Hlídač Portál o VZ a koncesích Detailní analýza HTTPs pro Portál o VZ a koncesích

No 128 cipher limit bug

not offered

not offered

not offered

not offered

offered

offered with final

not offered

h2

http/1.1

not offered

not offered

not offered

not offered

not offered

not offered

not offered

offered

server

Default protocol TLS1.3

TLS_CHACHA20_POLY1305_SHA256, 253 bit ECDH (X25519)

TLSv1.2   xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256

TLSv1.3   x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256

TLSv1.3   x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384

TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256

TLS_CHACHA20_POLY1305_SHA256 TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256

offered

TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256

prime256v1 X25519

'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'session ticket/#35' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'extended master secret/#23'

valid for 1800 seconds only (<daily)

yes

not supported

supported

random

none

none

1

SHA256 with RSA

RSA 2048 bits (exponent is 65537)

Digital Signature, Key Encipherment

TLS Web Server Authentication

059F5CCE334BBCACFDDBC82FF587662F1550

18

F57AD0456AD8DC34BD582FD7DE9FEA99722906EB

24A01750DA39CC17A1C9596BDF5D39424227F8DB025545184D48711C1FC71FEE

-----BEGIN CERTIFICATE----- MIIFATCCA+mgAwIBAgISBZ9czjNLvKz928gv9YdmLxVQMA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTIwHhcNMjYwNDEwMTMwOTQwWhcNMjYwNzA5MTMwOTM5WjAXMRUwEwYDVQQD Ewxwb3J0YWwtdnouY3owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3 q5WR6X//TE2+IyofH+tcc7hmzcPHk26a0YowLr+I9Vupq4DK2Q3x6yohQokb1jrH NTjOl83dv5isZBcE17ucHOVMVwb/PCpED9a35/jxyF0VBfHM2bHTbGQ2GbNkcgpR IzEEIB/GviogyuyDhOjeli3Hzx6TP/7DWGSWQxIIRTIP9E/u1bCF5J9BC7LZ+AOe 3BfnX8zxsu+B4jlDIxG4waYRzPSLAs8qdCAwjZXueyFx6+eZHt6em/Tg7ginTKeG iVPMLTC0LIhYB82oLEg9XSsVeXSkb8Htrf911pz0LkNZnY/OSc4ECqI/1Zy6da4y F2vkuxfXpepdAgqLeVW1AgMBAAGjggIpMIICJTAOBgNVHQ8BAf8EBAMCBaAwEwYD VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUkVjmKYi+ YOfsInhEpYMo3yXufN4wHwYDVR0jBBgwFoAUALUp8i2ObzHom0yteD763OkM0dIw MwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAChhdodHRwOi8vcjEyLmkubGVuY3Iu b3JnLzAnBgNVHREEIDAegg4qLnBvcnRhbC12ei5jeoIMcG9ydGFsLXZ6LmN6MBMG A1UdIAQMMAowCAYGZ4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9yMTIu Yy5sZW5jci5vcmcvODEuY3JsMIIBCwYKKwYBBAHWeQIEAgSB/ASB+QD3AHYAyzj3 FYl8hKFEX1vB3fvJbvKaWc1HCmkFhbDLFMMUWOcAAAGdd7jDoQAABAMARzBFAiAm HCdlm4adWBN8NMb3HT3zmqc6opUsjNgJYxcrEnhQBgIhAI9c7BXEMgtEB4Zdv0wK mou4Amz/5K84NBdGIPJO2uj7AH0AbP5QGUOoXqkWvFLRM+TcyR7xQRx9JYQg0XOA nhgY6zoAAAGdd7jFjgAIAAAFAAadNkIEAwBGMEQCIFgI+Ird+lezsEIW1tlIAvkx CzTdABScjX+NMFvlwTilAiBNWlSx7YhkWzHESyRqoCPLdAmZumLxzTOeO4rBo7+z czANBgkqhkiG9w0BAQsFAAOCAQEArcKiD5K4dtpuJWoMe3bHbQk8gBedean1yYqI LT+8imF3z1rx12NI8OuMRQSY5zqDgMULnv8r50tUVtLNJP3Gk8dKWmPLhpeGhO1b QPx8y4oj9lE5N1S4VpGiuS8w7lTiUIIGz6BrndTLlr8LuMyLN5uA6xFJRqbdH49r Jv+NBP+xPK+QgoGyL7VepZJKOuPUFQh8RhntwLPGsKKEVl6X9KuQuMz71ttRlFBq uQGUEeUGPP2jWapcgYao+aYcec8Un5XwDb76mwbDTNHfeyiOqvVcuy1ca8pkoExq GMRMcsjvt3ZGulKbnTYeVXbwaAgkYyIj7WOc7WnB1/pKfJgeOA== -----END CERTIFICATE-----

portal-vz.cz

request w/o SNI didn't succeed

*.portal-vz.cz portal-vz.cz

Ok via SAN wildcard (SNI mandatory)

passed.

