Statutární město Pardubice Statutární město Pardubice - webové stránky města
Všechno je v nejlepším pořádku a web se drží doporučených postupů.
Detailní report z HTTPs analýzy pomocí nástroje testssl.sh
server | www.pardubice.eu/185.115.1.244 |
pre_128cipher |
INFO
{
No 128 cipher limit bug} |
SSLv2 |
OK
{
not offered} |
SSLv3 |
OK
{
not offered} |
TLS1 |
INFO
{
not offered} |
TLS1_1 |
INFO
{
not offered} |
TLS1_2 |
OK
{
offered} |
TLS1_3 |
INFO
{
not offered + downgraded to weaker protocol} |
NPN |
INFO
{
offered with h2, http/1.1 (advertised)} |
ALPN_HTTP2 |
OK
{
h2} |
ALPN |
INFO
{
http/1.1} |
cipherlist_NULL
zranitelnosti:
CWE-327
|
OK
{
not offered} |
cipherlist_aNULL
zranitelnosti:
CWE-327
|
OK
{
not offered} |
cipherlist_EXPORT
zranitelnosti:
CWE-327
|
OK
{
not offered} |
cipherlist_LOW
zranitelnosti:
CWE-327
|
OK
{
not offered} |
cipherlist_3DES_IDEA
zranitelnosti:
CWE-310
|
INFO
{
not offered} |
cipherlist_AVERAGE
zranitelnosti:
CWE-310
|
LOW
{
offered} |
cipherlist_GOOD |
OK
{
offered} |
cipherlist_STRONG |
OK
{
offered} |
cipher_order |
OK
{
server} |
protocol_negotiated |
OK
{
Default protocol TLS1.2} |
cipher_negotiated |
OK
{
ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)} |
cipher-tls1_2_xc030 |
OK
{
TLSv1.2 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384} |
cipher-tls1_2_xcca8 |
OK
{
TLSv1.2 xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256} |
cipher-tls1_2_xc061 |
OK
{
TLSv1.2 xc061 ECDHE-ARIA256-GCM-SHA384 ECDH 253 ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384} |
cipher-tls1_2_xc02f |
OK
{
TLSv1.2 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256} |
cipher-tls1_2_xc060 |
OK
{
TLSv1.2 xc060 ECDHE-ARIA128-GCM-SHA256 ECDH 253 ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256} |
cipher-tls1_2_xc028 |
LOW
{
TLSv1.2 xc028 ECDHE-RSA-AES256-SHA384 ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384} |
cipher-tls1_2_xc077 |
LOW
{
TLSv1.2 xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH 253 Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384} |
cipher-tls1_2_xc027 |
LOW
{
TLSv1.2 xc027 ECDHE-RSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256} |
cipher-tls1_2_xc076 |
LOW
{
TLSv1.2 xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH 253 Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256} |
cipher-tls1_2_xc014 |
LOW
{
TLSv1.2 xc014 ECDHE-RSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA} |
cipher-tls1_2_xc013 |
LOW
{
TLSv1.2 xc013 ECDHE-RSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA} |
cipher-tls1_2_x9d |
OK
{
TLSv1.2 x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384} |
cipher-tls1_2_xc0a1 |
OK
{
TLSv1.2 xc0a1 AES256-CCM8 RSA AESCCM8 256 TLS_RSA_WITH_AES_256_CCM_8} |
cipher-tls1_2_xc09d |
OK
{
TLSv1.2 xc09d AES256-CCM RSA AESCCM 256 TLS_RSA_WITH_AES_256_CCM} |
cipher-tls1_2_xc051 |
OK
{
TLSv1.2 xc051 ARIA256-GCM-SHA384 RSA ARIAGCM 256 TLS_RSA_WITH_ARIA_256_GCM_SHA384} |
cipher-tls1_2_x9c |
OK
{
TLSv1.2 x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256} |
cipher-tls1_2_xc0a0 |
OK
{
TLSv1.2 xc0a0 AES128-CCM8 RSA AESCCM8 128 TLS_RSA_WITH_AES_128_CCM_8} |
cipher-tls1_2_xc09c |
OK
{
TLSv1.2 xc09c AES128-CCM RSA AESCCM 128 TLS_RSA_WITH_AES_128_CCM} |
