Národní úřad pro kybernetickou a informační bezpečnost Národní úřad pro kybernetickou a informační bezpečnost
Služba je chráněna certifikátem od certifikační autority, kterou hlavní prohlížeče neznají hlavní prohlížeče neznají nebo jí nedůvěřují. V českých podmínkách to znamená nejspíše certifikáty vydané našimi vnitrostátními autoritami (ICA, PostSignum a eIdentity), které sice stát zákonem prohlásil za důvěryhodné, ale které nesplňují mezinárodní podmínky nutné proto, aby je za důvěryhodné pokládali i autoři prohlížečů.
Detailní report z HTTPs analýzy pomocí nástroje testssl.sh
server | www.govcert.cz/81.95.110.57 |
pre_128cipher |
INFO
{
No 128 cipher limit bug} |
SSLv2 |
OK
{
not offered} |
SSLv3 |
OK
{
not offered} |
TLS1 |
INFO
{
not offered} |
TLS1_1 |
INFO
{
not offered} |
TLS1_2 |
OK
{
offered} |
TLS1_3 |
INFO
{
not offered + downgraded to weaker protocol} |
NPN |
INFO
{
offered with h2, http/1.1 (advertised)} |
ALPN_HTTP2 |
OK
{
h2} |
ALPN |
INFO
{
http/1.1} |
cipherlist_NULL
zranitelnosti:
CWE-327
|
OK
{
not offered} |
cipherlist_aNULL
zranitelnosti:
CWE-327
|
OK
{
not offered} |
cipherlist_EXPORT
zranitelnosti:
CWE-327
|
OK
{
not offered} |
cipherlist_LOW
zranitelnosti:
CWE-327
|
OK
{
not offered} |
cipherlist_3DES_IDEA
zranitelnosti:
CWE-310
|
INFO
{
not offered} |
cipherlist_AVERAGE
zranitelnosti:
CWE-310
|
LOW
{
offered} |
cipherlist_GOOD |
OK
{
offered} |
cipherlist_STRONG |
OK
{
offered} |
cipher_order |
OK
{
server} |
protocol_negotiated |
OK
{
Default protocol TLS1.2} |
cipher_negotiated |
OK
{
ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)} |
cipher-tls1_2_xc02f |
OK
{
TLSv1.2 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256} |
cipher-tls1_2_xc030 |
OK
{
TLSv1.2 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384} |
cipher-tls1_2_x9e |
OK
{
TLSv1.2 x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256} |
cipher-tls1_2_x9f |
OK
{
TLSv1.2 x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384} |
cipher-tls1_2_xc027 |
LOW
{
TLSv1.2 xc027 ECDHE-RSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256} |
cipher-tls1_2_xc013 |
LOW
{
TLSv1.2 xc013 ECDHE-RSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA} |
cipher-tls1_2_xc028 |
LOW
{
TLSv1.2 xc028 ECDHE-RSA-AES256-SHA384 ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384} |
cipher-tls1_2_xc014 |
LOW
{
TLSv1.2 xc014 ECDHE-RSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA} |
cipher-tls1_2_x67 |
LOW
{
TLSv1.2 x67 DHE-RSA-AES128-SHA256 DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256} |
cipher-tls1_2_x33 |
LOW
{
TLSv1.2 x33 DHE-RSA-AES128-SHA DH 2048 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA} |
cipher-tls1_2_x6b |
LOW
{
TLSv1.2 x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256} |
cipher-tls1_2_x39 |
LOW
{
TLSv1.2 x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA} |
cipher-tls1_2_x9c |
OK
{
TLSv1.2 x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256} |
cipher-tls1_2_x9d |
OK
{
TLSv1.2 x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384} |
cipher-tls1_2_x3c |
LOW
{
TLSv1.2 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256} |
cipher-tls1_2_x3d |
LOW
{
TLSv1.2 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256} |
cipher-tls1_2_x2f |
LOW
{
TLSv1.2 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA} |
cipher-tls1_2_x35 |
LOW
{
TLSv1.2 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA} |
cipher-tls1_2_xc0a3 |
OK
{
TLSv1.2 xc0a3 DHE-RSA-AES256-CCM8 DH 2048 AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8} |
cipher-tls1_2_xc09f |
OK
{
TLSv1.2 xc09f DHE-RSA-AES256-CCM DH 2048 AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM} |
cipher-tls1_2_xc0a2 |
OK
{
TLSv1.2 xc0a2 DHE-RSA-AES128-CCM8 DH 2048 AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8} |
cipher-tls1_2_xc09e |
OK
{
TLSv1.2 xc09e DHE-RSA-AES128-CCM DH 2048 AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM} |
cipher-tls1_2_xc0a1 |
OK
{
TLSv1.2 xc0a1 AES256-CCM8 RSA AESCCM8 256 TLS_RSA_WITH_AES_256_CCM_8} |
cipher-tls1_2_xc09d |
OK
{
TLSv1.2 xc09d AES256-CCM RSA AESCCM 256 TLS_RSA_WITH_AES_256_CCM} |
cipher-tls1_2_xc0a0 |
OK
{
TLSv1.2 xc0a0 AES128-CCM8 RSA AESCCM8 128 TLS_RSA_WITH_AES_128_CCM_8} |
cipher-tls1_2_xc09c |
OK
{
TLSv1.2 xc09c AES128-CCM RSA AESCCM 128 TLS_RSA_WITH_AES_128_CCM} |
cipher-tls1_2_xc077 |
LOW
{
TLSv1.2 xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH 253 Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384} |
cipher-tls1_2_xc4 |
LOW
{
TLSv1.2 xc4 DHE-RSA-CAMELLIA256-SHA256 DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256} |
cipher-tls1_2_xc076 |
LOW
{
TLSv1.2 xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH 253 Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256} |
cipher-tls1_2_xbe |
LOW
{
TLSv1.2 xbe DHE-RSA-CAMELLIA128-SHA256 DH 2048 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256} |
cipher-tls1_2_x88 |
LOW
{
TLSv1.2 x88 DHE-RSA-CAMELLIA256-SHA DH 2048 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA} |
cipher-tls1_2_x45 |
LOW
{
TLSv1.2 x45 DHE-RSA-CAMELLIA128-SHA DH 2048 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA} |
cipher-tls1_2_xc0 |
LOW
{
TLSv1.2 xc0 CAMELLIA256-SHA256 RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256} |
cipher-tls1_2_xba |
LOW
{
TLSv1.2 xba CAMELLIA128-SHA256 RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256} |
cipher-tls1_2_x84 |
LOW
{
TLSv1.2 x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA} |
cipher-tls1_2_x41 |
LOW
{
TLSv1.2 x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA} |
cipherorder_TLSv1_2 |
INFO
{
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM AES256-CCM8 AES256-CCM AES128-CCM8 AES128-CCM ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA256-SHA256 CAMELLIA128-SHA256 CAMELLIA256-SHA CAMELLIA128-SHA} |
FS |
OK
{
offered} |
FS_ciphers |
INFO
{
ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA} |
FS_ECDHE_curves |
OK
{
prime256v1 secp384r1 secp521r1 X25519 X448} |
DH_groups |
OK
{
Unknown DH group (2048 bits)} |
TLS_extensions |
INFO
{
'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'session ticket/#35' 'next protocol/#13172' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'encrypt-then-mac/#22' 'extended master secret/#23'} |
TLS_session_ticket |
INFO
{
valid for 300 seconds only (<daily)} |
SSL_sessionID_support |
INFO
{
yes} |
sessionresumption_ticket |
INFO
{
supported} |
sessionresumption_ID |
INFO
{
supported} |
TLS_timestamp |
INFO
{
random} |
cert_compression |
INFO
{
N/A} |
clientAuth |
INFO
{
none} |
cert_numbers |
INFO
{
1} |
cert_signatureAlgorithm |
OK
{
SHA384 with RSA} |
cert_keySize |
OK
{
RSA 4096 bits (exponent is 65537)} |
cert_keyUsage |
INFO
{
Digital Signature, Key Encipherment} |
cert_extKeyUsage |
INFO
{
TLS Web Server Authentication, TLS Web Client Authentication} |
cert_serialNumber |
INFO
{
7A86C329133BA41E9F3C55A8DE418609} |
cert_serialNumberLen |
INFO
{
16} |
cert_fingerprintSHA1 |
INFO
{
0C005915B085897C687C9F00A27C556CDDB59C6B} |
cert_fingerprintSHA256 |
INFO
{
53CF89455D29ACBE01934E959F74D4273C02D606FD6DCB975320A3BE669290D9} |
cert |
INFO
{
-----BEGIN CERTIFICATE----- MIIIhTCCBm2gAwIBAgIQeobDKRM7pB6fPFWo3kGGCTANBgkqhkiG9w0BAQwFADBE MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjQwMjA5MDAwMDAwWhcNMjUwMjA4MjM1 OTU5WjCBhzELMAkGA1UEBhMCQ1oxGzAZBgNVBAgMEkppaG9tb3JhdnNrw70ga3Jh ajFGMEQGA1UECgw9TsOhcm9kbsOtIMO6xZlhZCBwcm8ga3liZXJuZXRpY2tvdSBh IGluZm9ybWHEjW7DrSBiZXpwZcSNbm9zdDETMBEGA1UEAxMKZ292Y2VydC5jejCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALsSAzQlvEZ3zow7DFntSCX/ GOhOkroSWvgpf1sePfG8PQp/8fzmUf8gvyudqclzoR6/r1+gU/SQWQbJCaA/LkqM Hk9RGNzJ6UriHq0zyKDmfYtF+rjbjvXGvoCEomFyQc5eKooWDtj7R1MlaejJwEVs 2Uwp9tiXAAaa46lOL4tSJPiRduPSTHGIvozdgQyrPRu91L8yYwMsKUoUSWN8t4ga 24fT2U/duyQLmL9GeoL7fF/MnRCWt6MTXmtbWST41LQsSugHt+Qcea6MHthsPoMe wI9dDRJtx4PddX6ai1MeUnjW2NtDxTWIDcZHTE4Y9wj5SWXBVbx6SKpyZ3qIe21d S7QAFLgSfyp6zds3vY26BoT75AldDqJORvoN57MVrU10Q1cTKNeKcN+PZ4nvurmB RKPxN6b77aE1dI9h+M5TFX7agrtfGHGXmIRamJcJmfcVbtxfpAVTfbYhQmNhdVQI 4UKQnIJW8mSutnI/CIQJ+8ZfGcZ6KdOLTtTkeH5nPi4ZrXHEsuo1b9O/wCqR892D XyWbmTs91LNT94EGVrkwKE+2V9FtG1qh/Jpj0iAepTF+CNDhq++EQa2ojmrjN9Pd KwibhUg4KXblf9EAL2YKGH65s9mTYRTagTnR1/KFg9pHy+plWgjjN5OKIpbChocN 86eWEs6R3ZDNIKIhZJAfAgMBAAGjggMtMIIDKTAfBgNVHSMEGDAWgBRvHTVJEGwy +lmgnryK6B+VvnF6DDAdBgNVHQ4EFgQUxL1nduNoQTWgna8j5eRGK4dFqpowDgYD VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAk8wJTAjBggrBgEFBQcC ARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMD8GA1UdHwQ4MDYw NKAyoDCGLmh0dHA6Ly9HRUFOVC5jcmwuc2VjdGlnby5jb20vR0VBTlRPVlJTQUNB NC5jcmwwdQYIKwYBBQUHAQEEaTBnMDoGCCsGAQUFBzAChi5odHRwOi8vR0VBTlQu Y3J0LnNlY3RpZ28uY29tL0dFQU5UT1ZSU0FDQTQuY3J0MCkGCCsGAQUFBzABhh1o dHRwOi8vR0VBTlQub2NzcC5zZWN0aWdvLmNvbTCCAX4GCisGAQQB1nkCBAIEggFu BIIBagFoAHcAzxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGNjZaS BwAABAMASDBGAiEAl2tAXzY4ByRN3liDbA5CkbEsoW+YCvutMq7EE0I97FMCIQCn MN7iB8zSl7cewaycYF/7uS2v74aVaX8fRxZ2ob4oygB1AKLjCuRF772tm3447Udn d1PXgluElNcrXhssxLlQpEfnAAABjY2WkoYAAAQDAEYwRAIgYdAP6YKgKrbsHXHD Fmqh7OVlJEKfkn0FaYcY1kSAMfoCIAHlqdXqYjfZaRqcHQvpyI5P3x8q2LelZDl4 2UA2trTxAHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGNjZaS LwAABAMARzBFAiEAl1VnChKqS78/OaPrLGFQG6tc0gqjPFcCvmNVygneW44CIAfX l9/4zJZ3CAPxWQ2vo4yrwLId+lG791NPAsrV1CakMCUGA1UdEQQeMByCCmdvdmNl cnQuY3qCDnd3dy5nb3ZjZXJ0LmN6MA0GCSqGSIb3DQEBDAUAA4ICAQCNZ/tm4gch KbYb/plc+vBCqim7oyVOifGVBeor2kSWfLYgyd2a2NRI3TwoOFnhUYAXzgnPSomw bsK9YkYn0YAgzhvD99QUg4XCXe5bYIxtv13X1lNB7x9rZ7oIsIEoSgDcD+aJKhQS sZScQO3QfwREgQfCTd2nWNkG+hOh5a3AJSeibQDKdji7hAZ2+k3K9oFg8nsooHWr vS8lDBTAbIpTF6ZWxdJdYqLPvbJSuGbrgz7Juf9wStXc0j57nBSYqJg7HBz6QlRR Ftpz/m9mb/nO3ymindjJEhsgntBKGZMuPjtMzegWFnh3d33Izb2nF7CDmg0fcns1 vcrF+81gCvtnc92eq6LyZfp1fJWhD5EqJ4iflaqZ0l/iJZ3OYatklomyVf1GQs21 CFtFgrRgWp5Jq9b2MySkjw9/8kfX1S4Q3kJF1hf/0cToh/GYxdaWSOJq2/x28VXP I9dZyXagfjCF2W0BDvQjT/iqkNU7HmAOEJXRVPYlOaCvrewAUcVJXixtuMif63Qr JsTs3pRQ0lr3fl/xY1lrU7KOt2kzwkXRV+8AiDQVuGAjwLRc8ICeNxrm2A4yZqy5 RmTtrWsp651GqtfkCQje4dC1+lNsD8giq4RuffAkaJ6r5eSYMPzSD8M86M4033lB 67AJUgOmjhO2smsWVGlCcTPme/ix0X6R5w== -----END CERTIFICATE-----} |
cert_commonName |
OK
{
govcert.cz} |
cert_commonName_wo_SNI |
INFO
{
gds161.active24.cz} |
cert_subjectAltName |
INFO
{
govcert.cz www.govcert.cz} |
cert_trust |
OK
{
Ok via SAN (SNI mandatory)} |
cert_chain_of_trust |
CRITICAL
{
failed (chain incomplete).} |
cert_certificatePolicies_EV |
INFO
{
no} |
cert_expirationStatus |
OK
{
284 >= 60 days} |
cert_notBefore |
INFO
{
2024-02-09 00:00} |
cert_notAfter |
OK
{
2025-02-08 23:59} |
cert_extlifeSpan |
OK
{
certificate has no extended life time according to browser forum} |
cert_eTLS |
INFO
{
not present} |
cert_crlDistributionPoints |
INFO
{
http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl} |
cert_ocspURL |
INFO
{
http://GEANT.ocsp.sectigo.com} |
OCSP_stapling |
LOW
{
not offered} |
cert_mustStapleExtension |
INFO
{
--} |
DNS_CAArecord |
LOW
{
--} |
certificate_transparency |
OK
{
yes (certificate extension)} |
certs_countServer |
INFO
{
2} |
certs_list_ordering_problem |
LOW
{
yes} |
cert_caIssuers |
INFO
{
GEANT OV RSA CA 4 (GEANT Vereniging from NL)} |
intermediate_cert <#1> |
INFO
{
-----BEGIN CERTIFICATE----- MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQG EwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFt MQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnio Snc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDS lrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10 VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct 85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8 mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEA AaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkG CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js MDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk SURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnS JRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq hkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xd xgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJ WYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lC J1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ +hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5 hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng== -----END CERTIFICATE-----} |
intermediate_cert_fingerprintSHA256 <#1> |
INFO
{
BEB8EFE9B1A73C841B375A90E5FFF8048848E3A2AF66F6C4DD7B938D6FE8C5D8} |
intermediate_cert_notBefore <#1> |
INFO
{
2014-11-18 12:00} |
intermediate_cert_notAfter <#1> |
OK
{
2024-11-18 12:00} |
intermediate_cert_expiration <#1> |
OK
{
ok > 40 days} |
intermediate_cert_chain <#1> |
INFO
{
TERENA SSL CA 3 <-- DigiCert Assured ID Root CA} |
intermediate_cert_badOCSP |
OK
{
intermediate certificate(s) is/are ok} |
HTTP_status_code |
INFO
{
301 Moved Permanently ('/')} |
HTTP_clock_skew |
INFO
{
0 seconds from localtime} |
HTTP_headerTime |
INFO
{
1714507554} |
HSTS |
LOW
{
not offered} |
HPKP |
INFO
{
No support for HTTP Public Key Pinning} |
banner_server |
INFO
{
nginx} |
banner_application |
INFO
{
No application banner found} |
cookie_count |
INFO
{
0 at '/' (30x detected, better try target URL of 30x)} |
security_headers |
MEDIUM
{
--} |
banner_reverseproxy
zranitelnosti:
CWE-200
|
INFO
{
--} |
heartbleed
zranitelnosti:
CVE-2014-0160
CWE-119
|
OK
{
not vulnerable, no heartbeat extension} |
CCS
zranitelnosti:
CVE-2014-0224
CWE-310
|
OK
{
not vulnerable} |
ticketbleed
zranitelnosti:
CVE-2016-9244
CWE-200
|
OK
{
not vulnerable} |
ROBOT |
OK
{
not vulnerable} |
secure_renego
zranitelnosti:
CWE-310
|
OK
{
supported} |
secure_client_renego
zranitelnosti:
CVE-2011-1473
CWE-310
|
OK
{
not vulnerable} |
CRIME_TLS
zranitelnosti:
CVE-2012-4929
CWE-310
|
OK
{
not vulnerable} |
BREACH
zranitelnosti:
CVE-2013-3587
CWE-310
|
OK
{
not vulnerable, no gzip/deflate/compress/br HTTP compression - only supplied '/' tested} |
POODLE_SSL
zranitelnosti:
CVE-2014-3566
CWE-310
|
OK
{
not vulnerable, no SSLv3} |
fallback_SCSV |
OK
{
no protocol below TLS 1.2 offered} |
SWEET32 |
OK
{
not vulnerable} |
FREAK
zranitelnosti:
CVE-2015-0204
CWE-310
|
OK
{
not vulnerable} |
DROWN |
OK
{
not vulnerable on this host and port} |
DROWN_hint |
INFO
{