no

2026-04-10 13:09

certificate has no extended life time according to browser forum

not present

http://r12.c.lencr.org/81.crl

--

not offered

--

yes (certificate extension)

2

no

R12 (Let's Encrypt from US)

-----BEGIN CERTIFICATE----- MIIFBjCCAu6gAwIBAgIRAMISMktwqbSRcdxA9+KFJjwwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDEMMAoGA1UEAxMDUjEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA2pgodK2+lP474B7i5Ut1qywSf+2nAzJ+Npfs6DGPpRONC5kuHs0BUT1M 5ShuCVUxqqUiXXL0LQfCTUA83wEjuXg39RplMjTmhnGdBO+ECFu9AhqZ66YBAJpz kG2Pogeg0JfT2kVhgTU9FPnEwF9q3AuWGrCf4yrqvSrWmMebcas7dA8827JgvlpL Thjp2ypzXIlhZZ7+7Tymy05v5J75AEaz/xlNKmOzjmbGGIVwx1Blbzt05UiDDwhY XS0jnV6j/ujbAKHS9OMZTfLuevYnnuXNnC2i8n+cF63vEzc50bTILEHWhsDp7CH4 WRt/uTp8n1wBnWIEwii9Cq08yhDsGwIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUALUp8i2ObzHom0yteD763OkM0dIwHwYDVR0jBBgwFoAU ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN AQELBQADggIBAI910AnPanZIZTKS3rVEyIV29BWEjAK/duuz8eL5boSoVpHhkkv3 4eoAeEiPdZLj5EZ7G2ArIK+gzhTlRQ1q4FKGpPPaFBSpqV/xbUb5UlAXQOnkHn3m FVj+qYv87/WeY+Bm4sN3Ox8BhyaU7UAQ3LeZ7N1X01xxQe4wIAAE3JVLUCiHmZL+ qoCUtgYIFPgcg350QMUIWgxPXNGEncT921ne7nluI02V8pLUmClqXOsCwULw+PVO ZCB7qOMxxMBoCUeL2Ll4oMpOSr5pJCpLN3tRA2s6P1KLs9TSrVhOk+7LX28NMUlI usQ/nxLJID0RhAeFtPjyOCOscQBA53+NRjSCak7P4A5jX7ppmkcJECL+S0i3kXVU y5Me5BbrU8973jZNv/ax6+ZK6TM8jWmimL6of6OrX7ZU6E2WqazzsFrLG3o2kySb zlhSgJ81Cl4tv3SbYiYXnJExKQvzf83DYotox3f0fwv7xln1A2ZLplCb0O+l/AK0 YE0DS2FPxSAHi0iwMfW2nNHJrXcY3LLHD77gRgje4Eveubi2xxa+Nmk/hmhLdIET iVDFanoCrMVIpQ59XWHkzdFmoHXHBV7oibVjGSO7ULSQ7MJ1Nz51phuDJSgAIU7A 0zrLnOrAj/dfrlEWRhCvAgbuwLZX1A2sjNjXoPOHbsPiy+lO1KF8/XY7 -----END CERTIFICATE-----

131FCE7784016899A5A00203A9EFC80F18EBBD75580717EDC1553580930836EC

2024-03-13 00:00

2027-03-12 23:59

ok > 40 days

R12 <-- ISRG Root X1

intermediate certificate(s) is/are ok

301 Moved Permanently ('/')

-3 seconds from localtime

1781726840

0 seconds

No support for HTTP Public Key Pinning

Apache

No application banner found

2 at '/' (30x detected, better try target URL of 30x)

0/2 at '/' marked as secure

0/2 at '/' marked as HttpOnly (30x detected, better try target URL of 30x)

no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate

no-cache

x-cacheable: NO:Set-Cookie

not vulnerable, no heartbeat extension

not vulnerable

not vulnerable

not vulnerable, no RSA key transport cipher

not vulnerable

not vulnerable

not vulnerable, no gzip/deflate/compress/br HTTP compression  - only supplied '/' tested

not vulnerable, no SSLv3

no protocol below TLS 1.2 offered

not vulnerable

not vulnerable

not vulnerable on this host and port

Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=24A01750DA39CC17A1C9596BDF5D39424227F8DB025545184D48711C1FC71FEE

not vulnerable, no DH EXPORT ciphers,

no DH key with <= TLS 1.2

not vulnerable, no SSL3 or TLS1

not vulnerable

not vulnerable

not vulnerable

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305

TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

No connection

No connection

No connection

No connection

No connection

No connection

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

No connection

No connection

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.3 TLS_AES_256_GCM_SHA384

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)

https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide

100

30

90

27

90

36

93

A

Grade capped to A. HSTS is not offered

No 128 cipher limit bug

not offered

not offered

not offered

not offered

offered

offered with final

not offered

h2

http/1.1

not offered

not offered

not offered

not offered

not offered

not offered

not offered

offered

server

Default protocol TLS1.3

TLS_CHACHA20_POLY1305_SHA256, 253 bit ECDH (X25519)

