Přihlásit se Registrace
Smlouvy Dotace Platy Úřady Zakázky Sponzoři & firmy PastVina 
❤ Podpořte nás Přihlásit se Registrace
Hledat v Hlídači státu
Nápověda jak vyhledávat Snadné hledání
  1. Hlídač Státu
  2. Hlídač Webů
  3. Detailní analýza HTTPs pro IS prevence rizikového chování

Hlídač IS prevence rizikového chování Detailní analýza HTTPs pro IS prevence rizikového chování

IS prevence rizikového chování
http://is-prevence.msmt.cz

Národní pedagogický institut České republiky (zařízení pro další vzdělávání pedagogických pracovníků) Možnost podání projektové žádosti v dotačním řízení MŠMT

Zabezpečení komunikace

T
Certifikát expiroval před 179 dny.

Výsledek analýzy HTTPS na is-prevence.msmt.cz ze dne 17.06.2026

Služba je chráněna certifikátem od certifikační autority, kterou hlavní prohlížeče neznají nebo jí nedůvěřují. V českých podmínkách to znamená nejspíše certifikáty vydané našimi vnitrostátními autoritami (ICA, PostSignum a eIdentity), které sice stát zákonem prohlásil za důvěryhodné, ale které nesplňují mezinárodní podmínky nutné proto, aby je za důvěryhodné pokládali i autoři prohlížečů.

