CCF/tls_report.csv в 59f20c4760bd11aadaf19ab7d113c2122c3bf945

8.9 KiB

Исходник Ответственный История

1	ALPN	INFO	http/1.1
2	BEAST	OK	not vulnerable, no SSL3 or TLS1	CVE-2011-3389	CWE-20
3	BREACH	OK	not vulnerable, no HTTP compression - only supplied '/' tested	CVE-2013-3587	CWE-310
4	CCS	OK	not vulnerable	CVE-2014-0224	CWE-310
5	CRIME_TLS	OK	not vulnerable	CVE-2012-4929	CWE-310
6	DNS_CAArecord	LOW	--
7	DROWN	OK	not vulnerable on this host and port	CVE-2016-0800 CVE-2016-0703	CWE-310
8	DROWN_hint	INFO	no RSA certificate, can't be used with SSLv2 elsewhere	CVE-2016-0800 CVE-2016-0703	CWE-310
9	FREAK	OK	not vulnerable	CVE-2015-0204	CWE-310
10	HPKP	INFO	No support for HTTP Public Key Pinning
11	HSTS	LOW	not offered
12	HTTP_clock_skew	INFO	Got no HTTP time, maybe try different URL?
13	HTTP_status_code	INFO	404 NOT_FOUND ('/')
14	LOGJAM	OK	not vulnerable, no DH EXPORT ciphers,	CVE-2015-4000	CWE-310
15	LOGJAM-common_primes	OK	no DH key with <= TLS 1.2	CVE-2015-4000	CWE-310
16	LUCKY13	OK	not vulnerable	CVE-2013-0169	CWE-310
17	NPN	INFO	not offered
18	OCSP_stapling	INFO	not offered
19	PFS	OK	offered
20	PFS_ECDHE_curves	OK	prime256v1 secp384r1 secp521r1
21	PFS_ciphers	INFO	TLS_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
22	POODLE_SSL	OK	not vulnerable, no SSLv3	CVE-2014-3566	CWE-310
23	RC4	OK	not vulnerable	CVE-2013-2566 CVE-2015-2808	CWE-310
24	ROBOT	OK	not vulnerable, no RSA key transport cipher	CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168	CWE-203
25	SSL_sessionID_support	INFO	yes
26	SSLv2	OK	not offered
27	SSLv3	OK	not offered
28	SWEET32	OK	not vulnerable	CVE-2016-2183 CVE-2016-6329	CWE-327
29	TLS1	INFO	not offered
30	TLS1_1	INFO	not offered
31	TLS1_2	OK	offered
32	TLS1_3	OK	offered with final
33	TLS_extensions	INFO	'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'extended master secret/#23'
34	TLS_session_ticket	INFO	valid for 7200 seconds only (<daily)
35	TLS_timestamp	INFO	random
36	banner_application	INFO	No application banner found
37	banner_reverseproxy	INFO	--		CWE-200
38	banner_server	INFO	No Server banner line in header, interesting!
39	cert	INFO	----------
40	cert_caIssuers	INFO	CCF Test Service
41	cert_certificatePolicies_EV	INFO	no
42	cert_chain_of_trust	CRITICAL	failed (chain incomplete).
43	cert_commonName	OK	CCF Node
44	cert_commonName_wo_SNI	INFO	CCF Node
45	cert_crlDistributionPoints	INFO	--
46	cert_eTLS	INFO	not present
47	cert_expirationStatus	HIGH	expires < 30 days (0)
48	cert_extKeyUsage	INFO	No server extended key usage information
49	cert_fingerprintSHA1	INFO
50	cert_fingerprintSHA256	INFO
51	cert_keySize	OK	EC 384 bits
52	cert_keyUsage	INFO	No server key usage information
53	cert_mustStapleExtension	INFO	--
54	cert_notAfter	HIGH
55	cert_notBefore	INFO
56	cert_numbers	INFO	1
57	cert_ocspURL	INFO	--
58	cert_revocation	HIGH	Neither CRL nor OCSP URI provided
59	cert_serialNumber	INFO
60	cert_serialNumberLen	INFO
61	cert_signatureAlgorithm	OK	ECDSA with SHA384
62	cert_subjectAltName	INFO
63	cert_trust	OK	Ok via SAN
64	cert_validityPeriod	INFO	No finding
65	certificate_transparency	INFO	--
66	certs_countServer	INFO	1
67	certs_list_ordering_problem	INFO	no
68	cipher_negotiated	OK	TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
69	cipher_order	OK	server
70	cipher_x1301	INFO	x1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256
71	cipher_x1302	INFO	x1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384
72	cipher_xc02b	INFO	xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
73	cipher_xc02c	INFO	xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
74	cipherlist_3DES_IDEA	INFO	not offered		CWE-310
75	cipherlist_AVERAGE	INFO	not offered		CWE-310
76	cipherlist_EXPORT	OK	not offered		CWE-327
77	cipherlist_LOW	OK	not offered		CWE-327
78	cipherlist_NULL	OK	not offered		CWE-327
79	cipherlist_STRONG	OK	offered
