Nápověda jak vyhledávat Snadné hledání
  1. Hlídač Státu
  2. Hlídač Webů
  3. Detailní analýza HTTPs pro Statutární město Chomutov

Hlídač Statutární město Chomutov Detailní analýza HTTPs pro Statutární město Chomutov

Statutární město Chomutov
https://www.chomutov.cz/

Statutární město Chomutov Statutární město Chomutov - webové stránky města

Zabezpečení komunikace

A
Certifikát expiruje za 129 dní.

Výsledek analýzy HTTPS na www.chomutov.cz ze dne 22.04.2024

Všechno je v nejlepším pořádku a web se drží doporučených postupů.

Detailní analýza

Detailní report z HTTPs analýzy pomocí nástroje testssl.sh

server www.chomutov.cz/217.75.213.173
pre_128cipher INFO { 
No 128 cipher limit bug
}
SSLv2 OK { 
not offered
}
SSLv3 OK { 
not offered
}
TLS1 INFO { 
not offered
}
TLS1_1 INFO { 
not offered
}
TLS1_2 OK { 
offered
}
TLS1_3 OK { 
offered with final
}
NPN INFO { 
not offered
}
ALPN INFO { 
http/1.1
}
cipherlist_NULL
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_aNULL
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_EXPORT
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_LOW
zranitelnosti: CWE-327
OK { 
not offered
}
cipherlist_3DES_IDEA
zranitelnosti: CWE-310
INFO { 
not offered
}
cipherlist_AVERAGE
zranitelnosti: CWE-310
LOW { 
offered
}
cipherlist_GOOD OK { 
offered
}
cipherlist_STRONG OK { 
offered
}
cipher_order OK { 
server
}
protocol_negotiated OK { 
Default protocol TLS1.3
}
cipher_negotiated OK { 
TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
}
cipher-tls1_2_xc030 OK { 
TLSv1.2   xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
}
cipher-tls1_2_x9f OK { 
TLSv1.2   x9f     DHE-RSA-AES256-GCM-SHA384         DH 2048    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
}
cipher-tls1_2_xcca8 OK { 
TLSv1.2   xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
}
cipher-tls1_2_xccaa OK { 
TLSv1.2   xccaa   DHE-RSA-CHACHA20-POLY1305         DH 2048    ChaCha20    256      TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
}
cipher-tls1_2_xc0a3 OK { 
TLSv1.2   xc0a3   DHE-RSA-AES256-CCM8               DH 2048    AESCCM8     256      TLS_DHE_RSA_WITH_AES_256_CCM_8
}
cipher-tls1_2_xc09f OK { 
TLSv1.2   xc09f   DHE-RSA-AES256-CCM                DH 2048    AESCCM      256      TLS_DHE_RSA_WITH_AES_256_CCM
}
cipher-tls1_2_xc061 OK { 
TLSv1.2   xc061   ECDHE-ARIA256-GCM-SHA384          ECDH 253   ARIAGCM     256      TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
}
cipher-tls1_2_xc053 OK { 
TLSv1.2   xc053   DHE-RSA-ARIA256-GCM-SHA384        DH 2048    ARIAGCM     256      TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
}
cipher-tls1_2_xc02f OK { 
TLSv1.2   xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
}
cipher-tls1_2_x9e OK { 
TLSv1.2   x9e     DHE-RSA-AES128-GCM-SHA256         DH 2048    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
}
cipher-tls1_2_xc0a2 OK { 
TLSv1.2   xc0a2   DHE-RSA-AES128-CCM8               DH 2048    AESCCM8     128      TLS_DHE_RSA_WITH_AES_128_CCM_8
}
cipher-tls1_2_xc09e OK { 
TLSv1.2   xc09e   DHE-RSA-AES128-CCM                DH 2048    AESCCM      128      TLS_DHE_RSA_WITH_AES_128_CCM
}
cipher-tls1_2_xc060 OK { 