Detailní analýza

Detailní report z HTTPs analýzy pomocí nástroje testssl.sh

server is-prevence.msmt.cz/195.113.77.142
pre_128cipher INFO { 
No 128 cipher limit bug
}
SSLv2 OK { 
not offered
}
SSLv3 OK { 
not offered
}
TLS1 INFO { 
not offered
}
TLS1_1 INFO { 
not offered
}
TLS1_2 OK { 
offered
}
TLS1_3 INFO { 
not offered + downgraded to weaker protocol
}
NPN INFO { 
not offered
}
ALPN INFO { 
not offered
}
cipherlist_NULL
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_aNULL
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_EXPORT
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_LOW
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_3DES_IDEA
zranitelnosti: CWE-310
INFO { 
not offered
}
cipherlist_AVERAGE
zranitelnosti: CWE-310
LOW { 
offered
}
cipherlist_GOOD INFO { 
not offered
}
cipherlist_STRONG OK { 
offered
}
cipher_order OK { 
server
}
protocol_negotiated OK { 
Default protocol TLS1.2
}
cipher_negotiated OK { 
ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
}
cipher-tls1_2_xc030 OK { 
TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
}
cipher-tls1_2_xc028 LOW { 
TLSv1.2   xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}
cipher-tls1_2_xc014 LOW { 
TLSv1.2   xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
}
cipher-tls1_2_x9f OK { 
TLSv1.2   x9f     DHE-RSA-AES256-GCM-SHA384         DH 2048    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
}
cipher-tls1_2_x6b LOW { 
TLSv1.2   x6b     DHE-RSA-AES256-SHA256             DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
}
cipher-tls1_2_x39 LOW { 
TLSv1.2   x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
}
cipher-tls1_2_xc02f OK { 
TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
}
cipher-tls1_2_xc027 LOW { 
TLSv1.2   xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
}
cipher-tls1_2_xc013 LOW { 
TLSv1.2   xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
}
cipher-tls1_2_x9e OK { 
TLSv1.2   x9e     DHE-RSA-AES128-GCM-SHA256         DH 2048    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
}
cipher-tls1_2_x67 LOW { 
TLSv1.2   x67     DHE-RSA-AES128-SHA256             DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
cipher-tls1_2_x33 LOW { 
TLSv1.2   x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
}
cipherorder_TLSv1_2 INFO { 
ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA
}
FS OK { 
offered
}
FS_ciphers INFO { 
ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA
}
FS_ECDHE_curves OK { 
prime256v1
}
DH_groups OK { 
RFC3526/Oakley Group 14
}
TLS_extensions INFO { 
'server name/#0' 'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'heartbeat/#15'
}
TLS_session_ticket INFO { 
valid for 300 seconds only (<daily)
}
SSL_sessionID_support INFO { 
yes
}
sessionresumption_ticket INFO { 
supported
}
sessionresumption_ID INFO { 
supported
}
TLS_timestamp INFO { 
random
}
cert_compression INFO { 
N/A
}
clientAuth INFO { 
none
}
cert_numbers INFO { 
1
}
cert_signatureAlgorithm OK { 
SHA384 with RSA
}
cert_keySize INFO { 
RSA 2048 bits (exponent is 65537)
}
cert_keyUsage INFO { 
Digital Signature, Key Encipherment
}
cert_extKeyUsage INFO { 
TLS Web Server Authentication, TLS Web Client Authentication
}
cert_serialNumber INFO { 
66E34D0D19AABF0107C60A5CD5A347B6
}
cert_serialNumberLen INFO { 
16
}
cert_fingerprintSHA1 INFO { 
E4DDB68D3881FB7E8DCDE70E7D6EFC75A424A3D3
}
cert_fingerprintSHA256 INFO { 
DDD9E1BCF08360AFC866AB864CFC1DABF3F1595849BDF6ED8396AE0571B2C578
}
cert INFO { 
