Hlídač Web NÚKIB Detailní analýza HTTPs pro Web NÚKIB

Web NÚKIB
https://www.govcert.cz/

Národní úřad pro kybernetickou a informační bezpečnost Národní úřad pro kybernetickou a informační bezpečnost

Zabezpečení komunikace

Certifikát expiruje za 283 dní.

Výsledek analýzy HTTPS na www.govcert.cz ze dne 30.04.2024

Služba je chráněna certifikátem od certifikační autority, kterou hlavní prohlížeče neznají hlavní prohlížeče neznají nebo jí nedůvěřují. V českých podmínkách to znamená nejspíše certifikáty vydané našimi vnitrostátními autoritami (ICA, PostSignum a eIdentity), které sice stát zákonem prohlásil za důvěryhodné, ale které nesplňují mezinárodní podmínky nutné proto, aby je za důvěryhodné pokládali i autoři prohlížečů.

Detailní analýza

Detailní report z HTTPs analýzy pomocí nástroje testssl.sh

server	www.govcert.cz/81.95.110.57
pre_128cipher	INFO { No 128 cipher limit bug }
SSLv2	OK { not offered }
SSLv3	OK { not offered }
TLS1	INFO { not offered }
TLS1_1	INFO { not offered }
TLS1_2	OK { offered }
TLS1_3	INFO { not offered + downgraded to weaker protocol }
NPN	INFO { offered with h2, http/1.1 (advertised) }
ALPN_HTTP2	OK { h2 }
ALPN	INFO { http/1.1 }
cipherlist_NULL zranitelnosti: CWE-327	OK { not offered }
cipherlist_aNULL zranitelnosti: CWE-327	OK { not offered }
cipherlist_EXPORT zranitelnosti: CWE-327	OK { not offered }
cipherlist_LOW zranitelnosti: CWE-327	OK { not offered }
cipherlist_3DES_IDEA zranitelnosti: CWE-310	INFO { not offered }
cipherlist_AVERAGE zranitelnosti: CWE-310	LOW { offered }
cipherlist_GOOD	OK { offered }
cipherlist_STRONG	OK { offered }
cipher_order	OK { server }
protocol_negotiated	OK { Default protocol TLS1.2 }
cipher_negotiated	OK { ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256) }
cipher-tls1_2_xc02f	OK { TLSv1.2 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 }
cipher-tls1_2_xc030	OK { TLSv1.2 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 }
cipher-tls1_2_x9e	OK { TLSv1.2 x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 }
cipher-tls1_2_x9f	OK { TLSv1.2 x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 }
cipher-tls1_2_xc027	LOW { TLSv1.2 xc027 ECDHE-RSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 }
cipher-tls1_2_xc013	LOW { TLSv1.2 xc013 ECDHE-RSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA }
cipher-tls1_2_xc028	LOW { TLSv1.2 xc028 ECDHE-RSA-AES256-SHA384 ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 }
cipher-tls1_2_xc014	LOW { TLSv1.2 xc014 ECDHE-RSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA }
cipher-tls1_2_x67	LOW { TLSv1.2 x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 }
cipher-tls1_2_x33	LOW { TLSv1.2 x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA }
cipher-tls1_2_x6b	LOW { TLSv1.2 x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 }
cipher-tls1_2_x39	LOW { TLSv1.2 x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA }
cipher-tls1_2_x9c	OK { TLSv1.2 x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256 }
cipher-tls1_2_x9d	OK { TLSv1.2 x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384 }
cipher-tls1_2_x3c	LOW { TLSv1.2 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 }
cipher-tls1_2_x3d	LOW { TLSv1.2 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256 }
cipher-tls1_2_x2f	LOW { TLSv1.2 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA }
cipher-tls1_2_x35	LOW { TLSv1.2 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA }
cipher-tls1_2_xc0a3	OK { TLSv1.2 xc0a3 DHE-RSA-AES256-CCM8 DH 2048 AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8 }
