CCF/tests/tls_report.csv

8.9 KiB

1ALPNINFOhttp/1.1
2BEASTOKnot vulnerable, no SSL3 or TLS1CVE-2011-3389CWE-20
3BREACHOKnot vulnerable, no HTTP compression - only supplied '/' testedCVE-2013-3587CWE-310
4CCSOKnot vulnerableCVE-2014-0224CWE-310
5CRIME_TLSOKnot vulnerableCVE-2012-4929CWE-310
6DNS_CAArecordLOW--
7DROWNOKnot vulnerable on this host and portCVE-2016-0800 CVE-2016-0703CWE-310
8DROWN_hintINFOno RSA certificate, can't be used with SSLv2 elsewhereCVE-2016-0800 CVE-2016-0703CWE-310
9FREAKOKnot vulnerableCVE-2015-0204CWE-310
10HPKPINFONo support for HTTP Public Key Pinning
11HSTSLOWnot offered
12HTTP_clock_skewINFOGot no HTTP time, maybe try different URL?
13HTTP_status_codeINFO404 Not Found ('/')
14LOGJAMOKnot vulnerable, no DH EXPORT ciphers,CVE-2015-4000CWE-310
15LOGJAM-common_primesOKno DH key with <= TLS 1.2CVE-2015-4000CWE-310
16LUCKY13OKnot vulnerableCVE-2013-0169CWE-310
17NPNINFOnot offered
18OCSP_staplingINFOnot offered
19PFSOKoffered
20PFS_ECDHE_curvesOKprime256v1 secp384r1 secp521r1
21PFS_ciphersINFOTLS_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 TLS_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
22POODLE_SSLOKnot vulnerable, no SSLv3CVE-2014-3566CWE-310
23RC4OKnot vulnerableCVE-2013-2566 CVE-2015-2808CWE-310
24ROBOTOKnot vulnerable, no RSA key transport cipherCVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168CWE-203
25SSL_sessionID_supportINFOyes
26SSLv2OKnot offered
27SSLv3OKnot offered
28SWEET32OKnot vulnerableCVE-2016-2183 CVE-2016-6329CWE-327
29TLS1INFOnot offered
30TLS1_1INFOnot offered
31TLS1_2OKoffered
32TLS1_3OKoffered with final
33TLS_extensionsINFO'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'extended master secret/#23'
34TLS_session_ticketINFOvalid for 7200 seconds only (<daily)
35TLS_timestampINFOrandom
36banner_applicationINFONo application banner found
37banner_reverseproxyINFO--CWE-200
38banner_serverINFONo Server banner line in header, interesting!
39certINFO----------
40cert_caIssuersINFOCCF Network
41cert_certificatePolicies_EVINFOno
42cert_chain_of_trustCRITICALfailed (chain incomplete).
43cert_commonNameOKCCF Node
44cert_commonName_wo_SNIINFOCCF Node
45cert_crlDistributionPointsINFO--
46cert_eTLSINFOnot present
47cert_expirationStatusHIGHexpires < 30 days (0)
48cert_extKeyUsageINFONo server extended key usage information
49cert_fingerprintSHA1INFO
50cert_fingerprintSHA256INFO
51cert_keySizeOKEC 384 bits
52cert_keyUsageINFONo server key usage information
53cert_mustStapleExtensionINFO--
54cert_notAfterHIGH
55cert_notBeforeINFO
56cert_numbersINFO1
57cert_ocspURLINFO--
58cert_revocationHIGHNeither CRL nor OCSP URI provided
59cert_serialNumberINFO
60cert_serialNumberLenINFO
61cert_signatureAlgorithmOKECDSA with SHA384
62cert_subjectAltNameINFO
63cert_trustOKOk via SAN
64cert_validityPeriodINFONo finding
65certificate_transparencyINFO--
66certs_countServerINFO1
67certs_list_ordering_problemINFOno
68cipher_negotiatedOKTLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
69cipher_orderOKserver
70cipher_x1301INFOx1301 TLS_AES_128_GCM_SHA256 ECDH 256 AESGCM 128 TLS_AES_128_GCM_SHA256
71cipher_x1302INFOx1302 TLS_AES_256_GCM_SHA384 ECDH 256 AESGCM 256 TLS_AES_256_GCM_SHA384
72cipher_xc02bINFOxc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
73cipher_xc02cINFOxc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
74cipherlist_3DES_IDEAINFOnot offeredCWE-310
75cipherlist_AVERAGEINFOnot offeredCWE-310
76cipherlist_EXPORTOKnot offeredCWE-327
77cipherlist_LOWOKnot offeredCWE-327
