Přihlásit se Registrace
Smlouvy Dotace Platy Úřady Zakázky Sponzoři & firmy PastVina 
❤ Podpořte nás Přihlásit se Registrace
Hledat v Hlídači státu
Nápověda jak vyhledávat Snadné hledání
  1. Hlídač Státu
  2. Hlídač Webů
  3. Detailní analýza HTTPs pro Statutární město Plzeň

Hlídač Statutární město Plzeň Detailní analýza HTTPs pro Statutární město Plzeň

Statutární město Plzeň
https://www.plzen.eu/

Statutární město Plzeň Statutární město Plzeň - webové stránky města

Zabezpečení komunikace

T
Certifikát expiruje za 172 dní.

Výsledek analýzy HTTPS na www.plzen.eu ze dne 26.06.2026

Služba je chráněna certifikátem od certifikační autority, kterou hlavní prohlížeče neznají nebo jí nedůvěřují. V českých podmínkách to znamená nejspíše certifikáty vydané našimi vnitrostátními autoritami (ICA, PostSignum a eIdentity), které sice stát zákonem prohlásil za důvěryhodné, ale které nesplňují mezinárodní podmínky nutné proto, aby je za důvěryhodné pokládali i autoři prohlížečů.

Detailní analýza

Detailní report z HTTPs analýzy pomocí nástroje testssl.sh

server www.plzen.eu/185.153.192.137
pre_128cipher INFO { 
No 128 cipher limit bug
}
SSLv2 OK { 
not offered
}
SSLv3 OK { 
not offered
}
TLS1 INFO { 
not offered
}
TLS1_1 INFO { 
not offered
}
TLS1_2 OK { 
offered
}
TLS1_3 OK { 
offered with final
}
NPN INFO { 
not offered
}
ALPN_HTTP2 OK { 
h2
}
ALPN INFO { 
http/1.1
}
cipherlist_NULL
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_aNULL
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_EXPORT
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_LOW
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_3DES_IDEA
zranitelnosti: CWE-310
INFO { 
not offered
}
cipherlist_AVERAGE
zranitelnosti: CWE-310
LOW { 
offered
}
cipherlist_GOOD INFO { 
not offered
}
cipherlist_STRONG OK { 
offered
}
cipher_order OK { 
server
}
protocol_negotiated OK { 
Default protocol TLS1.3
}
cipher_negotiated OK { 
TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
}
cipher-tls1_2_xc030 OK { 
TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
}
cipher-tls1_2_xc02f OK { 
TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
}
cipher-tls1_2_xcca8 OK { 
TLSv1.2   xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 256   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
}
cipher-tls1_2_xc028 LOW { 
TLSv1.2   xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}
cipher-tls1_2_xc027 LOW { 
TLSv1.2   xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
}
cipherorder_TLSv1_2 INFO { 
ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256
}
prioritize_chacha_TLSv1_2 INFO { 
false
}
cipher-tls1_3_x1302 OK { 
