Hlídač eTržby - informační web EET Detailní analýza HTTPs pro eTržby - informační web EET

No 128 cipher limit bug

not offered

not offered

not offered

not offered

offered

not offered + downgraded to weaker protocol

not offered

h2

http/1.1

not offered

not offered

not offered

not offered

not offered

offered

offered

server

Default protocol TLS1.2

ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)

TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLSv1.2   x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384

TLSv1.2   x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256

ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA

offered

ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA

prime256v1 secp384r1 X25519

'renegotiation info/#65281' 'server name/#0' 'application layer protocol negotiation/#16' 'extended master secret/#23'

no -- no lifetime advertised

yes

not supported

not supported

off by -3 seconds from your localtime

N/A

none

1

SHA256 with RSA

RSA 2048 bits (exponent is 65537)

Digital Signature, Key Encipherment

TLS Web Server Authentication, TLS Web Client Authentication

019CB0B6FAEFB52D699042F24E5590EA

16

10E3A5A74125D38881C24FEEF84056B187FE8D81

90992489BA7BA5CD48AE38D198A4FD492242940749E454FE44612DC7D5478612

-----BEGIN CERTIFICATE----- MIIG7jCCBdagAwIBAgIQAZywtvrvtS1pkELyTlWQ6jANBgkqhkiG9w0BAQsFADBE MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH ZW9UcnVzdCBFViBSU0EgQ0EgRzIwHhcNMjQwODIxMDAwMDAwWhcNMjUwODIxMjM1 OTU5WjCBqDETMBEGCysGAQQBgjc8AgEDEwJDWjEaMBgGA1UEDwwRR292ZXJubWVu dCBFbnRpdHkxETAPBgNVBAUTCDcyMDgwMDQzMQswCQYDVQQGEwJDWjEOMAwGA1UE BxMFUHJhaGExLTArBgNVBAoMJEdlbmVyw6FsbsOtIGZpbmFuxI1uw60gxZllZGl0 ZWxzdHbDrTEWMBQGA1UEAxMNd3d3LmV0cnpieS5jejCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAJuLdauDFM7/57OGaHQag98ztYuKwqwEls1hsGSCrC+0 +HKrmCXEyuSTS+JDiQ+gU4R0X5dzUNsB2P7XyzPRD008WB+0luwODqzljDaVHwoU fV3xtZOg9LR4dljtbT+j2/f9ox6ABJAzLRNfIJO/DtnRpmN8aNxiednOtoIZfrrF ZtVpH9RTJ4KMk/wuu4obeuJ7ZNyL1KysIvIrYizpGKhIuKSrHDsiIY5Q+A3OvNeR f1YT+gR4cWJHjvQGOnvblbrnfXX0HP3zlO6wDCXHELedSZ6nmKbwT4Ww+G828D5k PEMZo06hdz5jAm/tbfa7+hnpXJIbsCSDWtg7hFMvwMsCAwEAAaOCA3UwggNxMB8G A1UdIwQYMBaAFCjSz+4JhHXdtbK1vzzVoMZziF0fMB0GA1UdDgQWBBTBBdRfNlVs 1n4lzRKwO2biC45ZZjA1BgNVHREELjAsgg13d3cuZXRyemJ5LmN6ghBlcG9kcG9y YS5tZmNyLmN6gglldHJ6YnkuY3owSgYDVR0gBEMwQTALBglghkgBhv1sAgEwMgYF Z4EMAQEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BT MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw dQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0dlb1Ry dXN0RVZSU0FDQUcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29t L0dlb1RydXN0RVZSU0FDQUcyLmNybDBzBggrBgEFBQcBAQRnMGUwJAYIKwYBBQUH MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA9BggrBgEFBQcwAoYxaHR0cDov L2NhY2VydHMuZGlnaWNlcnQuY29tL0dlb1RydXN0RVZSU0FDQUcyLmNydDAMBgNV HRMBAf8EAjAAMIIBgQYKKwYBBAHWeQIEAgSCAXEEggFtAWsAdwAS8U40vVNyTIQG GcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZF0JfAnAAAEAwBIMEYCIQDfdBnlVgzO TTcuGCBAJxsHk1pPP1r0fk6e1wc8HNfgXwIhAIXy2R8PNbxu8wNH3AjUZ2hLtQOX E0/fNlZUZTF42cckAHcAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgA AAGRdCXv3QAABAMASDBGAiEAui8HxshxEPKgH/fzMTtvq/8gvIfi+5xC4etgGeRK sBcCIQCGLEcqEs7kd4e3deiAneshGHGKPFOXJFZttAvoV139xgB3AObSMWNAd4zB EEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABkXQl8AIAAAQDAEgwRgIhAJUwuGkR wmExrMRy93WBOQuZzLL8kaYjDASzGCAVzWYOAiEAsEAU/jlBRmvpOpz9egbf41Ay dczZsb21MenIJIMAzAgwDQYJKoZIhvcNAQELBQADggEBAJdxxluSODp4aWcooKf5 LuU6Y69Vpdp/juS/264DbCLtxySgblzecKxMlp+d6js96QafyhGNnwoXka1mxJQe XH0aOoYMct5Ii9sYR12iv5xaBEE/CX5VqFDmwg/reuGkawj4fV4/jyoP4mO61iVi cj6hQknIkCbVjYTNCVNAjD9uPgo3k5I7mN6cdNjDlUvaDkQndv08hKU254vS5TWB JHNBM7WC3qRADtHzfxNwtCh3b85kxRuPgQVwT+967Ro4urlPhtvYsAucTMXFCQ65 xEQDjv4MNUkUyR3T3HrdJnQorJ0naXh8CITyg8bQwHkFNY4Lr+o9hxCSHwyxkDz+ 9HM= -----END CERTIFICATE-----

