SSL Report: ebanking.aikbanka.rs ( )

Size: px

Start display at page:

Download "SSL Report: ebanking.aikbanka.rs ( )"

Colin Stokes
7 years ago
Views:

1 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > SSL Report: ( ) Assessed on: Sun, 03 Jan :36:01 UTC HIDDEN Clear cache Scan Another» Summary Overall Rating Certificate F Protocol Support Key Exchange Cipher Strength Visit our documentation page for more information, configuration guides, and books. Known issues are documented here. This server supports SSL 2, which is obsolete and insecure. Grade set to F. This server uses SSL 3, which is obsolete and insecure. Grade capped to B. MORE INFO» The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO» This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B. MORE INFO» The server does not support Forward Secrecy with the reference browsers. MORE INFO» Authentication Server Key and Certificate #1 Common names Alternative names Prefix handling Valid from www. Both (with and without WWW) Fri, 13 v :14:38 UTC Mon, 28 v :26:40 UTC (expires in 10 months and 25 days) Weak key (Debian) Extended Validation Certificate Transparency Revocation information Revocation status Trusted CRL, OCSP Good (not revoked) 1 of 5 03/01/16 15:36

2 Additional Certificates (if supplied) Certificates provided Chain issues 3 (3735 bytes) ne #2 Sat, 03 May :00:00 UTC (expires in 15 years and 3 months) #3 Fingerprint SHA1: 340b2880f446fcc04e59ed33f52b3d08d Fri, 30 May :00:00 UTC (expires in 15 years and 4 months) The Go Daddy Group, Inc. / Go Daddy Class 2 Certification Authority Certification Paths Path #1: Trusted 1 Sent by server 2 Sent by server 3 In trust store Self-signed Fingerprint SHA1: 47beabc922eae80e a79f45c254fde68b Path #2: Trusted 1 Sent by server 2 Sent by server 3 Sent by server 4 In trust store Fingerprint SHA1: 340b2880f446fcc04e59ed33f52b3d08d The Go Daddy Group, Inc. / Go Daddy Class 2 Certification Authority Self-signed Fingerprint SHA1: 2796bae63f1801e277261ba0d f20eee4 Pin SHA256: VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= RSA 2048 bits (e 3) / SHA1withRSA Weak or insecure signature, but no impact on root certificate Configuration Protocols 2 of 5 03/01/16 15:36

3 Protocols TLS 1.2 TLS 1.1 TLS 1.0 SSL 3 INSECURE SSL 2 INSECURE Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites at the end) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq bits RSA) FS 256 TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0) INSECURE 112 SSL_CK_RC4_128_WITH_MD5 (0x10080) INSECURE 128 Handshake Simulation Android SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android 4.3 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Baidu Jan 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS BingPreview Jan 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Chrome 47 / OS X R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Firefox ESR / Win 7 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Firefox 42 / OS X R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Googlebot Feb 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 6 / XP FS 1 SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_SHA RC4 IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 8 / XP FS 1 SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA RC4 IE 8-10 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win 8.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win Phone 8.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win Phone 8.1 Update R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win 10 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Edge 13 / Win 10 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Edge 13 / Win Phone 10 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Java 6u45 SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Java 7u25 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Java 8u31 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS OpenSSL 0.9.8y TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS OpenSSL 1.0.1l R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS OpenSSL R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS 3 of 5 03/01/16 15:36

4 Handshake Simulation Safari / OS X TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 6 / ios R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari / OS X R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 7 / ios 7.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 7 / OS X 10.9 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 8 / ios 8.4 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 8 / OS X R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 9 / ios 9 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 9 / OS X R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Apple ATS 9 / ios 9 R Protocol or cipher suite mismatch TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH secp256r1 Yahoo Slurp Jan 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS YandexBot Jan 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). Protocol Details Secure Renegotiation Secure Client-Initiated Renegotiation Insecure Client-Initiated Renegotiation BEAST attack POODLE (SSLv3) POODLE (TLS) Downgrade attack prevention SSL/TLS compression Supported t mitigated server-side (more info) SSL 3: 0x5, TLS 1.0: 0x2f, mitigated (more info) SSL 3: 0x5 (more info), TLS_FALLBACK_SCSV not supported (more info) RC4 INSECURE (more info) Heartbeat (extension) Heartbleed (vulnerability) OpenSSL CCS vuln. (CVE ) (more info) (more info) Forward Secrecy WEAK (more info) Application-Layer Protocol Negotiation (ALPN) Next Protocol Negotiation (NPN) Session resumption (caching) Session resumption (tickets) OCSP stapling Strict Transport Security (HSTS) (IDs assigned but not accepted) HSTS Preloading t in: Chrome Edge Firefox IE Tor Public Key Pinning (HPKP) Public Key Pinning Report-Only Long handshake intolerance TLS extension intolerance TLS version intolerance Incorrect SNI alerts Uses common DH primes DH public server param (Ys) reuse SSL 2 handshake compatibility, DHE suites not supported, DHE suites not supported Miscellaneous Test date Sun, 03 Jan :33:49 UTC 4 of 5 03/01/16 15:36

5 Miscellaneous Test duration seconds HTTP status code 403 HTTP server signature Microsoft-IIS/7.5 Server hostname - SSL Report v Copyright Qualys, Inc. All Rights Reserved. Terms and Conditions 5 of 5 03/01/16 15:36

SSL Report: ebfl.srpskabanka.rs (91.240.6.48)

SSL Report: ebfl.srpskabanka.rs (91.240.6.48) Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > SSL Report: (91.240.6.48) Assessed on: Sun, 03 Jan 2016 15:46:07 UTC HIDDEN Clear cache Scan Another» Summary Overall