TLSv1.2   xc060   ECDHE-ARIA128-GCM-SHA256          ECDH 253   ARIAGCM     128      TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
}
cipher-tls1_2_xc052 OK { 
TLSv1.2   xc052   DHE-RSA-ARIA128-GCM-SHA256        DH 2048    ARIAGCM     128      TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
}
cipher-tls1_2_xc028 LOW { 
TLSv1.2   xc028   ECDHE-RSA-AES256-SHA384           ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}
cipher-tls1_2_x6b LOW { 
TLSv1.2   x6b     DHE-RSA-AES256-SHA256             DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
}
cipher-tls1_2_xc077 LOW { 
TLSv1.2   xc077   ECDHE-RSA-CAMELLIA256-SHA384      ECDH 253   Camellia    256      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
}
cipher-tls1_2_xc4 LOW { 
TLSv1.2   xc4     DHE-RSA-CAMELLIA256-SHA256        DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
}
cipher-tls1_2_xc027 LOW { 
TLSv1.2   xc027   ECDHE-RSA-AES128-SHA256           ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
}
cipher-tls1_2_x67 LOW { 
TLSv1.2   x67     DHE-RSA-AES128-SHA256             DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
cipher-tls1_2_xc076 LOW { 
TLSv1.2   xc076   ECDHE-RSA-CAMELLIA128-SHA256      ECDH 253   Camellia    128      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
}
cipher-tls1_2_xbe LOW { 
TLSv1.2   xbe     DHE-RSA-CAMELLIA128-SHA256        DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
}
cipher-tls1_2_xc014 LOW { 
TLSv1.2   xc014   ECDHE-RSA-AES256-SHA              ECDH 253   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
}
cipher-tls1_2_x39 LOW { 
TLSv1.2   x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
}
cipher-tls1_2_x88 LOW { 
TLSv1.2   x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
}
cipher-tls1_2_xc013 LOW { 
TLSv1.2   xc013   ECDHE-RSA-AES128-SHA              ECDH 253   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
}
cipher-tls1_2_x33 LOW { 
TLSv1.2   x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
}
cipher-tls1_2_x45 LOW { 
TLSv1.2   x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
}
cipher-tls1_2_x9d OK { 
TLSv1.2   x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384
}
cipher-tls1_2_xc0a1 OK { 
TLSv1.2   xc0a1   AES256-CCM8                       RSA        AESCCM8     256      TLS_RSA_WITH_AES_256_CCM_8
}
cipher-tls1_2_xc09d OK { 
TLSv1.2   xc09d   AES256-CCM                        RSA        AESCCM      256      TLS_RSA_WITH_AES_256_CCM
}
cipher-tls1_2_xc051 OK { 
TLSv1.2   xc051   ARIA256-GCM-SHA384                RSA        ARIAGCM     256      TLS_RSA_WITH_ARIA_256_GCM_SHA384
}
cipher-tls1_2_x9c OK { 
TLSv1.2   x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256
}
cipher-tls1_2_xc0a0 OK { 
TLSv1.2   xc0a0   AES128-CCM8                       RSA        AESCCM8     128      TLS_RSA_WITH_AES_128_CCM_8
}
cipher-tls1_2_xc09c OK { 
TLSv1.2   xc09c   AES128-CCM                        RSA        AESCCM      128      TLS_RSA_WITH_AES_128_CCM
}
cipher-tls1_2_xc050 OK { 
TLSv1.2   xc050   ARIA128-GCM-SHA256                RSA        ARIAGCM     128      TLS_RSA_WITH_ARIA_128_GCM_SHA256
}
cipher-tls1_2_x3d LOW { 
TLSv1.2   x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256
}
cipher-tls1_2_xc0 LOW { 
TLSv1.2   xc0     CAMELLIA256-SHA256                RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
}
cipher-tls1_2_x3c LOW { 
TLSv1.2   x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256
}
cipher-tls1_2_xba LOW { 
TLSv1.2   xba     CAMELLIA128-SHA256                RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
}
cipher-tls1_2_x35 LOW { 
TLSv1.2   x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA
}
cipher-tls1_2_x84 LOW { 
TLSv1.2   x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
}
cipher-tls1_2_x2f LOW { 
TLSv1.2   x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA
}
cipher-tls1_2_x41 LOW { 
TLSv1.2   x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
}
cipher-tls1_2_x9a LOW { 
TLSv1.2   x9a     DHE-RSA-SEED-SHA                  DH 2048    SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA
}
cipher-tls1_2_x96 LOW { 
TLSv1.2   x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA
}
cipherorder_TLSv1_2 INFO { 
ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM ECDHE-ARIA256-GCM-SHA384 DHE-RSA-ARIA256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM ECDHE-ARIA128-GCM-SHA256 DHE-RSA-ARIA128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES256-GCM-SHA384 AES256-CCM8 AES256-CCM ARIA256-GCM-SHA384 AES128-GCM-SHA256 AES128-CCM8 AES128-CCM ARIA128-GCM-SHA256 AES256-SHA256 CAMELLIA256-SHA256 AES128-SHA256 CAMELLIA128-SHA256 AES256-SHA CAMELLIA256-SHA AES128-SHA CAMELLIA128-SHA DHE-RSA-SEED-SHA SEED-SHA
}
prioritize_chacha_TLSv1_2 INFO { 
false
}
cipher-tls1_3_x1302 OK { 
TLSv1.3   x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384
}
cipher-tls1_3_x1303 OK { 
TLSv1.3   x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
}
cipher-tls1_3_x1301 OK { 
TLSv1.3   x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256
}
cipherorder_TLSv1_3 INFO { 
TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256
}
prioritize_chacha_TLSv1_3 INFO { 
false
}
FS OK { 
offered
}
FS_ciphers INFO { 
TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 DHE-RSA-CAMELLIA256-SHA DHE-RSA-ARIA256-GCM-SHA384 ECDHE-ARIA256-GCM-SHA384 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-ARIA128-GCM-SHA256 ECDHE-ARIA128-GCM-SHA256
}
FS_ECDHE_curves OK { 
prime256v1 secp384r1 secp521r1 brainpoolP256r1 brainpoolP384r1 brainpoolP512r1 X25519
}
DH_groups OK { 
RFC3526/Oakley Group 14
}
TLS_extensions INFO { 
'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'session ticket/#35' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'encrypt-then-mac/#22' 'extended master secret/#23'
}
TLS_session_ticket INFO { 
valid for 7200 seconds only (<daily)
}
SSL_sessionID_support INFO { 
yes
}
sessionresumption_ticket INFO { 
supported
}
sessionresumption_ID INFO { 
not supported
}
TLS_timestamp INFO { 
off by -5 seconds from your localtime
}
certificate_compression INFO { 
none
}
clientAuth INFO { 
none
}
cert_numbers INFO { 
1
}
cert_signatureAlgorithm OK { 
SHA256 with RSA
}
cert_keySize OK { 
RSA 4096 bits (exponent is 65537)
}
cert_keyUsage INFO { 
Digital Signature, Key Encipherment
}