cipher-tls1_2_xc050 |
OK
{
TLSv1.2 xc050 ARIA128-GCM-SHA256 RSA ARIAGCM 128 TLS_RSA_WITH_ARIA_128_GCM_SHA256} |
cipher-tls1_2_x3d |
LOW
{
TLSv1.2 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256} |
cipher-tls1_2_xc0 |
LOW
{
TLSv1.2 xc0 CAMELLIA256-SHA256 RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256} |
cipher-tls1_2_x3c |
LOW
{
TLSv1.2 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256} |
cipher-tls1_2_xba |
LOW
{
TLSv1.2 xba CAMELLIA128-SHA256 RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256} |
cipher-tls1_2_x35 |
LOW
{
TLSv1.2 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA} |
cipher-tls1_2_x84 |
LOW
{
TLSv1.2 x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA} |
cipher-tls1_2_x2f |
LOW
{
TLSv1.2 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA} |
cipher-tls1_2_x41 |
LOW
{
TLSv1.2 x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA} |
cipherorder_TLSv1_2 |
INFO
{
ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ARIA256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ARIA128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-CAMELLIA256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-CAMELLIA128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-GCM-SHA384 AES256-CCM8 AES256-CCM ARIA256-GCM-SHA384 AES128-GCM-SHA256 AES128-CCM8 AES128-CCM ARIA128-GCM-SHA256 AES256-SHA256 CAMELLIA256-SHA256 AES128-SHA256 CAMELLIA128-SHA256 AES256-SHA CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA} |
prioritize_chacha_TLSv1_2 |
INFO
{
false} |
FS |
OK
{
offered} |
FS_ciphers |
INFO
{
ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-CAMELLIA256-SHA384 ECDHE-ARIA256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-CAMELLIA128-SHA256 ECDHE-ARIA128-GCM-SHA256} |
FS_ECDHE_curves |
OK
{
prime256v1 secp384r1 secp521r1 X25519 X448} |
TLS_extensions |
INFO
{
'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'session ticket/#35' 'next protocol/#13172' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'encrypt-then-mac/#22' 'extended master secret/#23'} |
TLS_session_ticket |
INFO
{
valid for 300 seconds only (<daily)} |
SSL_sessionID_support |
INFO
{
yes} |
sessionresumption_ticket |
INFO
{
supported} |
sessionresumption_ID |
INFO
{
not supported} |
TLS_timestamp |
INFO
{
random} |
cert_compression |
INFO
{
N/A} |
clientAuth |
INFO
{
none} |
cert_numbers |
INFO
{
1} |
cert_signatureAlgorithm |
OK
{
SHA384 with RSA} |
cert_keySize |
INFO
{
RSA 2048 bits (exponent is 65537)} |
cert_keyUsage |
INFO
{
Digital Signature, Key Encipherment} |
cert_extKeyUsage |
INFO
{
TLS Web Server Authentication, TLS Web Client Authentication} |
cert_serialNumber |
INFO
{
C943D77DF2E4C5BF80F7766F8DB769F3} |
cert_serialNumberLen |
INFO
{
16} |
cert_fingerprintSHA1 |
INFO
{
2796D32FD66620A4D7F2B95EBE9FEF68A8AD5678} |
cert_fingerprintSHA256 |
INFO
{
B2593ED1CFA28C5595ECE10D2FA3412383228F74119048E3798455C46319BC1B} |
cert |
INFO
{
