
IE 11 Win 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256) | |
IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256) | |
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Edge 17 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Opera 66 (Win 10) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Safari 12.1 (iOS 12.2) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Safari 13.0 (macOS 10.14.6) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Java 6u45 TLSv1.0 AES128-SHA, No FS | |
Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256) | |
Java 8u161 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) | |
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 256 bit ECDH (P-256) | |
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Thunderbird (68.3) TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256) | |
Done 2020-04-09 14:10:48 [ 193s] -->> 0.0.0.0:33869 (0.0.0.0) <<-- | |
Finished in 3:12 minutes | |
0 examples, 0 failures, 0 errors, 0 pending |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment