SSL Report: example.net (192.168.172.182)
Assessed on:  Sun Jan 04 14:27:19 PST 2015 | HIDDEN | Clear cache
Scan Another »

Summary
Overall Rating
B
0
20
40
60
80
100
Certificate
 
100
Protocol Support
 
70
Key Exchange
 
80
Cipher Strength
 
90

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.  MORE INFO »
Authentication
Server Key and Certificate #1
Common names example.net
Alternative names example.net www.example.net
Prefix handling Both (with and without WWW)
Valid from Thu Dec 25 02:25:38 PST 2014
Valid until Sun Dec 25 02:25:38 PST 2016 (expires in 1 year and 11 months)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Go Daddy Secure Certificate Authority - G2
Signature algorithm SHA256withRSA
Extended Validation No
Revocation information CRL, OCSP
Revocation status Good (not revoked)
Trusted Yes


Additional Certificates (if supplied)
Certificates provided 4 (4802 bytes)
Chain issues Extra certs, Contains anchor
#2
Subject Go Daddy Secure Certificate Authority - G2
Fingerprint: 27ac9369faf25207bb2627cefaccbe4ef9c319b8
Valid until Sat May 03 00:00:00 PDT 2031 (expires in 16 years and 3 months)
Key RSA 2048 bits (e 65537)
Issuer Go Daddy Root Certificate Authority - G2
Signature algorithm SHA256withRSA
#3
Subject Go Daddy Root Certificate Authority - G2
Fingerprint: 841d4a9fc9d3b2f0ca5fab95525ab2066acf8322
Valid until Sat May 03 00:00:00 PDT 2031 (expires in 16 years and 3 months)
Key RSA 2048 bits (e 65537)
Issuer The Go Daddy Group / Go Daddy Class 2 Certification Authority
Signature algorithm SHA256withRSA
#4
Subject The Go Daddy Group / Go Daddy Class 2 Certification Authority   In trust store
Fingerprint: 2796bae63f1801e277261ba0d77770028f20eee4
Valid until Thu Jun 29 10:06:20 PDT 2034 (expires in 19 years and 5 months)
Key RSA 2048 bits (e 3)
Issuer The Go Daddy Group / Go Daddy Class 2 Certification Authority   Self-signed
Signature algorithm SHA1withRSA   Weak, but no impact on root certificate


Certification Paths
Path #1: Trusted
1 Sent by server example.net
Fingerprint: 3ed781f81992d336fccd59d06c1dbc93d11f8e24
RSA 2048 bits (e 65537) / SHA256withRSA
2 Sent by server Go Daddy Secure Certificate Authority - G2
Fingerprint: 27ac9369faf25207bb2627cefaccbe4ef9c319b8
RSA 2048 bits (e 65537) / SHA256withRSA
3 In trust store Go Daddy Root Certificate Authority - G2   Self-signed
Fingerprint: 47beabc922eae80e78783462a79f45c254fde68b
RSA 2048 bits (e 65537) / SHA256withRSA
Configuration
Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 No
SSL 2 No


Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 128
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 112
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112


Handshake Simulation
Android 2.3.7   No SNI 2 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   FS 128
Android 4.0.4 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Android 4.1.1 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Android 4.2.2 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Android 4.3 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Android 4.4.2 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
BingBot Dec 2013   No SNI 2 TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
BingPreview Jun 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Chrome 39 / OS X  R TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Firefox 31.3.0 ESR / Win 7 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Firefox 34 / OS X  R TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Googlebot Jun 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
IE 6 / XP   No FS 1   No SNI 2 Protocol or cipher suite mismatch Fail3
IE 7 / Vista TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
IE 8 / XP   No FS 1   No SNI 2 TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
IE 8-10 / Win 7  R TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
IE 11 / Win 7  R TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
IE 11 / Win 10 Preview  R TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
IE 11 / Win 8.1  R TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
IE Mobile 11 / Win Phone 8.1 TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS 112
Java 6u45   No SNI 2 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   FS 128
Java 7u25 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   FS 128
Java 8b132 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   FS 128
OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
OpenSSL 1.0.1h TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Safari 6 / iOS 6.0.1  R TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Safari 7 / iOS 7.1  R TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Safari 8 / iOS 8.0 Beta  R TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Safari 6.0.4 / OS X 10.8.4  R TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Safari 7 / OS X 10.9  R TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Yahoo Slurp Jun 2014   No SNI 2 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
YandexBot Sep 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).


Protocol Details
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info)   TLS 1.0: 0x39
POODLE (SSLv3) No, SSL 3 not supported (more info)
POODLE (TLS) No (more info)
Downgrade attack prevention Unknown (requires support for at least two protocols)
TLS compression No
RC4 No
Heartbeat (extension) No
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
Forward Secrecy With some browsers (more info)
Next Protocol Negotiation (NPN) No
Session resumption (caching) Yes
Session resumption (tickets) No
OCSP stapling No
Strict Transport Security (HSTS) No
Public Key Pinning (HPKP) No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance TLS 2.98 
SSL 2 handshake compatibility Yes


Miscellaneous
Test date Sun Jan 04 14:26:29 PST 2015
Test duration 49.470 seconds
HTTP status code 200
HTTP forwarding http://example.net
HTTP server signature Apache/2.2.3 (CentOS)
Server hostname example.net


SSL Report v1.11.1