-----BEGIN CERTIFICATE----- MIIHgDCCBWigAwIBAgIQZuNNDRmqvwEHxgpc1aNHtjANBgkqhkiG9w0BAQwFADBE MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjQxMjIwMDAwMDAwWhcNMjUxMjIwMjM1 OTU5WjCBiDELMAkGA1UEBhMCQ1oxHjAcBgNVBAgMFVByYWhhLCBIbGF2bsOtIG3E m3N0bzE7MDkGA1UECgwyTWluaXN0ZXJzdHZvIMWha29sc3R2w60sIG1sw6FkZcW+ ZSBhIHTEm2xvdsO9Y2hvdnkxHDAaBgNVBAMTE2lzLXByZXZlbmNlLm1zbXQuY3ow ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhZDLHaOKWNhCBmkAUHW+c NXbfKbNRCyZR0ZkoTHa3pI5kJTflhJg8G08DVPF4QnBKXEazcFwT+ZHfaa17ACBT GnzYHMFf/FoVVVxzSDLPwPzOZL9TlYErb5uqT3EV/nml+wWP1/67oBOt4zDS3joM y77JfDPCVcHMx5W52ZEH9cI1fgMg1HpvIIJFBbtWT5P/VvZjDiWE4YB+YvyaxcUY PMgTOPC08Dnzu1jxfQ2lEL1jJcLio9Dkz98JgcwbtfUhHbfHUsldD+258C9S1O/t XKHgJZ4JPG+qAXA6Kr88ySj5VtrCGgIUN+xDsjixHh0IJbRn9qVLNcb9GKYasMUn AgMBAAGjggMnMIIDIzAfBgNVHSMEGDAWgBRvHTVJEGwy+lmgnryK6B+VvnF6DDAd BgNVHQ4EFgQU2oMYzsujsmqA3umJv9uudqBIvlIwDgYDVR0PAQH/BAQDAgWgMAwG A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1Ud IARCMEAwNAYLKwYBBAGyMQECAk8wJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0 aWdvLmNvbS9DUFMwCAYGZ4EMAQICMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9H RUFOVC5jcmwuc2VjdGlnby5jb20vR0VBTlRPVlJTQUNBNC5jcmwwdQYIKwYBBQUH AQEEaTBnMDoGCCsGAQUFBzAChi5odHRwOi8vR0VBTlQuY3J0LnNlY3RpZ28uY29t L0dFQU5UT1ZSU0FDQTQuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vR0VBTlQub2Nz cC5zZWN0aWdvLmNvbTCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYA3dzKNJXX 4RYF55Uy+sef+D0cUN/bADoUEnYKLKy7yCoAAAGT4zDd6wAABAMARzBFAiEAzmAj qGfqjvWdXdGBuinAd1SvNTwVATZMP+LyjCs+FeoCIBTQKVet9bmwof3byhojsIt1 EkAM4Nkq+htg2w6PhyiEAHcAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5M DbAAAAGT4zDdqAAABAMASDBGAiEAldSp/1QjgDOW18NfyTDu8GGA7HSwwgfoWRk7 HhXXpYACIQCIlUjTYDRWEWoJWZOD2jfdjI5Gbb10Nv3G1wZM+gsqpQB2ABLxTjS9 U3JMhAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABk+Mw3YAAAAQDAEcwRQIgIYR3 htkvAW9vo3Gnppqljd/i9Al+qv5uWRuhz8p1ngQCIQDLM+YJbXhNuQj67ymoLyIK IgoUkqrXP4eBEY8xVXVZHDAeBgNVHREEFzAVghNpcy1wcmV2ZW5jZS5tc210LmN6 MA0GCSqGSIb3DQEBDAUAA4ICAQBqM16mobuBnyrrdKq3Lmb1C+4WxxVqS+ndkcej pjS37eM9PPE/6vK9NvfcX+dKXwoA86rC1H0TC1Bmo+PlYZp5ZMr6yFfOzD7w+hh1 aV6PgUtnqeWdXSRkXo6DxDDu7MtKQn+gCZm8tlaOlGZSaXCkE0OrnEU7u5aWGqcx EvXhqiigndZILH8pe6r4g6t5nEmOXOf5PNFc+fKGbe2F5drS112eV/ZBjANPztaa omGo+HFLODqaeuPVM/gpeDfz/dKsgiiO8itmYwY4TbENAqLSVVfUeP0J2bGv875x ydc6CniMiWVTOvJeWsZb6lbJ7WHKOke0G42BkYbv2v8CT/HMYmt7jekVS3nWgQvw ojVS8iOYJCAkwQZQiemZ3P2j7eJ+Z0kMlprVy1H6psaxta0rUHuSyzbRVMNSUsXp u99j5FWWY+sdaHx88c4c8LLzu7t+XqQpx9JLR1ts8YjwF0BqsdzAiBRQJoUdXZ8E yjN1HKGMoF1J4sFLy7mXVTnBmtlwiy2RVoxtQl8awT9gsaRMz4cxd41ao1MQaM6m EO45csZP3lQbPs2rT0/BemAl5w+fw/Biw2qkbchWoT9JgAIMADTo67BV2H96+8D+ BAx5kkTuC3YRoNT/8RCZ/SZWE6gnM1BcHAG6YEH3gIA39ME8SzCWhe/6dZ2NdtU4 IiSwmw== -----END CERTIFICATE-----
}
cert_commonName OK { 
is-prevence.msmt.cz
}
cert_commonName_wo_SNI INFO { 
nidv-web-02-prod
}
cert_subjectAltName INFO { 
is-prevence.msmt.cz
}
cert_trust OK { 
Ok via SAN and CN (SNI mandatory)
}
cert_chain_of_trust CRITICAL { 
failed (expired).
}
cert_certificatePolicies_EV INFO { 
no
}
cert_expirationStatus CRITICAL { 
expired
}
cert_notBefore INFO { 
2024-12-20 00:00
}
cert_notAfter CRITICAL { 
2025-12-20 23:59
}
cert_extlifeSpan OK { 
certificate has no extended life time according to browser forum
}
cert_eTLS INFO { 
not present
}
cert_crlDistributionPoints INFO { 
http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl
}
cert_ocspURL INFO { 
http://GEANT.ocsp.sectigo.com
}
OCSP_stapling LOW { 
not offered
}
cert_mustStapleExtension INFO { 
--
}
DNS_CAArecord OK { 
issue=harica.gr, issue=letsencrypt.org
}
certificate_transparency OK { 
yes (certificate extension)
}
certs_countServer INFO { 
4
}
certs_list_ordering_problem INFO { 
no
}
cert_caIssuers INFO { 
GEANT OV RSA CA 4 (GEANT Vereniging from NL)
}
intermediate_cert <#1> INFO { 