cert_extKeyUsage INFO { 
TLS Web Server Authentication, TLS Web Client Authentication
}
cert_serialNumber INFO { 
0E1041C3D063879785925743D5BEC020
}
cert_serialNumberLen INFO { 
16
}
cert_fingerprintSHA1 INFO { 
32D991B29B38D10BAE5BC3BFE0199B66927F27CD
}
cert_fingerprintSHA256 INFO { 
C84799193FB74EB6CD0F5A8297F76CA69743DDB090FF5E442AAC9A38E6446FFA
}
cert INFO { 
-----BEGIN CERTIFICATE----- MIIHJjCCBg6gAwIBAgIQDhBBw9Bjh5eFkldD1b7AIDANBgkqhkiG9w0BAQsFADBg MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcx MB4XDTIzMDczMTAwMDAwMFoXDTI0MDgzMDIzNTk1OVowGDEWMBQGA1UEAwwNKi5j aG9tdXRvdi5jejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKORHIdl n3ATQpnGZH7T4QfMf8vBJaXEvbjE0X2bSqHklBEXs2z6n5xXKnkd8qsgl1qZtjrX UG9YwVStRbtqcytLiwlvYcGa8RSUL+IzijXK8mu1dpGLyAjYTWFIM3NE3o8Z6oj8 qbtLeqwiz1nta02BQtGuMHdmdHUVqEh0wzfHRFu5kCGkMKyoNzNFKjMBx0KJgxvE cBRLLWwfjf6a7RZuqSZRioa38eiTFECu68hQII2cG42nLgBNhTOw0pL98Rq3TWxr OlBHqMzIm+hdikD7jzjlWqLz+f1lDWfpFfxKfFU35acvFfD6RQt75K2cHaLngbYW F1SBSoqnnD+2Lt5QrNYNgShqut/Tmx7+GPLwQWtYkr/gVt5ZgKEuA/DAY/iNjHPk esqTrO/YliysJT364KqciC5o7T+flGDQLA68Q5ylWJN73KT/WwoczMSSyt6zJtGt cx9xextYI6nbr4qM5JDQ+je0xO46JB33XIZHMPbWEow2mmJXSkH/JLHweI8ccU/D bvqx5vN7+qmzzva0SkjLWnAVBda0H5KD3HTkEJUm/uKknNlutBFO029ggYuAwf8F xKRwZxZqxLB9ewno0EwM7RWSjana6WUXjjv8qJCP/s6djhGxIELs0+baoiTrHIPZ V9e/N3I7Cxkwv62f3WN8Wjo+IghK1N5EpWhtAgMBAAGjggMiMIIDHjAfBgNVHSME GDAWgBSUT9Rdi+Sk4qaA/v3Y+QDvo74CVzAdBgNVHQ4EFgQUmg0PYm7sQA0DhWMY dk28CWeEtPIwJQYDVR0RBB4wHIINKi5jaG9tdXRvdi5jeoILY2hvbXV0b3YuY3ow DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/ BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLmdlb3RydXN0LmNvbS9HZW9UcnVz dFRMU1JTQUNBRzEuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUH AgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB2BggrBgEFBQcBAQRqMGgw JgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGF0dXMuZ2VvdHJ1c3QuY29tMD4GCCsGAQUF BzAChjJodHRwOi8vY2FjZXJ0cy5nZW90cnVzdC5jb20vR2VvVHJ1c3RUTFNSU0FD QUcxLmNydDAJBgNVHRMEAjAAMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwDu zdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYmrLX98AAAEAwBIMEYC IQDZ4/ZsvkZQARVD3iO7aV4Sv8f0vnajJWKwRkAN+V9rZAIhANh+zsFcwkqaVzy+ ZnyigSbrAv35qxluIuQ6tqS6CubUAHYASLDja9qmRzQP5WoC+p0w6xxSActW3SyB 2bu/qznYhHMAAAGJqy1/uQAABAMARzBFAiEA/4YlPN+t+5WKwADEPRcPmVutHjtP +cXHCPGO40j6lOUCIHg83htqVQ+Ggfyoq17U3s1zLzp4C4L8JUn6bElzOMxoAHcA 2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGJqy1/gwAABAMASDBG AiEAhaQVqrbPxWfGUAn+tB8C05LBiOHtYPSAKicCsA+u18kCIQChncYrXjJhh5p7 nF8A4p9yr5aV1FActiCHFWuK9L1z3TANBgkqhkiG9w0BAQsFAAOCAQEAI4YWuoOh BnpCiOMh5gEwz1XgJ9K2IMQw/YgyMsySmbKogVVfGYYb4+Z+bfytVEqvBGlJBw1F X3tA4pHquhqACbiGFnZogBW0BBGY2QuCKA7thZYN2BEEjAw8vyglwS+fd2YWEIQ9 ue9EQdKkffzh+3B71JhkGEDHPTirEA4b6IbOUpj63rjQ+RYXaso0e4EPlid5eEXL Pg7ul2elfh/Gi9FCknpA6f8n8utQbprW+beUHyaj3I5UlmrQI43oXCRLdEMQru9f GxOqG/DMvtcO7oYVqm6S1WfXZuqukASqrUYvmO34uLdRFVs/V0xZJSKZHdIdluGh WaUpSaoouDxf/w== -----END CERTIFICATE-----
}
cert_commonName OK { 
*.chomutov.cz
}
cert_commonName_wo_SNI INFO { 
*.chomutov.cz
}
cert_subjectAltName INFO { 
*.chomutov.cz chomutov.cz
}
cert_trust OK { 
Ok via SAN wildcard and CN wildcard (same w/o SNI)
}
cert_chain_of_trust OK { 
passed.
}
cert_certificatePolicies_EV INFO { 
no
}
cert_expirationStatus OK { 
130 >= 60 days
}
cert_notBefore INFO { 
2023-07-31 00:00
}
cert_notAfter OK { 
2024-08-30 23:59
}
cert_extlifeSpan OK { 
certificate has no extended life time according to browser forum
}
cert_eTLS INFO { 
not present
}
cert_crlDistributionPoints INFO { 
http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl
}
cert_ocspURL INFO { 
http://status.geotrust.com
}
OCSP_stapling LOW { 
not offered
}
cert_mustStapleExtension INFO { 
--
}
DNS_CAArecord LOW { 
--
}
certificate_transparency OK { 
yes (certificate extension)
}
certs_countServer INFO { 
3
}
certs_list_ordering_problem LOW { 
yes
}
cert_caIssuers INFO { 
GeoTrust TLS RSA CA G1 (DigiCert Inc from US)
}
intermediate_cert <#1> INFO { 
-----BEGIN CERTIFICATE----- MIIEjTCCA3WgAwIBAgIQDQd4KhM/xvmlcpbhMf/ReTANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0xNzExMDIxMjIzMzdaFw0yNzExMDIxMjIzMzdaMGAxCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xHzAdBgNVBAMTFkdlb1RydXN0IFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC+F+jsvikKy/65LWEx/TMkCDIuWegh1Ngwvm4Q yISgP7oU5d79eoySG3vOhC3w/3jEMuipoH1fBtp7m0tTpsYbAhch4XA7rfuD6whU gajeErLVxoiWMPkC/DnUvbgi74BJmdBiuGHQSd7LwsuXpTEGG9fYXcbTVN5SATYq DfbexbYxTMwVJWoVb6lrBEgM3gBBqiiAiy800xu1Nq07JdCIQkBsNpFtZbIZhsDS fzlGWP4wEmBQ3O67c+ZXkFr2DcrXBEtHam80Gp2SNhou2U5U7UesDL/xgLK6/0d7 6TnEVMSUVJkZ8VeZr+IUIlvoLrtjLbqugb0T3OYXW+CQU0kBAgMBAAGjggFAMIIB PDAdBgNVHQ4EFgQUlE/UXYvkpOKmgP792PkA76O+AlcwHwYDVR0jBBgwFoAUTiJU IBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMDQGCCsGAQUFBwEB BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEIGA1Ud HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds b2JhbFJvb3RHMi5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEW HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEB AIIcBDqC6cWpyGUSXAjjAcYwsK4iiGF7KweG97i1RJz1kwZhRoo6orU1JtBYnjzB c4+/sXmnHJk3mlPyL1xuIAt9sMeC7+vreRIF5wFBC0MCN5sbHwhNN1JzKbifNeP5 ozpZdQFmkCo+neBiKR6HqIA+LMTMCMMuv2khGGuPHmtDze4GmEGZtYLyF8EQpa5Y jPuV6k2Cr/N3XxFpT3hRpt/3usU/Zb9wfKPtWpoznZ4/44c1p9rzFcZYrWkj3A+7 TNBJE0GmP2fhXhP1D/XVfIW/h0yCJGEiV9Glm/uGOa3DXHlmbAcxSyCRraG+ZBkA 7h4SeM6Y8l/7MBRpPCz6l8Y= -----END CERTIFICATE-----
}
intermediate_cert_fingerprintSHA256 <#1> INFO { 
C06E307F7CFC1D32FA72A4C033C87B90019AF216F0775D64978A2ECA6C8A230E
}
intermediate_cert_notBefore <#1> INFO { 
2017-11-02 12:23
}
intermediate_cert_notAfter <#1> OK { 
2027-11-02 12:23
}
intermediate_cert_expiration <#1> OK { 
ok > 40 days
}
intermediate_cert_chain <#1> INFO { 
GeoTrust TLS RSA CA G1 <-- DigiCert Global Root G2
}
intermediate_cert <#2> INFO { 
-----BEGIN CERTIFICATE----- MIIFyzCCBLOgAwIBAgIQD2IvbyHC/11SH3I6HUfWLTANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0yMjA1MDQwMDAwMDBaFw0zMTExMDkyMzU5NTlaMFwxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE0MDIGA1UEAxMrR2VvVHJ1c3QgR2xv YmFsIFRMUyBSU0E0MDk2IFNIQTI1NiAyMDIyIENBMTCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBAOi2w4fkhoZPCI6L7nLMjvJTFg2rvXa7JPgQtpm9Ls4Z 9u2/SuiTDcjnGfjMYq9uTdBsiRjCC8fh3HsrPMCCAvfAf7bY349rOV4XWTGXZ2RS UE20zKyhiF1Z+SkySD5+9yxzLNEyb+JXN8LLLcyB2Hw79jEq6v09+8zL5Ip3wFz9 +Uc3Tx4LVwTvW50pGMHFl3xpjO7iQS2RCkNcHHdqfEEkKy8EStVGA27aYYuHbgdx ivjv0Axx3M4NrWfO8tGj8w0t8LhKDTuk/gFOI4klRcHRjcuH6giK6mkM3qpGGQLW +Zc7Q93NFXalE5Qzn5/JESIcSPFDOezoAi9fMdtEa7Qj9/yCaUx5S14l66zlE1Od y5hzpQBOlsw9KjJxsfpc4LQTB8aDaNjSqzLpwj6XlsRjaRon9GSS1q6HDYI3o8pR x03xM1k7JTgiyyRO+84PVjLUOxy6u4SrEXRM0jdtxqnzfwW2CFsKo+5xHZB9xt5m 82zwUzY7+VOHEg8YpJxS2N6HR6QBvxo/6pgyfdmwAjiOGhA1GfHvQWf2vyHNguLq 1Jn4gr0b27HMZl6yqquv9O9XgDjPk147eym8GbN6AmBBke0HXR8fPwier1spgIoB W3txZY6OiJr/JRl2n5MnUZ3QdyFfvzfkuBWwVCI7WI4gVJmhkOMeG9grhIRPm+zH AgMBAAGjggGCMIIBfjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSltNbr NsTna6bfxGQLASogBLhmIzAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3R VTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl cnQuY29tMEAGCCsGAQUFBzAChjRodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v RGlnaUNlcnRHbG9iYWxSb290Q0EuY3J0MEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYD VR0gBDYwNDALBglghkgBhv1sAgEwBwYFZ4EMAQEwCAYGZ4EMAQIBMAgGBmeBDAEC AjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAJ5ytcBRxwtzXW/S2tOySJu4 bhFRUuYRF91SMDUX8aX8Z/JIdLZb1+d6LIaiVkybFKYL8K2xual6/NL0tcI0T3Nw /QNwS12NrfbS/th9aus7kiSbnNbkM2sc61vx9lF0qYklhJzSOkUPPSyq4Bdhg8G6 puAqrvQNqxNNMTTyMs5KNJdpLMEdIKdelM+9KKEMy9/jWGuLoNr8BvjkDx19VQSI MCrwTFiQSC3sMkZQrCgZIwnQbf2ynOSMDutLoja5uKB7l+vbH2qSPFf3vD2HoTH7 S8+k0HfXb/f7ZSM5GDln3DTbBPI2qmmMiwFZJOMuYAQP1cyP8ywlhfdEdKVcW6E= -----END CERTIFICATE-----
}
intermediate_cert_fingerprintSHA256 <#2> INFO { 
A797108A05AD9328585FC0CB842FBD824FAC6510B8D7EB4FF47991EEE58AA924
}
intermediate_cert_notBefore <#2> INFO { 
2022-05-04 00:00
}
intermediate_cert_notAfter <#2> OK { 
2031-11-09 23:59
}
intermediate_cert_expiration <#2> OK { 
ok > 40 days
}
intermediate_cert_chain <#2> INFO { 
GeoTrust Global TLS RSA4096 SHA256 2022 CA1 <-- DigiCert Global Root CA
}
intermediate_cert_badOCSP OK { 
intermediate certificate(s) is/are ok
}
HTTP_status_code INFO { 
200 OK ('/')
}
HTTP_clock_skew INFO { 
0 seconds from localtime
}
HTTP_headerTime INFO { 
1713817273
}
HSTS LOW { 
not offered
}
HPKP INFO { 
No support for HTTP Public Key Pinning
}
banner_server INFO { 
Apache
}
banner_application INFO { 
No application banner found
}
cookie_count INFO { 
1 at '/'
}
cookie_secure INFO { 
0/1 at '/' marked as secure
}
cookie_httponly OK { 
All (1) at '/' marked as HttpOnly
}
Upgrade INFO { 
h2
}
banner_reverseproxy
zranitelnosti: CWE-200
INFO { 
--
}
heartbleed
zranitelnosti: CVE-2014-0160 CWE-119
OK { 
not vulnerable, no heartbeat extension
}
CCS
zranitelnosti: CVE-2014-0224 CWE-310
OK { 
not vulnerable
}
ticketbleed
zranitelnosti: CVE-2016-9244 CWE-200
OK { 
not vulnerable
}
ROBOT
zranitelnosti: CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168 CWE-203
OK { 
not vulnerable
}
secure_renego
zranitelnosti: CWE-310
OK { 
supported
}
secure_client_renego
zranitelnosti: CVE-2011-1473 CWE-310
OK { 
not vulnerable
}
CRIME_TLS
zranitelnosti: CVE-2012-4929 CWE-310
OK { 
not vulnerable
}
BREACH
zranitelnosti: CVE-2013-3587 CWE-310
MEDIUM { 
potentially VULNERABLE, gzip HTTP compression detected  - only supplied '/' tested
}
POODLE_SSL
zranitelnosti: CVE-2014-3566 CWE-310
OK { 
not vulnerable, no SSLv3
}
fallback_SCSV OK { 
no protocol below TLS 1.2 offered
}
SWEET32
zranitelnosti: CVE-2016-2183 CVE-2016-6329 CWE-327
OK { 
not vulnerable
}
FREAK
zranitelnosti: CVE-2015-0204 CWE-310
OK { 
not vulnerable
}
DROWN
zranitelnosti: CVE-2016-0800 CVE-2016-0703 CWE-310
OK { 
not vulnerable on this host and port
}
DROWN_hint
zranitelnosti: CVE-2016-0800 CVE-2016-0703 CWE-310
INFO { 
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=C84799193FB74EB6CD0F5A8297F76CA69743DDB090FF5E442AAC9A38E6446FFA
}
LOGJAM-common_primes
zranitelnosti: CVE-2015-4000 CWE-310
INFO { 
RFC3526/Oakley Group 14
}
LOGJAM
zranitelnosti: CVE-2015-4000 CWE-310
OK { 
not vulnerable, no DH EXPORT ciphers,
}
BEAST
zranitelnosti: CVE-2011-3389 CWE-20
OK { 