TLSv1.3   x1302   TLS_AES_256_GCM_SHA384            ECDH 256   AESGCM      256      TLS_AES_256_GCM_SHA384
}
cipher-tls1_3_x1303 OK { 
TLSv1.3   x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 256   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
}
cipher-tls1_3_x1301 OK { 
TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 256   AESGCM      128      TLS_AES_128_GCM_SHA256
}
cipherorder_TLSv1_3 INFO { 
TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256
}
prioritize_chacha_TLSv1_3 INFO { 
false
}
FS OK { 
offered
}
FS_ciphers INFO { 
TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256
}
FS_ECDHE_curves OK { 
prime256v1 secp384r1 X25519
}
DH_groups OK { 
ffdhe2048 ffdhe3072 ffdhe4096
}
TLS_extensions INFO { 
'renegotiation info/#65281' 'server name/#0' 'session ticket/#35' 'EC point formats/#11' 'key share/#51' 'supported versions/#43' 'application layer protocol negotiation/#16' 'extended master secret/#23'
}
TLS_session_ticket INFO { 
valid for 3600 seconds only (<daily)
}
SSL_sessionID_support INFO { 
yes
}
sessionresumption_ticket INFO { 
supported
}
sessionresumption_ID INFO { 
supported
}
TLS_timestamp INFO { 
random
}
certificate_compression INFO { 
none
}
clientAuth INFO { 
none
}
cert_numbers INFO { 
1
}
cert_signatureAlgorithm OK { 
SHA256 with RSA
}
cert_keySize INFO { 
RSA 2048 bits (exponent is 65537)
}
cert_keyUsage INFO { 
Digital Signature, Key Encipherment
}
cert_extKeyUsage INFO { 
TLS Web Client Authentication, TLS Web Server Authentication
}
cert_serialNumber INFO { 
4D0A25A69E41B0DB0BAD7D5CC6D7F3FB
}
cert_serialNumberLen INFO { 
16
}
cert_fingerprintSHA1 INFO { 
6FBB86AFA804F5A1088FC059CD65D46EC47638A8
}
cert_fingerprintSHA256 INFO { 
D822C70C6CD1A25AED8177D37FD064C5076EFA43A43273340205D95EC15CFC74
}
cert INFO { 
-----BEGIN CERTIFICATE----- MIIG2DCCBUCgAwIBAgIQTQolpp5BsNsLrX1cxtfz+zANBgkqhkiG9w0BAQsFADBg MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEYMBYGA1UEAwwPR0VBTlQgVExTIFJTQSAx MB4XDTI2MDYwMTA2MTkzMloXDTI2MTIxNzA2MTkzMVowgZAxCzAJBgNVBAYTAkNa MRgwFgYDVQQIDA9QbHplxYhza8O9IGtyYWoxDzANBgNVBAcMBlBsemXFiDFBMD8G A1UECgw4U3Byw6F2YSBpbmZvcm1hxI1uw61jaCB0ZWNobm9sb2dpw60gbcSbc3Rh IFBsem7EmywgcC4gby4xEzARBgNVBAMMCioucGx6ZW4uZXUwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDcG/BbTrbE43AMcMHEcvGeZXTJMcgwhbu3UZ3N gqnruOyBw6ZpGHMV7uDNO7S0nZVqbh9MGLHTDzrGdVHWAPQxL9eulDLSLA6h0QXC oPMjzEpBpjnR9pThOwt/56GX57z40QdcPgIcCYr6Fh9+vYP2sGLxnu765BTN80Rz qbnEgDUsbkrD4gOXeKRnkSENrraimQ7s4u5ecJqz0xL+fz8GhD2BprnQPwNIK/z7 5vCGlb1GZdBgC+xarQJwMbDmt3k5HNeRrX3SvPdj+yibm4bY5Dga/0oOjrdNta9Z Nc3xlUSDEOstLNRwfKWOwJ/62UjLASNcl21LpYXZX54gjTGZAgMBAAGjggLbMIIC 1zAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFIYBcj+MqXDiMQZTFs4BX1t5yDw7 MEgGCCsGAQUFBwEBBDwwOjA4BggrBgEFBQcwAoYsaHR0cDovL2NydC5oYXJpY2Eu Z3IvSEFSSUNBLUdFQU5ULVRMUy1SMS5jZXIwHwYDVR0RBBgwFoIKKi5wbHplbi5l dYIIcGx6ZW4uZXUwLQYDVR0gBCYwJDAIBgZngQwBAgIwCAYGBACPegEHMA4GDCsG AQQBgc8RAQEBAjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwPQYDVR0f BDYwNDAyoDCgLoYsaHR0cDovL2NybC5oYXJpY2EuZ3IvSEFSSUNBLUdFQU5ULVRM Uy1SMS5jcmwwHQYDVR0OBBYEFG+3MPTY2vZC/SHNb7dqmExLLds8MA4GA1UdDwEB /wQEAwIFoDCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAr2eIO1ewTt2Pptl+ 9i6o64EKx3Fg8CReVdYML+eFhzoAAAGegd+avQAABAMARjBEAiAi9sRoimEyW0pq gd2ssV/dRrjV3bfF/iPzo126kBVV5wIgF+QbilB5udSmNxC1RhhxI9NdCN3uhE+K RqulzuaUCiAAdgDXbX0Q0af1d8LH6V/XAL/5gskzWmXh0LMBcxfAyMVpdwAAAZ6B 35q5AAAEAwBHMEUCIQCBGWT+RZBxH2Kads6zSsDx00yhKY2YCYkHHUorvWuXYQIg M6z7c/SzQbDDq5bObIySf8of2JrNlMK9aYbgIuJA0j0AdgDYCVU7lE96/8gWGW+U T4WrsPj8XodVJg8V0S5yu0VLFAAAAZ6B35qOAAAEAwBHMEUCIA59srAQs3wEPLQf W23RtUqOOVCZlqkZ+FfJ6o3MkRNmAiEAj167bQ2LrerBmAjpwcKHkt61SUCIhhCS ZdcGN9x8Ko0wDQYJKoZIhvcNAQELBQADggGBACoo/i7xRhttOVrOrtCVqTk5RWG0 FhRf7+afCnMOLppF56FqEBN05c0cl7SMINSbAmyBcXTUpEdrA0BKof81EbkvJsad 1Y4CWU6sODIqvdakwXaYzAKqxOefnIWwJsYf0K1G01ziNmBnFGfuuS0sxy1XzEXN JumYuIqIdfWkqbkdfMrkCGU8LH+JpU8N8OY6OdUpkCljE4W2Fc1usAs7uCBGbg/7 DLTiSHjLC5isyo9JmOFYYghr8S34ULV93hLd1YZsF8R2S1bBePTiU6ueCniEy1zt XDIueI0rS2+/6di2jPGP/LziYVbqYywyUOMUpuIHDlzdCyNYlXy++2rRJI5Yk4K8 dtgMuMCPWmyqK/METS+2vW5YhahjDocX6phCaBYTWmjadTrbna0mI4BrliHa2GhQ cJC0kDLEfItF/Pin0l4ap78EN+tk7y5fQGAxiqaJOBWji0nOIm6N0Yhb6k3aGT3S OPrS7UAFZdCooDzvWP92eBSBEKeBO8WnivadRQ== -----END CERTIFICATE-----
}
cert_commonName OK { 
*.plzen.eu
}
cert_commonName_wo_SNI INFO { 
*.plzen.eu
}
cert_subjectAltName INFO { 
*.plzen.eu plzen.eu
}
cert_trust OK { 
Ok via SAN wildcard and CN wildcard (same w/o SNI)
}
cert_chain_of_trust CRITICAL { 
failed (self signed CA in chain).
}
cert_certificatePolicies_EV INFO { 
no
}
cert_expirationStatus OK { 
173 >= 60 days
}
cert_notBefore INFO { 
2026-06-01 06:19
}
cert_notAfter OK { 
2026-12-17 06:19
}
cert_extlifeSpan OK { 
certificate has no extended life time according to browser forum
}
cert_eTLS INFO { 
not present
}
cert_crlDistributionPoints INFO { 
http://crl.harica.gr/HARICA-GEANT-TLS-R1.crl
}
cert_ocspURL INFO { 
--
}
OCSP_stapling INFO { 
not offered
}
cert_mustStapleExtension INFO { 
--
}
DNS_CAArecord OK { 
issue=digicert.com;, issue=harica.gr, issue=letsencrypt.org, issue=pki.goog;, issue=postsignum.cz, issue=ssl.com, issuewild=comodoca.com, issuewild=digicert.com;, issuewild=harica.gr, issuewild=letsencrypt.org, issuewild=pki.goog;, issuewild=ssl.com
}
certificate_transparency OK { 
yes (certificate extension)
}
certs_countServer INFO { 
3
}
certs_list_ordering_problem INFO { 
no
}
cert_caIssuers INFO { 