-----BEGIN CERTIFICATE----- MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1 2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8 lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0 dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6 Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/ ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r 48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2 bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0 vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY= -----END CERTIFICATE-----
}
intermediate_cert_fingerprintSHA256 <#1> INFO { 
37834FA5EA40FBF7B61196955962E1CA0558872435E4206653D3F620DD8E988E
}
intermediate_cert_notBefore <#1> INFO { 
2020-02-18 00:00
}
intermediate_cert_notAfter <#1> OK { 
2033-05-01 23:59
}
intermediate_cert_expiration <#1> OK { 
ok > 40 days
}
intermediate_cert_chain <#1> INFO { 
GEANT OV RSA CA 4 <-- USERTrust RSA Certification Authority
}
intermediate_cert <#2> INFO { 
-----BEGIN CERTIFICATE----- MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7 MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0 tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5 D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ 5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+ rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+ /czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA vGp4z7h/jnZymQyd/teRCBaho1+V -----END CERTIFICATE-----
}
intermediate_cert_fingerprintSHA256 <#2> INFO { 
68B9C761219A5B1F0131784474665DB61BBDB109E00F05CA9F74244EE5F5F52B
}
intermediate_cert_notBefore <#2> INFO { 
2019-03-12 00:00
}
intermediate_cert_notAfter <#2> OK { 
2028-12-31 23:59
}
intermediate_cert_expiration <#2> OK { 
ok > 40 days
}
intermediate_cert_chain <#2> INFO { 
USERTrust RSA Certification Authority <-- AAA Certificate Services
}
intermediate_cert <#3> INFO { 
-----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe 3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== -----END CERTIFICATE-----
}
intermediate_cert_fingerprintSHA256 <#3> INFO { 
D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4
}
intermediate_cert_notBefore <#3> INFO { 
2004-01-01 00:00
}
intermediate_cert_notAfter <#3> OK { 
2028-12-31 23:59
}
intermediate_cert_expiration <#3> OK { 
ok > 40 days
}
intermediate_cert_chain <#3> INFO { 
AAA Certificate Services <-- AAA Certificate Services
}
intermediate_cert_badOCSP OK { 
intermediate certificate(s) is/are ok
}
HTTP_status_code INFO { 
301 Moved Permanently ('/')
}
HTTP_clock_skew INFO { 
0 seconds from localtime
}
HTTP_headerTime INFO { 
1781727021
}
HSTS LOW { 
not offered
}
HPKP INFO { 
No support for HTTP Public Key Pinning
}
banner_server INFO { 
Apache
}
banner_application INFO { 
No application banner found
}
cookie_count INFO { 
0 at '/' (30x detected, better try target URL of 30x)
}
security_headers MEDIUM { 
--
}
banner_reverseproxy
zranitelnosti: CWE-200
INFO { 
--
}
heartbleed
zranitelnosti: CVE-2014-0160 CWE-119
OK { 
not vulnerable , timed out
}
CCS
zranitelnosti: CVE-2014-0224 CWE-310
OK { 
not vulnerable
}
ticketbleed
zranitelnosti: CVE-2016-9244 CWE-200
OK { 
not vulnerable
}
ROBOT
zranitelnosti: CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168 CWE-203
OK { 
not vulnerable, no RSA key transport cipher
}
secure_renego
zranitelnosti: CWE-310
OK { 
supported
}
secure_client_renego
zranitelnosti: CVE-2011-1473 CWE-310
OK { 
not vulnerable
}
CRIME_TLS
zranitelnosti: CVE-2012-4929 CWE-310
OK { 
not vulnerable
}
BREACH
zranitelnosti: CVE-2013-3587 CWE-310
OK { 
not vulnerable, no gzip/deflate/compress/br HTTP compression  - only supplied '/' tested
}
POODLE_SSL
zranitelnosti: CVE-2014-3566 CWE-310
OK { 
not vulnerable, no SSLv3
}
fallback_SCSV OK { 
no protocol below TLS 1.2 offered
}
SWEET32
zranitelnosti: CVE-2016-2183 CVE-2016-6329 CWE-327
OK { 
not vulnerable
}
FREAK
zranitelnosti: CVE-2015-0204 CWE-310
OK { 
not vulnerable
}
DROWN