-----BEGIN CERTIFICATE----- MIIJHzCCBwegAwIBAgIRAMlD133y5MW/gPd2b423afMwDQYJKoZIhvcNAQEMBQAw RDELMAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNV BAMTEUdFQU5UIE9WIFJTQSBDQSA0MB4XDTIzMTEwNjAwMDAwMFoXDTI0MTEwNTIz NTk1OVowazELMAkGA1UEBhMCQ1oxGTAXBgNVBAgMEFBhcmR1Ymlja8O9IGtyYWox JjAkBgNVBAoMHVN0YXR1dMOhcm7DrSBtxJtzdG8gUGFyZHViaWNlMRkwFwYDVQQD ExB3d3cucGFyZHViaWNlLmV1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA1J+9PpYd2Fv9Oqws9gao64s5womhLVuofawFdwqhcloOWRk3VsIs4tZ4ZE5N Nvc3uWCyBGTysyj3mGlfjB03/8D4YFtcGfGh33PSJI/Y/tzEZgFIBGjr6ZBG8LU0 iP6lhd97JL8VqJZPZhSp312cXUbcZVbjOH0rTRwV8L2GvvhdFP7zt0Qzz+/Nx3j2 VRHXM79rTwIHlh9yzbuqHiZ/6hkGmXJnDYMRznXM6R8lFAdt2OwetkdQwQYcZttK NHTf2ghX08Vnk2CjlnuGTF6zlokrMnSkzAC76uMNCLH6HvZNJtHGtQQdLcBHGNgH pdqiSsxAuL3txf7lrC4IzkVi4QIDAQABo4IE4zCCBN8wHwYDVR0jBBgwFoAUbx01 SRBsMvpZoJ68iugflb5xegwwHQYDVR0OBBYEFI/I8Vtzzc1CMxH9jV9E8bTKgY0K MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF BwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgJPMCUwIwYIKwYB BQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjA/BgNVHR8E ODA2MDSgMqAwhi5odHRwOi8vR0VBTlQuY3JsLnNlY3RpZ28uY29tL0dFQU5UT1ZS U0FDQTQuY3JsMHUGCCsGAQUFBwEBBGkwZzA6BggrBgEFBQcwAoYuaHR0cDovL0dF QU5ULmNydC5zZWN0aWdvLmNvbS9HRUFOVE9WUlNBQ0E0LmNydDApBggrBgEFBQcw AYYdaHR0cDovL0dFQU5ULm9jc3Auc2VjdGlnby5jb20wggF8BgorBgEEAdZ5AgQC BIIBbASCAWgBZgB1AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAAB i6QGWAEAAAQDAEYwRAIgDgMXF9mmpUOQ9p8xE5nf1NdyECgQF3B233DE75dj324C ICqrqLU53I9ppL2iGyXhK+zpqIb5v5mnkpUCbLtCDSE3AHUAPxdLT9ciR1iUHWUc hL4NEu2QN38fhWrrwb8ohez4ZG4AAAGLpAZYWwAABAMARjBEAiBLcxdCY5Q//VFE 74PEgnjMoHkJYU0fDZWVQFNz7e6llAIgHxB3jANp8Sjt2J/WTkE1OfA6pTp5Xz/T ycy0H2iSLJ4AdgDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYuk BlgxAAAEAwBHMEUCIQCvuh+0KEhwjxSz2IqDV2sR0FUrHewzxkCuSHZy+3vvPQIg Qg9FVNYga1EmQ1b/lTblYI96+PxkFZGNG/ED/QHA9GkwggHbBgNVHREEggHSMIIB zoIQd3d3LnBhcmR1YmljZS5ldYIPKi5pcGFyZHViaWNlLmN6ghgqLmtvbXVuaXRu aS1wbGFub3ZhbmkuY3qCFCoubWVzdG8tcGFyZHViaWNlLmN6gggqLm1tcC5jeoIQ Ki5tcHBhcmR1YmljZS5jeoIOKi5wYXJkdWJpY2UuZXWCDyoucGFyZHViaWNlMi5j eoIPKi5wYXJkdWJpY2U3LmN6ghgqLnBhcmR1YmljZW5hYnJ1c2xpY2guY3qCFyou cGFyZHViaWNrYWplZG5pY2thLmN6ghgqLnBhcmR1Ymlja3l6cHJhdm9kYWouY3qC DWlwYXJkdWJpY2UuY3qCFmtvbXVuaXRuaS1wbGFub3ZhbmkuY3qCEm1lc3RvLXBh cmR1YmljZS5jeoIGbW1wLmN6gg5tcHBhcmR1YmljZS5jeoIMcGFyZHViaWNlLmV1 gg1wYXJkdWJpY2UyLmN6gg1wYXJkdWJpY2U3LmN6ghZwYXJkdWJpY2VuYWJydXNs aWNoLmN6ghVwYXJkdWJpY2thamVkbmlja2EuY3qCGHBhcmR1Ymlja2V2YW5vY25p dHJoeS5jeoIWcGFyZHViaWNreXpwcmF2b2Rhai5jejANBgkqhkiG9w0BAQwFAAOC AgEAKQvEwgQ5DfE8BSCY4qWTD+xUi1nfPJ7ohsZguAhKHMaFAxiN8Sve+hRMkWcr 02e4cFyg1GcY+O8HGcEJ8uY5m3Q5fnSrmNcFBYVnCiKRykRSGu5oc0nI0CWi5MQA DcvwpfUK2uMMoCT5hKIwwNPkbGoToUfMQe7YDh9DSioL+NLlfzavlsPflU1qhCS6 fEFWqn5LVWE82/rG0m2qF64QbwpHKmCJG/KkK4Bfat7Yb0b6Ubl+hSAOaQzBPEaR leREicCAynEv7K0yn017oncOHqRSBo1QvOS3sZ1YGxZ7AfES3t8XiQjJWw1VFiyd N6UzS6uWQerCD4Inba1Sf2e0MI1PsGwIo8ygJHlkNktKm8OPQxPFNhFQsilWZRzU T4GQRBR6TUTG9GQb24jcxHml/XSQAESXCCvQahmBPyTnjrcPbPS1PJOmm7QY4t0T 7WtsNXM9K74g8bajMnprKOYeHWZjtrRRjEqgbokfAnUJnnkgh4rqRb4A4NhPbsIB iexLr14PnMRlUvj7CyVcH7Gwu5y3GJtDD38Z6QFv7fItnESWERKAlbMH0Tq2aMQv ftuIEtAr5rO7ls+9qJmCDKjKwg6T3ykc+24BXTEJdCYL6cY6OT+HHKEOaaxkvm2H 1UCKJJ46GuRZLgx8w0WHf4RzY1Hni3xMaNzn9GGLgLWPM4I= -----END CERTIFICATE-----} |
cert_commonName |
OK
{
www.pardubice.eu} |
cert_commonName_wo_SNI |
INFO
{
pardubice.vshosting.cz} |
cert_subjectAltName |
INFO
{