GEANT TLS RSA 1 (Hellenic Academic and Research Institutions CA from GR)
}
intermediate_cert <#1> INFO { 
-----BEGIN CERTIFICATE----- MIIGBTCCA+2gAwIBAgIQFNV782kiKCGaVWf6kWUbIjANBgkqhkiG9w0BAQsFADBs MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg Um9vdCBDQSAyMDIxMB4XDTI1MDEwMzExMTUwMFoXDTM5MTIzMTExMTQ1OVowYDEL MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl YXJjaCBJbnN0aXR1dGlvbnMgQ0ExGDAWBgNVBAMMD0dFQU5UIFRMUyBSU0EgMTCC AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKEEaZSzEzznAPk8IEa17GSG yJzPTj4cwRY7/vcq2BPT5+IRGxQtaCdgLXIEl2cdPdIkj2eyakFmgMjAtyeju8V8 dRayQCD/bWjJ7thDlowgLljQaXirxnYbT8bzRHAhCZqBakYgi5KWw9dANLyDHGpX UdY259ab0lWEaFE5Uu6IzQSMJOAy4l/Twym8GUiy0qMDEBFSlm31C9BXpdHKKAlh vIjMiKoDeTWl5vZaLB2MMRGY1yW2ftPgIP0/MkX1uFITlvHmmMTngxplH1nybEIJ FiwHg1KiLk1TprcZgeO2gxE5Lz3wTFWrsUlAzrh5xWmscWkjNi/4BpeuiT5+NExF czboLnXOfjuci/7bsnPi1/aZN/iKNbJRnngFoLaKVMmqCS7Xo34f+BITatryQZFE u2oDKExQGlxDBCfYMLgLucX/onpLzUSgeQITNLx6i5tGGbUYH+9Dy3GI66L/5tPj qzlOsydki8ZYGE5SBJeWCZ2IrhUe0WzZ2b6Zhk6JAQIDAQABo4IBLTCCASkwEgYD VR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBQKSCOmYKSSCjPqk1vFV+olTb0S 7jBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHA6Ly9jcnQuaGFyaWNh LmdyL0hBUklDQS1UTFMtUm9vdC0yMDIxLVJTQS5jZXIwEQYDVR0gBAowCDAGBgRV HSAAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATBCBgNVHR8EOzA5MDeg NaAzhjFodHRwOi8vY3JsLmhhcmljYS5nci9IQVJJQ0EtVExTLVJvb3QtMjAyMS1S U0EuY3JsMB0GA1UdDgQWBBSGAXI/jKlw4jEGUxbOAV9becg8OzAOBgNVHQ8BAf8E BAMCAYYwDQYJKoZIhvcNAQELBQADggIBABkssjQzYrOo4GMsKegaChP16yNe6Sck cWBymM455R2rMeuQ3zlxUNOEt+KUfgueOA2urp4j6TlPbs/XxpwuN3I1f09Luk5b +ZgRXM7obE6ZLTerVQWKoTShyl34R2XlK8pEy7+67Ht4lcJzt+K6K5gEuoPSGQDP ef+fUfmXrFcgBMcMbtfDb9dubFKNZZxo5nAXiqhFMOIyByag3H+tOTuH8zuId9pH RDsUpAIHJ9/W2WBfLcKav7IKRlNBRD/sPBy903J9WHPKwl8kQSDA+aa7XCYk7bJt Eyf+7GM9F5cZ7+YyknXqnv/rtQEkTKZdQo5Us18VFe9qqj94tXbLdk7PejJYNB4O Zlli44Ld7rtqfFlUych7gIxFOmiyxMQQYrYmUi+74lEZvfoNhuref0CupuKpz6O3 dLv6kO9T10uNdDBoBQTkge3UzHafTIe3R2o3ujXKUGPwyc9m7/FETyKLUCwSU/5O AVOeBCU8QtkKKjM8AmbpKpe3pHWcyq3R7B3LmIALkMPTydyDfxen65IDqREbVq8N xjhkJThUz40JqOlN6uqKqeDISj/IoucYwsqW24AlO7ZzNmohQmMi8ep23H4hBSh0 GBTe2XvkuzaNf92syK8l2HzO+13GLCjzYLTPvXTO9UpK8DGyfGZOuamuwbAnbNpE 3RfjV9IaUQGJ -----END CERTIFICATE-----
}
intermediate_cert_fingerprintSHA256 <#1> INFO { 
5B678DC44095A52895B63B31F27227F4B36C3E347491BF2BFA691837A5FB8C79
}
intermediate_cert_notBefore <#1> INFO { 
2025-01-03 11:15
}
intermediate_cert_notAfter <#1> OK { 
2039-12-31 11:14
}
intermediate_cert_expiration <#1> OK { 
ok > 40 days
}
intermediate_cert_chain <#1> INFO { 
GEANT TLS RSA 1 <-- HARICA TLS RSA Root CA 2021
}
intermediate_cert <#2> INFO { 