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=53CF89455D29ACBE01934E959F74D4273C02D606FD6DCB975320A3BE669290D9} |
LOGJAM
zranitelnosti:
CVE-2015-4000
CWE-310
|
OK
{
not vulnerable, no DH EXPORT ciphers,} |
LOGJAM-common_primes
zranitelnosti:
CVE-2015-4000
CWE-310
|
OK
{
--} |
BEAST
zranitelnosti:
CVE-2011-3389
CWE-20
|
OK
{
not vulnerable, no SSL3 or TLS1} |
LUCKY13
zranitelnosti:
CVE-2013-0169
CWE-310
|
LOW
{
potentially vulnerable, uses TLS CBC ciphers} |
winshock
zranitelnosti:
CVE-2014-6321
CWE-94
|
OK
{
not vulnerable} |
RC4 |
OK
{
not vulnerable} |
clientsimulation-android_442 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-android_500 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-android_60 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-android_70 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-android_81 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-android_90 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-android_X |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-chrome_74_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-chrome_79_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-firefox_66_win81 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-firefox_71_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-ie_6_xp |
INFO
{
No connection} |
clientsimulation-ie_8_win7 |
INFO
{
No connection} |
clientsimulation-ie_8_xp |
INFO
{
No connection} |
clientsimulation-ie_11_win7 |
INFO
{
TLSv1.2 DHE-RSA-AES128-GCM-SHA256} |
clientsimulation-ie_11_win81 |
INFO
{
TLSv1.2 DHE-RSA-AES128-GCM-SHA256} |
clientsimulation-ie_11_winphone81 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-SHA256} |
clientsimulation-ie_11_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-edge_15_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-edge_17_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-opera_66_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-safari_9_ios9 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-safari_9_osx1011 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-safari_10_osx1012 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-safari_121_ios_122 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-safari_130_osx_10146 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-apple_ats_9_ios9 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-java_6u45 |
INFO
{
No connection} |
clientsimulation-java_7u25 |
INFO
{
No connection} |
clientsimulation-java_8u161 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-java1102 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-java1201 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-openssl_102e |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-openssl_110l |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-openssl_111d |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-thunderbird_68_3_1 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
rating_spec |
INFO
{
SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)} |
rating_doc |
INFO
{
https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide} |
protocol_support_score |
INFO
{
0} |
protocol_support_score_weighted |
INFO
{
0} |
key_exchange_score |
INFO
{
0} |
key_exchange_score_weighted |
INFO
{
0} |
cipher_strength_score |
INFO
{
0} |
cipher_strength_score_weighted |
INFO
{
0} |
final_score |
INFO
{
0} |
overall_grade |
CRITICAL
{
T} |
grade_cap_reason_1 |
INFO
{
Grade capped to T. Issues with the chain of trust (chain incomplete)} |
grade_cap_reason_2 |
INFO
{
Grade capped to A. HSTS is not offered} |
scanTime |
INFO
{
97} |