www.pardubice.eu *.ipardubice.cz *.komunitni-planovani.cz *.mesto-pardubice.cz *.mmp.cz *.mppardubice.cz *.pardubice.eu *.pardubice2.cz *.pardubice7.cz *.pardubicenabruslich.cz *.pardubickajednicka.cz *.pardubickyzpravodaj.cz ipardubice.cz komunitni-planovani.cz mesto-pardubice.cz mmp.cz mppardubice.cz pardubice.eu pardubice2.cz pardubice7.cz pardubicenabruslich.cz pardubickajednicka.cz pardubickevanocnitrhy.cz pardubickyzpravodaj.cz} |
cert_trust |
OK
{
Ok via SAN and CN (SNI mandatory)} |
cert_chain_of_trust |
OK
{
passed.} |
cert_certificatePolicies_EV |
INFO
{
no} |
cert_expirationStatus |
OK
{
195 >= 60 days} |
cert_notBefore |
INFO
{
2023-11-06 00:00} |
cert_notAfter |
OK
{
2024-11-05 23:59} |
cert_extlifeSpan |
OK
{
certificate has no extended life time according to browser forum} |
cert_eTLS |
INFO
{
not present} |
cert_crlDistributionPoints |
INFO
{
http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl} |
cert_ocspURL |
INFO
{
http://GEANT.ocsp.sectigo.com} |
OCSP_stapling |
LOW
{
not offered} |
cert_mustStapleExtension |
INFO
{
--} |
DNS_CAArecord |
LOW
{
--} |
certificate_transparency |
OK
{
yes (certificate extension)} |
certs_countServer |
INFO
{
3} |
certs_list_ordering_problem |
LOW
{
yes} |
cert_caIssuers |
INFO
{
GEANT OV RSA CA 4 (GEANT Vereniging from NL)} |
intermediate_cert <#1> |
INFO
{
-----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT 79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs 8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG jjxDah2nGN59PRbxYvnKkKj9 -----END CERTIFICATE-----} |
intermediate_cert_fingerprintSHA256 <#1> |
INFO
{
E793C9B02FD8AA13E21C31228ACCB08119643B749C898964B1746D46C3D4CBD2} |
intermediate_cert_notBefore <#1> |
INFO
{
2010-02-01 00:00} |
intermediate_cert_notAfter <#1> |
OK
{
2038-01-18 23:59} |
intermediate_cert_expiration <#1> |
OK
{
ok > 40 days} |
intermediate_cert_chain <#1> |
INFO
{
USERTrust RSA Certification Authority <-- USERTrust RSA Certification Authority} |
intermediate_cert <#2> |
INFO
{
-----BEGIN CERTIFICATE----- MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIw MDIxODAwMDAwMFoXDTMzMDUwMTIzNTk1OVowRDELMAkGA1UEBhMCTkwxGTAXBgNV BAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNVBAMTEUdFQU5UIE9WIFJTQSBDQSA0 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApYhi1aEiPsg9ZKRMAw9Q r8Mthsr6R20VSfFeh7TgwtLQi6RSRLOh4or4EMG/1th8lijv7xnBMVZkTysFiPmT PiLOfvz+QwO1NwjvgY+Jrs7fSoVA/TQkXzcxu4Tl3WHi+qJmKLJVu/JOuHud6mOp LWkIbhODSzOxANJ24IGPx9h4OXDyy6/342eE6UPXCtJ8AzeumTG6Dfv5KVx24lCF TGUzHUB+j+g0lSKg/Sf1OzgCajJV9enmZ/84ydh48wPp6vbWf1H0O3Rd3LhpMSVn TqFTLKZSbQeLcx/l9DOKZfBCC9ghWxsgTqW9gQ7v3T3aIfSaVC9rnwVxO0VjmDdP FNbdoxnh0zYwf45nV1QQgpRwZJ93yWedhp4ch1a6Ajwqs+wv4mZzmBSjovtV0mKw d+CQbSToalEUP4QeJq4Udz5WNmNMI4OYP6cgrnlJ50aa0DZPlJqrKQPGL69KQQz1 2WgxvhCuVU70y6ZWAPopBa1ykbsttpLxADZre5cH573lIuLHdjx7NjpYIXRx2+QJ URnX2qx37eZIxYXz8ggM+wXH6RDbU3V2o5DP67hXPHSAbA+p0orjAocpk2osxHKo NSE3LCjNx8WVdxnXvuQ28tKdaK69knfm3bB7xpdfsNNTPH9ElcjscWZxpeZ5Iij8 lyrCG1z0vSWtSBsgSnUyG/sCAwEAAaOCAYswggGHMB8GA1UdIwQYMBaAFFN5v1qq K0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBRvHTVJEGwy+lmgnryK6B+VvnF6DDAO BgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwOAYDVR0gBDEwLzAtBgRVHSAAMCUwIwYIKwYBBQUH AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMFAGA1UdHwRJMEcwRaBDoEGGP2h0 dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9u QXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6 Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAl BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B AQwFAAOCAgEAUtlC3e0xj/1BMfPhdQhUXeLjb0xp8UE28kzWE5xDzGKbfGgnrT2R lw5gLIx+/cNVrad//+MrpTppMlxq59AsXYZW3xRasrvkjGfNR3vt/1RAl8iI31lG hIg6dfIX5N4esLkrQeN8HiyHKH6khm4966IkVVtnxz5CgUPqEYn4eQ+4eeESrWBh AqXaiv7HRvpsdwLYekAhnrlGpioZ/CJIT2PTTxf+GHM6cuUnNqdUzfvrQgA8kt1/ ASXx2od/M+c8nlJqrGz29lrJveJOSEMX0c/ts02WhsfMhkYa6XujUZLmvR1Eq08r 48/EZ4l+t5L4wt0DV8VaPbsEBF1EOFpz/YS2H6mSwcFaNJbnYqqJHIvm3PLJHkFm EoLXRVrQXdCT+3wgBfgU6heCV5CYBz/YkrdWES7tiiT8sVUDqXmVlTsbiRNiyLs2 bmEWWFUl76jViIJog5fongEqN3jLIGTG/mXrJT1UyymIcobnIGrbwwRVz/mpFQo0 vBYIi1k2ThVh0Dx88BbF9YiP84dd8Fkn5wbE6FxXYJ287qfRTgmhePecPc73Yrzt apdRcsKVGkOpaTIJP/l+lAHRLZxk/dUtyN95G++bOSQqnOCpVPabUGl2E/OEyFrp Ipwgu2L/WJclvd6g+ZA/iWkLSMcpnFb+uX6QBqvD6+RNxul1FaB5iHY= -----END CERTIFICATE-----} |
intermediate_cert_fingerprintSHA256 <#2> |
INFO
{
37834FA5EA40FBF7B61196955962E1CA0558872435E4206653D3F620DD8E988E} |
intermediate_cert_notBefore <#2> |
INFO
{
2020-02-18 00:00} |
intermediate_cert_notAfter <#2> |
OK
{
2033-05-01 23:59} |
intermediate_cert_expiration <#2> |
OK
{
ok > 40 days} |
intermediate_cert_chain <#2> |
INFO
{
GEANT OV RSA CA 4 <-- USERTrust RSA Certification Authority} |
intermediate_cert_badOCSP |
OK
{
intermediate certificate(s) is/are ok} |
HTTP_status_code |
INFO
{
301 Moved Permanently ('/')} |
HTTP_clock_skew |
INFO
{
0 seconds from localtime} |
HTTP_headerTime |
INFO
{
1713989978} |
HSTS |
LOW
{
not offered} |
HPKP |
INFO
{
No support for HTTP Public Key Pinning} |
banner_server |
INFO
{
nginx} |
banner_application |
INFO
{
No application banner found} |
cookie_count |
INFO
{
0 at '/' (30x detected, better try target URL of 30x)} |
security_headers |
MEDIUM
{
--} |
banner_reverseproxy
zranitelnosti:
CWE-200
|
INFO
{
--} |
heartbleed
zranitelnosti:
CVE-2014-0160
CWE-119
|
OK
{
not vulnerable, no heartbeat extension} |
CCS
zranitelnosti:
CVE-2014-0224
CWE-310
|
OK
{
not vulnerable} |
ticketbleed
zranitelnosti:
CVE-2016-9244
CWE-200
|
OK
{
not vulnerable} |
ROBOT |
OK
{
not vulnerable} |
secure_renego
zranitelnosti:
CWE-310
|
OK
{
supported} |
secure_client_renego
zranitelnosti:
CVE-2011-1473
CWE-310
|
OK
{
not vulnerable} |
CRIME_TLS
zranitelnosti:
CVE-2012-4929
CWE-310
|
OK
{
not vulnerable} |
BREACH
zranitelnosti:
CVE-2013-3587
CWE-310
|
OK
{
not vulnerable, no gzip/deflate/compress/br HTTP compression - only supplied '/' tested} |
POODLE_SSL
zranitelnosti:
CVE-2014-3566
CWE-310
|
OK
{
not vulnerable, no SSLv3} |
fallback_SCSV |
OK
{
no protocol below TLS 1.2 offered} |
SWEET32 |
OK
{
not vulnerable} |
FREAK
zranitelnosti:
CVE-2015-0204
CWE-310
|
OK
{
not vulnerable} |
DROWN |
OK
{
not vulnerable on this host and port} |
DROWN_hint |
INFO
{
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=B2593ED1CFA28C5595ECE10D2FA3412383228F74119048E3798455C46319BC1B} |
LOGJAM
zranitelnosti:
CVE-2015-4000
CWE-310
|
OK
{
not vulnerable, no DH EXPORT ciphers,} |
LOGJAM-common_primes
zranitelnosti:
CVE-2015-4000
CWE-310
|
OK
{
no DH key with <= TLS 1.2} |
BEAST
zranitelnosti:
CVE-2011-3389
CWE-20
|
OK
{
not vulnerable, no SSL3 or TLS1} |
LUCKY13