zranitelnosti: CVE-2016-0800 CVE-2016-0703 CWE-310
OK { 
not vulnerable on this host and port
}
DROWN_hint
zranitelnosti: CVE-2016-0800 CVE-2016-0703 CWE-310
INFO { 
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=DDD9E1BCF08360AFC866AB864CFC1DABF3F1595849BDF6ED8396AE0571B2C578
}
LOGJAM-common_primes
zranitelnosti: CVE-2015-4000 CWE-310
INFO { 
RFC3526/Oakley Group 14
}
LOGJAM
zranitelnosti: CVE-2015-4000 CWE-310
OK { 
not vulnerable, no DH EXPORT ciphers,
}
BEAST
zranitelnosti: CVE-2011-3389 CWE-20
OK { 
not vulnerable, no SSL3 or TLS1
}
LUCKY13
zranitelnosti: CVE-2013-0169 CWE-310
LOW { 
potentially vulnerable, uses TLS CBC ciphers
}
winshock
zranitelnosti: CVE-2014-6321 CWE-94
OK { 
not vulnerable
}
RC4
zranitelnosti: CVE-2013-2566 CVE-2015-2808 CWE-310
OK { 
not vulnerable
}
clientsimulation-android_442 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_500 INFO { 
TLSv1.2 ECDHE-RSA-AES256-SHA
}
clientsimulation-android_60 INFO { 
TLSv1.2 ECDHE-RSA-AES256-SHA
}
clientsimulation-android_70 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_81 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_90 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_X INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-chrome_74_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-chrome_79_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-firefox_66_win81 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-firefox_71_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-ie_6_xp INFO { 
No connection
}
clientsimulation-ie_8_win7 INFO { 
No connection
}
clientsimulation-ie_8_xp INFO { 
No connection
}
clientsimulation-ie_11_win7 INFO { 
TLSv1.2 ECDHE-RSA-AES256-SHA384
}
clientsimulation-ie_11_win81 INFO { 
TLSv1.2 ECDHE-RSA-AES256-SHA384
}
clientsimulation-ie_11_winphone81 INFO { 
TLSv1.2 ECDHE-RSA-AES256-SHA
}
clientsimulation-ie_11_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-edge_15_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-edge_17_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-opera_66_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_9_ios9 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_9_osx1011 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_10_osx1012 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_121_ios_122 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_130_osx_10146 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-apple_ats_9_ios9 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-java_6u45 INFO { 
No connection
}
clientsimulation-java_7u25 INFO { 
No connection
}
clientsimulation-java_8u161 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-java1102 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-java1201 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-openssl_102e INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-openssl_110l INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-openssl_111d INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-thunderbird_68_3_1 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
rating_spec INFO { 
SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
}
rating_doc INFO { 
https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
}
protocol_support_score INFO { 
0
}
protocol_support_score_weighted INFO { 
0
}
key_exchange_score INFO { 
0
}
key_exchange_score_weighted INFO { 
0
}
cipher_strength_score INFO { 
0
}
cipher_strength_score_weighted INFO { 
0
}
final_score INFO { 
0
}
overall_grade CRITICAL { 
T
}
grade_cap_reason_1 INFO { 
Grade capped to T. Issues with the chain of trust (expired)
}
grade_cap_reason_2 INFO { 
Grade capped to T. Certificate expired
}
grade_cap_reason_3 INFO { 
Grade capped to A. HSTS is not offered
}
scanTime INFO { 
97
}