cipher-tls1_2_xc09f	OK { TLSv1.2 xc09f DHE-RSA-AES256-CCM DH 2048 AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM }
cipher-tls1_2_xc0a2	OK { TLSv1.2 xc0a2 DHE-RSA-AES128-CCM8 DH 2048 AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8 }
cipher-tls1_2_xc09e	OK { TLSv1.2 xc09e DHE-RSA-AES128-CCM DH 2048 AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM }
cipher-tls1_2_xc0a1	OK { TLSv1.2 xc0a1 AES256-CCM8 RSA AESCCM8 256 TLS_RSA_WITH_AES_256_CCM_8 }
cipher-tls1_2_xc09d	OK { TLSv1.2 xc09d AES256-CCM RSA AESCCM 256 TLS_RSA_WITH_AES_256_CCM }
cipher-tls1_2_xc0a0	OK { TLSv1.2 xc0a0 AES128-CCM8 RSA AESCCM8 128 TLS_RSA_WITH_AES_128_CCM_8 }
cipher-tls1_2_xc09c	OK { TLSv1.2 xc09c AES128-CCM RSA AESCCM 128 TLS_RSA_WITH_AES_128_CCM }
cipher-tls1_2_xc077	LOW { TLSv1.2 xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH 253 Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 }
cipher-tls1_2_xc4	LOW { TLSv1.2 xc4 DHE-RSA-CAMELLIA256-SHA256 DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 }
cipher-tls1_2_xc076	LOW { TLSv1.2 xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH 253 Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 }
cipher-tls1_2_xbe	LOW { TLSv1.2 xbe DHE-RSA-CAMELLIA128-SHA256 DH 2048 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 }
cipher-tls1_2_x88	LOW { TLSv1.2 x88 DHE-RSA-CAMELLIA256-SHA DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA }
cipher-tls1_2_x45	LOW { TLSv1.2 x45 DHE-RSA-CAMELLIA128-SHA DH 2048 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA }
cipher-tls1_2_xc0	LOW { TLSv1.2 xc0 CAMELLIA256-SHA256 RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 }
cipher-tls1_2_xba	LOW { TLSv1.2 xba CAMELLIA128-SHA256 RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 }
cipher-tls1_2_x84	LOW { TLSv1.2 x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA }
cipher-tls1_2_x41	LOW { TLSv1.2 x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA }
cipherorder_TLSv1_2	INFO { ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM AES256-CCM8 AES256-CCM AES128-CCM8 AES128-CCM ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA256-SHA256 CAMELLIA128-SHA256 CAMELLIA256-SHA CAMELLIA128-SHA }
FS	OK { offered }
FS_ciphers	INFO { ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA }
FS_ECDHE_curves	OK { prime256v1 secp384r1 secp521r1 X25519 X448 }
DH_groups	OK { Unknown DH group (2048 bits) }
TLS_extensions	INFO { 'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'session ticket/#35' 'next protocol/#13172' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'encrypt-then-mac/#22' 'extended master secret/#23' }
TLS_session_ticket	INFO { valid for 300 seconds only (<daily) }
SSL_sessionID_support	INFO { yes }
sessionresumption_ticket	INFO { supported }
sessionresumption_ID	INFO { supported }
TLS_timestamp	INFO { random }
cert_compression	INFO { N/A }
clientAuth	INFO { none }
cert_numbers	INFO { 1 }
cert_signatureAlgorithm	OK { SHA384 with RSA }
cert_keySize	OK { RSA 4096 bits (exponent is 65537) }
cert_keyUsage	INFO { Digital Signature, Key Encipherment }
cert_extKeyUsage	INFO { TLS Web Server Authentication, TLS Web Client Authentication }
cert_serialNumber	INFO { 7A86C329133BA41E9F3C55A8DE418609 }
cert_serialNumberLen	INFO { 16 }
cert_fingerprintSHA1	INFO { 0C005915B085897C687C9F00A27C556CDDB59C6B }
cert_fingerprintSHA256	INFO { 53CF89455D29ACBE01934E959F74D4273C02D606FD6DCB975320A3BE669290D9 }
cert	INFO { -----BEGIN CERTIFICATE----- MIIIhTCCBm2gAwIBAgIQeobDKRM7pB6fPFWo3kGGCTANBgkqhkiG9w0BAQwFADBE MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjQwMjA5MDAwMDAwWhcNMjUwMjA4MjM1 OTU5WjCBhzELMAkGA1UEBhMCQ1oxGzAZBgNVBAgMEkppaG9tb3JhdnNrw70ga3Jh ajFGMEQGA1UECgw9TsOhcm9kbsOtIMO6xZlhZCBwcm8ga3liZXJuZXRpY2tvdSBh IGluZm9ybWHEjW7DrSBiZXpwZcSNbm9zdDETMBEGA1UEAxMKZ292Y2VydC5jejCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALsSAzQlvEZ3zow7DFntSCX/ GOhOkroSWvgpf1sePfG8PQp/8fzmUf8gvyudqclzoR6/r1+gU/SQWQbJCaA/LkqM Hk9RGNzJ6UriHq0zyKDmfYtF+rjbjvXGvoCEomFyQc5eKooWDtj7R1MlaejJwEVs 2Uwp9tiXAAaa46lOL4tSJPiRduPSTHGIvozdgQyrPRu91L8yYwMsKUoUSWN8t4ga 24fT2U/duyQLmL9GeoL7fF/MnRCWt6MTXmtbWST41LQsSugHt+Qcea6MHthsPoMe wI9dDRJtx4PddX6ai1MeUnjW2NtDxTWIDcZHTE4Y9wj5SWXBVbx6SKpyZ3qIe21d S7QAFLgSfyp6zds3vY26BoT75AldDqJORvoN57MVrU10Q1cTKNeKcN+PZ4nvurmB RKPxN6b77aE1dI9h+M5TFX7agrtfGHGXmIRamJcJmfcVbtxfpAVTfbYhQmNhdVQI 4UKQnIJW8mSutnI/CIQJ+8ZfGcZ6KdOLTtTkeH5nPi4ZrXHEsuo1b9O/wCqR892D XyWbmTs91LNT94EGVrkwKE+2V9FtG1qh/Jpj0iAepTF+CNDhq++EQa2ojmrjN9Pd KwibhUg4KXblf9EAL2YKGH65s9mTYRTagTnR1/KFg9pHy+plWgjjN5OKIpbChocN 86eWEs6R3ZDNIKIhZJAfAgMBAAGjggMtMIIDKTAfBgNVHSMEGDAWgBRvHTVJEGwy +lmgnryK6B+VvnF6DDAdBgNVHQ4EFgQUxL1nduNoQTWgna8j5eRGK4dFqpowDgYD VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAk8wJTAjBggrBgEFBQcC ARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMD8GA1UdHwQ4MDYw NKAyoDCGLmh0dHA6Ly9HRUFOVC5jcmwuc2VjdGlnby5jb20vR0VBTlRPVlJTQUNB NC5jcmwwdQYIKwYBBQUHAQEEaTBnMDoGCCsGAQUFBzAChi5odHRwOi8vR0VBTlQu Y3J0LnNlY3RpZ28uY29tL0dFQU5UT1ZSU0FDQTQuY3J0MCkGCCsGAQUFBzABhh1o dHRwOi8vR0VBTlQub2NzcC5zZWN0aWdvLmNvbTCCAX4GCisGAQQB1nkCBAIEggFu BIIBagFoAHcAzxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGNjZaS BwAABAMASDBGAiEAl2tAXzY4ByRN3liDbA5CkbEsoW+YCvutMq7EE0I97FMCIQCn MN7iB8zSl7cewaycYF/7uS2v74aVaX8fRxZ2ob4oygB1AKLjCuRF772tm3447Udn d1PXgluElNcrXhssxLlQpEfnAAABjY2WkoYAAAQDAEYwRAIgYdAP6YKgKrbsHXHD Fmqh7OVlJEKfkn0FaYcY1kSAMfoCIAHlqdXqYjfZaRqcHQvpyI5P3x8q2LelZDl4 2UA2trTxAHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGNjZaS LwAABAMARzBFAiEAl1VnChKqS78/OaPrLGFQG6tc0gqjPFcCvmNVygneW44CIAfX l9/4zJZ3CAPxWQ2vo4yrwLId+lG791NPAsrV1CakMCUGA1UdEQQeMByCCmdvdmNl cnQuY3qCDnd3dy5nb3ZjZXJ0LmN6MA0GCSqGSIb3DQEBDAUAA4ICAQCNZ/tm4gch KbYb/plc+vBCqim7oyVOifGVBeor2kSWfLYgyd2a2NRI3TwoOFnhUYAXzgnPSomw bsK9YkYn0YAgzhvD99QUg4XCXe5bYIxtv13X1lNB7x9rZ7oIsIEoSgDcD+aJKhQS sZScQO3QfwREgQfCTd2nWNkG+hOh5a3AJSeibQDKdji7hAZ2+k3K9oFg8nsooHWr vS8lDBTAbIpTF6ZWxdJdYqLPvbJSuGbrgz7Juf9wStXc0j57nBSYqJg7HBz6QlRR Ftpz/m9mb/nO3ymindjJEhsgntBKGZMuPjtMzegWFnh3d33Izb2nF7CDmg0fcns1 vcrF+81gCvtnc92eq6LyZfp1fJWhD5EqJ4iflaqZ0l/iJZ3OYatklomyVf1GQs21 CFtFgrRgWp5Jq9b2MySkjw9/8kfX1S4Q3kJF1hf/0cToh/GYxdaWSOJq2/x28VXP I9dZyXagfjCF2W0BDvQjT/iqkNU7HmAOEJXRVPYlOaCvrewAUcVJXixtuMif63Qr JsTs3pRQ0lr3fl/xY1lrU7KOt2kzwkXRV+8AiDQVuGAjwLRc8ICeNxrm2A4yZqy5 RmTtrWsp651GqtfkCQje4dC1+lNsD8giq4RuffAkaJ6r5eSYMPzSD8M86M4033lB 67AJUgOmjhO2smsWVGlCcTPme/ix0X6R5w== -----END CERTIFICATE----- }
cert_commonName	OK { govcert.cz }
cert_commonName_wo_SNI	INFO { gds161.active24.cz }
cert_subjectAltName	INFO { govcert.cz www.govcert.cz }
cert_trust	OK { Ok via SAN (SNI mandatory) }
cert_chain_of_trust	CRITICAL { failed (chain incomplete). }
cert_certificatePolicies_EV	INFO { no }
cert_expirationStatus	OK { 284 >= 60 days }
cert_notBefore	INFO { 2024-02-09 00:00 }
cert_notAfter	OK { 2025-02-08 23:59 }
cert_extlifeSpan	OK { certificate has no extended life time according to browser forum }
cert_eTLS	INFO { not present }
cert_crlDistributionPoints	INFO { http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl }
cert_ocspURL	INFO { http://GEANT.ocsp.sectigo.com }
OCSP_stapling	LOW { not offered }
cert_mustStapleExtension	INFO { -- }
DNS_CAArecord	LOW { -- }