-----BEGIN CERTIFICATE----- MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg Um9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUzOFoXDTQ1MDIxMzEwNTUzN1owbDEL MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl YXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNBIFJv b3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569l mwVnlskNJLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE 4VGC/6zStGndLuwRo0Xua2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uv a9of08WRiFukiZLRgeaMOVig1mlDqa2YUlhu2wr7a89o+uOkXjpFc5gH6l8Cct4M pbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K5FrZx40d/JiZ+yykgmvw Kh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEvdmn8kN3b LW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcY AuUR0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqB AGMUuTNe3QvboEUHGjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYq E613TBoYm5EPWNgGVMWX+Ko/IIqmhaZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHr W2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQCPxrvrNQKlr9qEgYRtaQQJKQ CoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAU X15QvWiWkKQUEapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3 f5Z2EMVGpdAgS1D0NTsY9FVqQRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxaja H6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxDQpSbIPDRzbLrLFPCU3hKTwSUQZqP JzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcRj88YxeMn/ibvBZ3P zzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5vZSt jBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0 /L5H9MG0qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pT BGIBnfHAT+7hOtSLIBD6Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79 aPib8qXPMThcFarmlwDB31qlpzmq6YR/PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YW xw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU 63ZTGI0RmLo= -----END CERTIFICATE-----
}
intermediate_cert_fingerprintSHA256 <#2> INFO { 
D95D0E8EDA79525BF9BEB11B14D2100D3294985F0C62D9FABD9CD999ECCB7B1D
}
intermediate_cert_notBefore <#2> INFO { 
2021-02-19 10:55
}
intermediate_cert_notAfter <#2> OK { 
2045-02-13 10:55
}
intermediate_cert_expiration <#2> OK { 
ok > 40 days
}
intermediate_cert_chain <#2> INFO { 
HARICA TLS RSA Root CA 2021 <-- HARICA TLS RSA Root CA 2021
}
intermediate_cert_badOCSP OK { 
intermediate certificate(s) is/are ok
}
HTTP_status_code INFO { 
301 Moved Permanently ('/')
}
HTTP_clock_skew INFO { 
0 seconds from localtime
}
HTTP_headerTime INFO { 
1782505372
}
HSTS_time OK { 
365 days (=31536000 seconds) > 15552000 seconds
}
HSTS_subdomains INFO { 
only for this domain
}
HSTS_preload INFO { 
domain is NOT marked for preloading
}
HPKP INFO { 
No support for HTTP Public Key Pinning
}
banner_server INFO { 
No Server banner line in header, interesting!