not vulnerable, no SSL3 or TLS1
}
LUCKY13
zranitelnosti: CVE-2013-0169 CWE-310
LOW { 
potentially vulnerable, uses TLS CBC ciphers
}
winshock
zranitelnosti: CVE-2014-6321 CWE-94
OK { 
not vulnerable
}
RC4
zranitelnosti: CVE-2013-2566 CVE-2015-2808 CWE-310
OK { 
not vulnerable
}
clientsimulation-android_442 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_500 INFO { 
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
}
clientsimulation-android_60 INFO { 
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
}
clientsimulation-android_70 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_81 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-android_90 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-android_X INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-chrome_74_win10 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-chrome_79_win10 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-firefox_66_win81 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-firefox_71_win10 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-ie_6_xp INFO { 
No connection
}
clientsimulation-ie_8_win7 INFO { 
No connection
}
clientsimulation-ie_8_xp INFO { 
No connection
}
clientsimulation-ie_11_win7 INFO { 
TLSv1.2 DHE-RSA-AES256-GCM-SHA384
}
clientsimulation-ie_11_win81 INFO { 
TLSv1.2 DHE-RSA-AES256-GCM-SHA384
}
clientsimulation-ie_11_winphone81 INFO { 
TLSv1.2 ECDHE-RSA-AES128-SHA256
}
clientsimulation-ie_11_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-edge_15_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-edge_17_win10 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-opera_66_win10 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-safari_9_ios9 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_9_osx1011 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_10_osx1012 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-safari_121_ios_122 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-safari_130_osx_10146 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-apple_ats_9_ios9 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-java_6u45 INFO { 
No connection
}
clientsimulation-java_7u25 INFO { 
No connection
}
clientsimulation-java_8u161 INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-java1102 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-java1201 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-openssl_102e INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-openssl_110l INFO { 
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
}
clientsimulation-openssl_111d INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
clientsimulation-thunderbird_68_3_1 INFO { 
TLSv1.3 TLS_AES_256_GCM_SHA384
}
rating_spec INFO { 
SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
}
rating_doc INFO { 
https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
}
protocol_support_score INFO { 
100
}
protocol_support_score_weighted INFO { 
30
}
key_exchange_score INFO { 
90
}
key_exchange_score_weighted INFO { 
27
}
cipher_strength_score INFO { 
90
}
cipher_strength_score_weighted INFO { 
36
}
final_score INFO { 
93
}
overall_grade OK { 
A
}
grade_cap_reason_1 INFO { 
Grade capped to A. HSTS is not offered
}
scanTime INFO { 
152
}
O nás Podporují nás Proč hlídáme Náš kodex Kontakt
Team Podpořte nás! API a Open data pro vývojáře Podmínky užívání a ochrana soukromí Pro média, loga
 Nahlásit chybu/ Běží nám servery?
K-index: Hlídáme stát s odvahou!/EN
Sledujte nás
CORE5 1.1.0.0 2024-04-17 10:21