certificate_transparency	OK { yes (certificate extension) }
certs_countServer	INFO { 2 }
certs_list_ordering_problem	LOW { yes }
cert_caIssuers	INFO { GEANT OV RSA CA 4 (GEANT Vereniging from NL) }
intermediate_cert <#1>	INFO { -----BEGIN CERTIFICATE----- MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10 VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct 85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8 mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ +hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5 hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng== -----END CERTIFICATE----- }
intermediate_cert_fingerprintSHA256 <#1>	INFO { BEB8EFE9B1A73C841B375A90E5FFF8048848E3A2AF66F6C4DD7B938D6FE8C5D8 }
intermediate_cert_notBefore <#1>	INFO { 2014-11-18 12:00 }
intermediate_cert_notAfter <#1>	OK { 2024-11-18 12:00 }
intermediate_cert_expiration <#1>	OK { ok > 40 days }
intermediate_cert_chain <#1>	INFO { TERENA SSL CA 3 <-- DigiCert Assured ID Root CA }
intermediate_cert_badOCSP	OK { intermediate certificate(s) is/are ok }
HTTP_status_code	INFO { 301 Moved Permanently ('/') }
HTTP_clock_skew	INFO { 0 seconds from localtime }
HTTP_headerTime	INFO { 1714507554 }
HSTS	LOW { not offered }
HPKP	INFO { No support for HTTP Public Key Pinning }
banner_server	INFO { nginx }
banner_application	INFO { No application banner found }
cookie_count	INFO { 0 at '/' (30x detected, better try target URL of 30x) }
security_headers	MEDIUM { -- }
banner_reverseproxy zranitelnosti: CWE-200	INFO { -- }
heartbleed zranitelnosti: CVE-2014-0160 CWE-119	OK { not vulnerable, no heartbeat extension }
CCS zranitelnosti: CVE-2014-0224 CWE-310	OK { not vulnerable }
ticketbleed zranitelnosti: CVE-2016-9244 CWE-200	OK { not vulnerable }
ROBOT zranitelnosti: CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168 CWE-203	OK { not vulnerable }
secure_renego zranitelnosti: CWE-310	OK { supported }
secure_client_renego zranitelnosti: CVE-2011-1473 CWE-310	OK { not vulnerable }
CRIME_TLS zranitelnosti: CVE-2012-4929 CWE-310	OK { not vulnerable }
BREACH zranitelnosti: CVE-2013-3587 CWE-310	OK { not vulnerable, no gzip/deflate/compress/br HTTP compression - only supplied '/' tested }
POODLE_SSL zranitelnosti: CVE-2014-3566 CWE-310	OK { not vulnerable, no SSLv3 }
fallback_SCSV	OK { no protocol below TLS 1.2 offered }
SWEET32 zranitelnosti: CVE-2016-2183 CVE-2016-6329 CWE-327	OK { not vulnerable }
FREAK zranitelnosti: CVE-2015-0204 CWE-310	OK { not vulnerable }
DROWN zranitelnosti: CVE-2016-0800 CVE-2016-0703 CWE-310	OK { not vulnerable on this host and port }
DROWN_hint zranitelnosti: CVE-2016-0800 CVE-2016-0703 CWE-310	INFO { Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=53CF89455D29ACBE01934E959F74D4273C02D606FD6DCB975320A3BE669290D9 }
LOGJAM zranitelnosti: CVE-2015-4000 CWE-310	OK { not vulnerable, no DH EXPORT ciphers, }
LOGJAM-common_primes zranitelnosti: CVE-2015-4000 CWE-310	OK { -- }
BEAST zranitelnosti: CVE-2011-3389 CWE-20	OK { not vulnerable, no SSL3 or TLS1 }
LUCKY13 zranitelnosti: CVE-2013-0169 CWE-310	LOW { potentially vulnerable, uses TLS CBC ciphers }
winshock zranitelnosti: CVE-2014-6321 CWE-94	OK { not vulnerable }
RC4 zranitelnosti: CVE-2013-2566 CVE-2015-2808 CWE-310	OK { not vulnerable }