TLSv1.2   xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256

TLSv1.3   x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256

TLSv1.3   x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384

TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256

TLS_CHACHA20_POLY1305_SHA256 TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256

offered

TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256

prime256v1 X25519

'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'session ticket/#35' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'extended master secret/#23'

valid for 1800 seconds only (<daily)

yes

not supported

not supported

random

none

none

1

SHA256 with RSA

RSA 2048 bits (exponent is 65537)

Digital Signature, Key Encipherment

TLS Web Server Authentication

059F5CCE334BBCACFDDBC82FF587662F1550

18

F57AD0456AD8DC34BD582FD7DE9FEA99722906EB

24A01750DA39CC17A1C9596BDF5D39424227F8DB025545184D48711C1FC71FEE

-----BEGIN CERTIFICATE----- MIIFATCCA+mgAwIBAgISBZ9czjNLvKz928gv9YdmLxVQMA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTIwHhcNMjYwNDEwMTMwOTQwWhcNMjYwNzA5MTMwOTM5WjAXMRUwEwYDVQQD Ewxwb3J0YWwtdnouY3owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3 q5WR6X//TE2+IyofH+tcc7hmzcPHk26a0YowLr+I9Vupq4DK2Q3x6yohQokb1jrH NTjOl83dv5isZBcE17ucHOVMVwb/PCpED9a35/jxyF0VBfHM2bHTbGQ2GbNkcgpR IzEEIB/GviogyuyDhOjeli3Hzx6TP/7DWGSWQxIIRTIP9E/u1bCF5J9BC7LZ+AOe 3BfnX8zxsu+B4jlDIxG4waYRzPSLAs8qdCAwjZXueyFx6+eZHt6em/Tg7ginTKeG iVPMLTC0LIhYB82oLEg9XSsVeXSkb8Htrf911pz0LkNZnY/OSc4ECqI/1Zy6da4y F2vkuxfXpepdAgqLeVW1AgMBAAGjggIpMIICJTAOBgNVHQ8BAf8EBAMCBaAwEwYD VR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUkVjmKYi+ YOfsInhEpYMo3yXufN4wHwYDVR0jBBgwFoAUALUp8i2ObzHom0yteD763OkM0dIw MwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAChhdodHRwOi8vcjEyLmkubGVuY3Iu b3JnLzAnBgNVHREEIDAegg4qLnBvcnRhbC12ei5jeoIMcG9ydGFsLXZ6LmN6MBMG A1UdIAQMMAowCAYGZ4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9yMTIu Yy5sZW5jci5vcmcvODEuY3JsMIIBCwYKKwYBBAHWeQIEAgSB/ASB+QD3AHYAyzj3 FYl8hKFEX1vB3fvJbvKaWc1HCmkFhbDLFMMUWOcAAAGdd7jDoQAABAMARzBFAiAm HCdlm4adWBN8NMb3HT3zmqc6opUsjNgJYxcrEnhQBgIhAI9c7BXEMgtEB4Zdv0wK mou4Amz/5K84NBdGIPJO2uj7AH0AbP5QGUOoXqkWvFLRM+TcyR7xQRx9JYQg0XOA nhgY6zoAAAGdd7jFjgAIAAAFAAadNkIEAwBGMEQCIFgI+Ird+lezsEIW1tlIAvkx CzTdABScjX+NMFvlwTilAiBNWlSx7YhkWzHESyRqoCPLdAmZumLxzTOeO4rBo7+z czANBgkqhkiG9w0BAQsFAAOCAQEArcKiD5K4dtpuJWoMe3bHbQk8gBedean1yYqI LT+8imF3z1rx12NI8OuMRQSY5zqDgMULnv8r50tUVtLNJP3Gk8dKWmPLhpeGhO1b QPx8y4oj9lE5N1S4VpGiuS8w7lTiUIIGz6BrndTLlr8LuMyLN5uA6xFJRqbdH49r Jv+NBP+xPK+QgoGyL7VepZJKOuPUFQh8RhntwLPGsKKEVl6X9KuQuMz71ttRlFBq uQGUEeUGPP2jWapcgYao+aYcec8Un5XwDb76mwbDTNHfeyiOqvVcuy1ca8pkoExq GMRMcsjvt3ZGulKbnTYeVXbwaAgkYyIj7WOc7WnB1/pKfJgeOA== -----END CERTIFICATE-----

portal-vz.cz

request w/o SNI didn't succeed

*.portal-vz.cz portal-vz.cz

Ok via SAN wildcard (SNI mandatory)

passed.