}
banner_application INFO { 
No application banner found
}
cookie_count INFO { 
1 at '/' (30x detected, better try target URL of 30x)
}
cookie_secure INFO { 
0/1 at '/' marked as secure
}
cookie_httponly INFO { 
0/1 at '/' marked as HttpOnly (30x detected, better try target URL of 30x)
}
X-Frame-Options OK { 
SAMEORIGIN
}
X-Content-Type-Options OK { 
nosniff
}
X-XSS-Protection INFO { 
1; mode=block
}
Referrer-Policy INFO { 
strict-origin-when-cross-origin
}
banner_reverseproxy
zranitelnosti: CWE-200
INFO { 
--
}
heartbleed
zranitelnosti: CVE-2014-0160 CWE-119
OK { 
not vulnerable, no heartbeat extension
}
CCS
zranitelnosti: CVE-2014-0224 CWE-310
OK { 
not vulnerable
}
ticketbleed
zranitelnosti: CVE-2016-9244 CWE-200
OK { 
not vulnerable
}
ROBOT
zranitelnosti: CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168 CWE-203
OK { 
not vulnerable, no RSA key transport cipher
}
secure_renego
zranitelnosti: CWE-310
OK { 
supported
}
secure_client_renego
zranitelnosti: CVE-2011-1473 CWE-310
OK { 
not vulnerable
}
CRIME_TLS
zranitelnosti: CVE-2012-4929 CWE-310
OK { 
not vulnerable
}
BREACH
zranitelnosti: CVE-2013-3587 CWE-310
OK { 
not vulnerable, no gzip/deflate/compress/br HTTP compression  - only supplied '/' tested
}
POODLE_SSL
zranitelnosti: CVE-2014-3566 CWE-310
OK { 
not vulnerable, no SSLv3
}
fallback_SCSV OK { 
no protocol below TLS 1.2 offered
}
SWEET32
zranitelnosti: CVE-2016-2183 CVE-2016-6329 CWE-327
OK { 
not vulnerable
}
FREAK
zranitelnosti: CVE-2015-0204 CWE-310
OK { 
not vulnerable
}
DROWN
zranitelnosti: CVE-2016-0800 CVE-2016-0703 CWE-310
OK { 
not vulnerable on this host and port
}
DROWN_hint
zranitelnosti: CVE-2016-0800 CVE-2016-0703 CWE-310
INFO { 
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=D822C70C6CD1A25AED8177D37FD064C5076EFA43A43273340205D95EC15CFC74
}
LOGJAM
zranitelnosti: CVE-2015-4000 CWE-310
OK { 
not vulnerable, no DH EXPORT ciphers,
}
LOGJAM-common_primes
zranitelnosti: CVE-2015-4000 CWE-310
OK { 
no DH key with <= TLS 1.2
}
BEAST
zranitelnosti: CVE-2011-3389 CWE-20
OK { 
not vulnerable, no SSL3 or TLS1
}
LUCKY13
zranitelnosti: CVE-2013-0169 CWE-310
LOW { 
potentially vulnerable, uses TLS CBC ciphers
}
winshock
zranitelnosti: CVE-2014-6321 CWE-94
OK { 
not vulnerable
}
RC4
zranitelnosti: CVE-2013-2566 CVE-2015-2808 CWE-310
OK { 
not vulnerable
}
clientsimulation-android_442 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_500 INFO { 
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
}
clientsimulation-android_60 INFO { 
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
}
clientsimulation-android_70 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_81 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_90 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-android_X INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-chrome_74_win10 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-chrome_79_win10 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-firefox_66_win81 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-firefox_71_win10 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-ie_6_xp INFO { 
No connection
}
clientsimulation-ie_8_win7 INFO { 
No connection
}
clientsimulation-ie_8_xp INFO { 
No connection
}
clientsimulation-ie_11_win7 INFO { 
TLSv1.2 ECDHE-RSA-AES256-SHA384
}
clientsimulation-ie_11_win81 INFO { 
TLSv1.2 ECDHE-RSA-AES256-SHA384
}
clientsimulation-ie_11_winphone81 INFO { 
TLSv1.2 ECDHE-RSA-AES128-SHA256
}
clientsimulation-ie_11_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-edge_15_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-edge_17_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-opera_66_win10 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-safari_9_ios9 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_9_osx1011 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_10_osx1012 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_121_ios_122 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-safari_130_osx_10146 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-apple_ats_9_ios9 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-java_6u45 INFO { 
No connection
}
clientsimulation-java_7u25 INFO { 
No connection
}
clientsimulation-java_8u161 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-java1102 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-java1201 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-openssl_102e INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-openssl_110l INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-openssl_111d INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-thunderbird_68_3_1 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
rating_spec INFO { 
SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
}
rating_doc INFO { 
https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
}
protocol_support_score INFO { 
0
}
protocol_support_score_weighted INFO { 
0
}
key_exchange_score INFO { 
0
}
key_exchange_score_weighted INFO { 
0
}
cipher_strength_score INFO { 
0
}
cipher_strength_score_weighted INFO { 
0
}
final_score INFO { 
0
}
overall_grade CRITICAL { 
T
}
grade_cap_reason_1 INFO { 
Grade capped to T. Issues with the chain of trust (self signed CA in chain)
}
scanTime INFO { 
104
}