zranitelnosti:
CVE-2013-0169
CWE-310
|
LOW
{
potentially vulnerable, uses TLS CBC ciphers} |
winshock
zranitelnosti:
CVE-2014-6321
CWE-94
|
OK
{
not vulnerable} |
RC4 |
OK
{
not vulnerable} |
clientsimulation-android_442 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-android_500 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-android_60 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256} |
clientsimulation-android_70 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-android_81 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-android_90 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-android_X |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-chrome_74_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-chrome_79_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-firefox_66_win81 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-firefox_71_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-ie_6_xp |
INFO
{
No connection} |
clientsimulation-ie_8_win7 |
INFO
{
No connection} |
clientsimulation-ie_8_xp |
INFO
{
No connection} |
clientsimulation-ie_11_win7 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-SHA384} |
clientsimulation-ie_11_win81 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-SHA384} |
clientsimulation-ie_11_winphone81 |
INFO
{
TLSv1.2 ECDHE-RSA-AES128-SHA256} |
clientsimulation-ie_11_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-edge_15_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-edge_17_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-opera_66_win10 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-safari_9_ios9 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-safari_9_osx1011 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-safari_10_osx1012 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-safari_121_ios_122 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-safari_130_osx_10146 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-apple_ats_9_ios9 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-java_6u45 |
INFO
{
No connection} |
clientsimulation-java_7u25 |
INFO
{
No connection} |
clientsimulation-java_8u161 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-java1102 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-java1201 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-openssl_102e |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-openssl_110l |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-openssl_111d |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
clientsimulation-thunderbird_68_3_1 |
INFO
{
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384} |
rating_spec |
INFO
{
SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)} |
rating_doc |
INFO
{
https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide} |
protocol_support_score |
INFO
{
100} |
protocol_support_score_weighted |
INFO
{
30} |
key_exchange_score |
INFO
{
90} |
key_exchange_score_weighted |
INFO
{
27} |
cipher_strength_score |
INFO
{
90} |
cipher_strength_score_weighted |
INFO
{
36} |
final_score |
INFO
{
93} |
overall_grade |
OK
{
A} |
grade_cap_reason_1 |
INFO
{
Grade capped to A. HSTS is not offered} |
scanTime |
INFO
{
107} |