no

2026-04-10 13:09

certificate has no extended life time according to browser forum

not present

http://r12.c.lencr.org/81.crl

--

not offered

--

yes (certificate extension)

2

no

R12 (Let's Encrypt from US)

-----BEGIN CERTIFICATE----- MIIFBjCCAu6gAwIBAgIRAMISMktwqbSRcdxA9+KFJjwwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDEMMAoGA1UEAxMDUjEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA2pgodK2+lP474B7i5Ut1qywSf+2nAzJ+Npfs6DGPpRONC5kuHs0BUT1M 5ShuCVUxqqUiXXL0LQfCTUA83wEjuXg39RplMjTmhnGdBO+ECFu9AhqZ66YBAJpz kG2Pogeg0JfT2kVhgTU9FPnEwF9q3AuWGrCf4yrqvSrWmMebcas7dA8827JgvlpL Thjp2ypzXIlhZZ7+7Tymy05v5J75AEaz/xlNKmOzjmbGGIVwx1Blbzt05UiDDwhY XS0jnV6j/ujbAKHS9OMZTfLuevYnnuXNnC2i8n+cF63vEzc50bTILEHWhsDp7CH4 WRt/uTp8n1wBnWIEwii9Cq08yhDsGwIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUALUp8i2ObzHom0yteD763OkM0dIwHwYDVR0jBBgwFoAU ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN AQELBQADggIBAI910AnPanZIZTKS3rVEyIV29BWEjAK/duuz8eL5boSoVpHhkkv3 4eoAeEiPdZLj5EZ7G2ArIK+gzhTlRQ1q4FKGpPPaFBSpqV/xbUb5UlAXQOnkHn3m FVj+qYv87/WeY+Bm4sN3Ox8BhyaU7UAQ3LeZ7N1X01xxQe4wIAAE3JVLUCiHmZL+ qoCUtgYIFPgcg350QMUIWgxPXNGEncT921ne7nluI02V8pLUmClqXOsCwULw+PVO ZCB7qOMxxMBoCUeL2Ll4oMpOSr5pJCpLN3tRA2s6P1KLs9TSrVhOk+7LX28NMUlI usQ/nxLJID0RhAeFtPjyOCOscQBA53+NRjSCak7P4A5jX7ppmkcJECL+S0i3kXVU y5Me5BbrU8973jZNv/ax6+ZK6TM8jWmimL6of6OrX7ZU6E2WqazzsFrLG3o2kySb zlhSgJ81Cl4tv3SbYiYXnJExKQvzf83DYotox3f0fwv7xln1A2ZLplCb0O+l/AK0 YE0DS2FPxSAHi0iwMfW2nNHJrXcY3LLHD77gRgje4Eveubi2xxa+Nmk/hmhLdIET iVDFanoCrMVIpQ59XWHkzdFmoHXHBV7oibVjGSO7ULSQ7MJ1Nz51phuDJSgAIU7A 0zrLnOrAj/dfrlEWRhCvAgbuwLZX1A2sjNjXoPOHbsPiy+lO1KF8/XY7 -----END CERTIFICATE-----

131FCE7784016899A5A00203A9EFC80F18EBBD75580717EDC1553580930836EC

2024-03-13 00:00

2027-03-12 23:59

ok > 40 days

R12 <-- ISRG Root X1

intermediate certificate(s) is/are ok

301 Moved Permanently ('/')

-1 seconds from localtime

1781727078

0 seconds

No support for HTTP Public Key Pinning

Apache

No application banner found

2 at '/' (30x detected, better try target URL of 30x)

0/2 at '/' marked as secure

0/2 at '/' marked as HttpOnly (30x detected, better try target URL of 30x)

no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate

no-cache

x-cacheable: NO:Set-Cookie

not vulnerable, no heartbeat extension

not vulnerable

not vulnerable

not vulnerable, no RSA key transport cipher

not vulnerable

not vulnerable

not vulnerable, no gzip/deflate/compress/br HTTP compression  - only supplied '/' tested

not vulnerable, no SSLv3

no protocol below TLS 1.2 offered

not vulnerable

not vulnerable

not vulnerable on this host and port

Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=24A01750DA39CC17A1C9596BDF5D39424227F8DB025545184D48711C1FC71FEE

not vulnerable, no DH EXPORT ciphers,

no DH key with <= TLS 1.2

not vulnerable, no SSL3 or TLS1

not vulnerable

not vulnerable

not vulnerable

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305

TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

No connection

No connection

No connection

No connection

No connection

No connection

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

No connection

No connection

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.3 TLS_AES_256_GCM_SHA384

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

TLSv1.3 TLS_CHACHA20_POLY1305_SHA256

SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)

https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide

100

30

90

27

90

36

93

A

Grade capped to A. HSTS is not offered

460