clientsimulation-android_442	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-android_500	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-android_60	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-android_70	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-android_81	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-android_90	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-android_X	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-chrome_74_win10	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-chrome_79_win10	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-firefox_66_win81	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-firefox_71_win10	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-ie_6_xp	INFO { No connection }
clientsimulation-ie_8_win7	INFO { No connection }
clientsimulation-ie_8_xp	INFO { No connection }
clientsimulation-ie_11_win7	INFO { TLSv1.2 DHE-RSA-AES128-GCM-SHA256 }
clientsimulation-ie_11_win81	INFO { TLSv1.2 DHE-RSA-AES128-GCM-SHA256 }
clientsimulation-ie_11_winphone81	INFO { TLSv1.2 ECDHE-RSA-AES128-SHA256 }
clientsimulation-ie_11_win10	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-edge_15_win10	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-edge_17_win10	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-opera_66_win10	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-safari_9_ios9	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-safari_9_osx1011	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-safari_10_osx1012	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-safari_121_ios_122	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-safari_130_osx_10146	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-apple_ats_9_ios9	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-java_6u45	INFO { No connection }
clientsimulation-java_7u25	INFO { No connection }
clientsimulation-java_8u161	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-java1102	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-java1201	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-openssl_102e	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-openssl_110l	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-openssl_111d	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
clientsimulation-thunderbird_68_3_1	INFO { TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 }
rating_spec	INFO { SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30) }
rating_doc	INFO { https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide }
protocol_support_score	INFO { 0 }
protocol_support_score_weighted	INFO { 0 }
key_exchange_score	INFO { 0 }
key_exchange_score_weighted	INFO { 0 }
cipher_strength_score	INFO { 0 }
cipher_strength_score_weighted	INFO { 0 }
final_score	INFO { 0 }
overall_grade	CRITICAL { T }
grade_cap_reason_1	INFO { Grade capped to T. Issues with the chain of trust (chain incomplete) }
grade_cap_reason_2	INFO { Grade capped to A. HSTS is not offered }
scanTime	INFO { 97 }

10 000+

2020-22

600+

rok 2020 zdarma

Hlídač Web NÚKIB Detailní analýza HTTPs pro Web NÚKIB

Web NÚKIB
https://www.govcert.cz/

Zabezpečení komunikace

Výsledek analýzy HTTPS na www.govcert.cz ze dne 30.04.2024

Detailní analýza

Přehledy

K-IndexIndex klíčových rizik úřadů

Žebříčky K-Indexu

Platy v nejdůležitějších úřadech

Firmy / subjekty

Speciální reporty

Rady pro uživatele Registru smluv

Statistiky smluv

Speciální reporty

Smlouvy uveřejněné konkrétní den

Zakázky podle oborů

Zakázky podle zadavatelů

10 000+

2020-22

600+

rok 2020 zdarma

Hlídač státu

Podpořte nás!

Hlídač Web NÚKIB Detailní analýza HTTPs pro Web NÚKIB

Web NÚKIB https://www.govcert.cz/

Zabezpečení komunikace

Výsledek analýzy HTTPS na www.govcert.cz ze dne 30.04.2024

Detailní analýza

K-Index
Index klíčových rizik úřadů

Web NÚKIB
https://www.govcert.cz/