80	cipherlist_aNULL	OK	not offered		CWE-327
81	cipherorder_TLSv1_2	INFO	ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256
82	cipherorder_TLSv1_3	INFO	TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256
83	clientsimulation-android_442	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
84	clientsimulation-android_500	INFO	TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
85	clientsimulation-android_60	INFO	TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
86	clientsimulation-android_70	INFO	No connection
87	clientsimulation-android_81	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
88	clientsimulation-android_90	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
89	clientsimulation-android_X	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
90	clientsimulation-apple_ats_9_ios9	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
91	clientsimulation-chrome_74_win10	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
92	clientsimulation-chrome_79_win10	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
93	clientsimulation-edge_15_win10	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
94	clientsimulation-edge_17_win10	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
95	clientsimulation-firefox_66_win81	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
96	clientsimulation-firefox_71_win10	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
97	clientsimulation-ie_11_win10	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
98	clientsimulation-ie_11_win7	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
99	clientsimulation-ie_11_win81	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
100	clientsimulation-ie_11_winphone81	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
101	clientsimulation-ie_6_xp	INFO	No connection
102	clientsimulation-ie_8_win7	INFO	No connection
103	clientsimulation-ie_8_xp	INFO	No connection
104	clientsimulation-java1102	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
105	clientsimulation-java1201	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
106	clientsimulation-java_6u45	INFO	No connection
107	clientsimulation-java_7u25	INFO	No connection
108	clientsimulation-java_8u161	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
109	clientsimulation-openssl_102e	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
110	clientsimulation-openssl_110l	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
111	clientsimulation-openssl_111d	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
112	clientsimulation-opera_66_win10	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
113	clientsimulation-safari_10_osx1012	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
114	clientsimulation-safari_121_ios_122	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
115	clientsimulation-safari_130_osx_10146	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
116	clientsimulation-safari_9_ios9	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
117	clientsimulation-safari_9_osx1011	INFO	TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
118	clientsimulation-thunderbird_68_3_1	INFO	TLSv1.3 TLS_AES_256_GCM_SHA384
119	cookie_count	INFO	0 at '/' (30x detected, better try target URL of 30x)
120	fallback_SCSV	OK	no protocol below TLS 1.2 offered
121	heartbleed	OK	not vulnerable, no heartbeat extension	CVE-2014-0160	CWE-119
122	pre_128cipher	INFO	No 128 cipher limit bug
123	protocol_negotiated	OK	Default protocol TLS1.3
124	secure_client_renego	OK	not vulnerable	CVE-2011-1473	CWE-310
125	secure_renego	OK	supported		CWE-310
126	security_headers	MEDIUM	--
127	service	INFO	HTTP
128	sessionresumption_ID	INFO	not supported
129	sessionresumption_ticket	INFO	not supported
130	ticketbleed	OK	not vulnerable	CVE-2016-9244	CWE-200

8.9 KiB Исходник Ответственный История

8.9 KiB

Исходник Ответственный История