www.etrzby.cz

www.financnisprava.cz

www.etrzby.cz epodpora.mfcr.cz etrzby.cz

Ok via SAN and CN (SNI mandatory)

yes

2024-08-21 00:00

certificate has no extended life time according to browser forum

not present

http://crl3.digicert.com/GeoTrustEVRSACAG2.crl http://crl4.digicert.com/GeoTrustEVRSACAG2.crl

http://ocsp.digicert.com

--

yes (certificate extension)

2

no

GeoTrust EV RSA CA G2 (DigiCert Inc from US)

-----BEGIN CERTIFICATE----- MIIFPDCCBCSgAwIBAgIQDWASYsinchpuqwNh5WGVgDANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0yMDA3MDIxMjQyNTdaFw0zMDA3MDIxMjQyNTdaMEQxCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IEVWIFJT QSBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDSvFMMGIOI D2N+rpyaGTPfyItp3atCyimRJCPtAakU984EB19Zugrb82ui0iy0zLKMDrOuN+Ku H6jF4F4ZCoHjN7tFdMtSsCUAbrpFVO/5BLY+VTIg7YUN5LwRHUb2QVSGwKyIeYS+ SqPV8mzTMkG9GnWjG1IQT0F1+Xu7+uAGRFVnIdYCSBgl7iG4qOWZjcPKnW+3OJRO dZtwGE39E7WoasoW8Nvpu5FFp2WIsvY6B/0whr3w+xKeBYb2WNKI1ZXvk4y+AmUa BdRTY0HPBZ4+6Ipcq2Rl+QLQXQuGXH95YujYNYpbnV7ASU5/dVmqVPY0LHnp2sNK IN65/n+DbcsCAwEAAaOCAgswggIHMB0GA1UdDgQWBBQo0s/uCYR13bWytb881aDG c4hdHzAfBgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8E BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI MAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln aWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDA3oDWgM4YxaHR0cDov L2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDCBzgYD VR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5k aWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcCAjB+DHxBbnkgdXNlIG9mIHRoaXMg Q2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNjZXB0YW5jZSBvZiB0aGUgUmVseWlu ZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBhdCBodHRwczovL3d3dy5kaWdpY2Vy dC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUAA4IBAQBVbQs8KD6qRnOf/dtOHNAy ieoRcA1Zk3lGMLwqNfuLpTb9gDQFpvxGN/3X7i0mAEtRhN/r9fDv8oiVLn6gfpm0 UUN47vFJCzf5dqkV/N7LkMTqlhDA0Ve/GBJ3A2E5yFT7TgAGN4wJ9cCZrKbqKHVU RatwJ+T58jmhbvtEM7t2ucB7u+Dmu4KoOTEx8LR8+qn8OyLh1VLq75vzDTsnhTN5 3AgPdMVFk6F8sjT2P2xbvAb0kAlyAtldAtpGvBzXhacmRs7rTqz/oTDwYZLkrm+q EltdmGwUOWvFPjwucH6tS+gQgiUYiNJqijzI1jr8TZ01VGOSTW7rRUKgkN5WJqDA -----END CERTIFICATE-----

2D140F20B8A96E2B4D2F1CC5ACA5E5A1E7DC56A7491E510906960F38D2D21AEF

2020-07-02 12:42

2030-07-02 12:42

ok > 40 days

GeoTrust EV RSA CA G2 <-- DigiCert Global Root G2

intermediate certificate(s) is/are ok

302 Redirect ('/')

-1 seconds from localtime

1780085913

730 days (=63072000 seconds) > 15552000 seconds

includes subdomains

domain IS marked for preloading

No support for HTTP Public Key Pinning

No Server banner line in header, interesting!

No application banner found

0 at '/' (30x detected, better try target URL of 30x)

SAMEORIGIN

nosniff

default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';

1; mode=block

no-referrer

--

not vulnerable, no heartbeat extension

not vulnerable

no session ticket extension

not vulnerable

supported

not vulnerable

not vulnerable

not vulnerable, no gzip/deflate/compress/br HTTP compression  - only supplied '/' tested

not vulnerable, no SSLv3

no protocol below TLS 1.2 offered

not vulnerable

not vulnerable

not vulnerable on this host and port

Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=90992489BA7BA5CD48AE38D198A4FD492242940749E454FE44612DC7D5478612

not vulnerable, no DH EXPORT ciphers,

no DH key with <= TLS 1.2

not vulnerable, no SSL3 or TLS1

not vulnerable

not vulnerable

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

No connection

No connection

No connection

TLSv1.2 ECDHE-RSA-AES256-SHA384

TLSv1.2 ECDHE-RSA-AES256-SHA384

TLSv1.2 ECDHE-RSA-AES128-SHA256

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

No connection

No connection

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384

SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)

https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide

0

0

0

0

0

0

0

Grade capped to T. Issues with the chain of trust (expired)

Grade capped to T. Certificate expired

123