78cipherlist_NULLOKnot offeredCWE-327
79cipherlist_STRONGOKoffered
80cipherlist_aNULLOKnot offeredCWE-327
81cipherorder_TLSv1_2INFOECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256
82cipherorder_TLSv1_3INFOTLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256
83clientsimulation-android_442INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
84clientsimulation-android_500INFOTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
85clientsimulation-android_60INFOTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
86clientsimulation-android_70INFONo connection
87clientsimulation-android_81INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
88clientsimulation-android_90INFOTLSv1.3 TLS_AES_256_GCM_SHA384
89clientsimulation-android_XINFOTLSv1.3 TLS_AES_256_GCM_SHA384
90clientsimulation-apple_ats_9_ios9INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
91clientsimulation-chrome_74_win10INFOTLSv1.3 TLS_AES_256_GCM_SHA384
92clientsimulation-chrome_79_win10INFOTLSv1.3 TLS_AES_256_GCM_SHA384
93clientsimulation-edge_15_win10INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
94clientsimulation-edge_17_win10INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
95clientsimulation-firefox_66_win81INFOTLSv1.3 TLS_AES_256_GCM_SHA384
96clientsimulation-firefox_71_win10INFOTLSv1.3 TLS_AES_256_GCM_SHA384
97clientsimulation-ie_11_win10INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
98clientsimulation-ie_11_win7INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
99clientsimulation-ie_11_win81INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
100clientsimulation-ie_11_winphone81INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
101clientsimulation-ie_6_xpINFONo connection
102clientsimulation-ie_8_win7INFONo connection
103clientsimulation-ie_8_xpINFONo connection
104clientsimulation-java1102INFOTLSv1.3 TLS_AES_256_GCM_SHA384
105clientsimulation-java1201INFOTLSv1.3 TLS_AES_256_GCM_SHA384
106clientsimulation-java_6u45INFONo connection
107clientsimulation-java_7u25INFONo connection
108clientsimulation-java_8u161INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
109clientsimulation-openssl_102eINFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
110clientsimulation-openssl_110lINFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
111clientsimulation-openssl_111dINFOTLSv1.3 TLS_AES_256_GCM_SHA384
112clientsimulation-opera_66_win10INFOTLSv1.3 TLS_AES_256_GCM_SHA384
113clientsimulation-safari_10_osx1012INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
114clientsimulation-safari_121_ios_122INFOTLSv1.3 TLS_AES_256_GCM_SHA384
115clientsimulation-safari_130_osx_10146INFOTLSv1.3 TLS_AES_256_GCM_SHA384
116clientsimulation-safari_9_ios9INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
117clientsimulation-safari_9_osx1011INFOTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
118clientsimulation-thunderbird_68_3_1INFOTLSv1.3 TLS_AES_256_GCM_SHA384
119cookie_countINFO0 at '/' (30x detected, better try target URL of 30x)
120fallback_SCSVOKno protocol below TLS 1.2 offered
121heartbleedOKnot vulnerable, no heartbeat extensionCVE-2014-0160CWE-119
122pre_128cipherINFONo 128 cipher limit bug
123protocol_negotiatedOKDefault protocol TLS1.3
124secure_client_renegoOKnot vulnerableCVE-2011-1473CWE-310
125secure_renegoOKsupportedCWE-310
126security_headersMEDIUM--
127serviceINFOHTTP
128sessionresumption_IDINFOnot supported
129sessionresumption_ticketINFOnot supported
130ticketbleedOKnot vulnerableCVE-2016-9244CWE-200