SSL Report: okidirect.co.uk (84.18.207.58)



Similar documents
SSL Report: ebfl.srpskabanka.rs ( )

Is Your SSL Website and Mobile App Really Secure?

SSL BEST PRACTICES OVERVIEW

SSL implementieren aber sicher!

SSL Server Rating Guide

Introduction. Purpose. Background. Details

Internet SSL Survey 2010! Black Hat USA 2010

Cleaning Encrypted Traffic

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Security Protocols/Standards

HTTPS is Fast and Hassle-free with CloudFlare

Secure, insecure, secure, insecure: The ongoing saga of the SSL/TLS protocol. Dr Douglas Stebila

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

Fast, Scalable And Secure Web Hosting For Entrepreneurs

Client System Requirements for Brainloop Secure Dataroom as of Version 8.30

A Study of What Really Breaks SSL HITB Amsterdam 2011

Intro to AppDynamics with SSL

SSL and Browsers: The Pillars of Broken Security

Mobile Services Security: Mobile Platform Security. AF Security

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Implementation Vulnerabilities in SSL/TLS

Maximizing Performance with SPDY & SSL. Billy Hoffman

Integrated SSL Scanning

SSL/TLS: The Ugly Truth

NetScaler. Web Service Availability and Security

SSL: Paved With Good Intentions. Richard Moore

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

MatrixSSL Developer's Guide Version 3.7

SSL GOOD PRACTICE GUIDE

Automated Vulnerability Scan Results

SSL GOOD PRACTICE GUIDE

Lecture 7: Transport Level Security SSL/TLS. Course Admin

SSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust

ATS Test Documentation

Secure Sockets Layer

Summary of Results. NGINX SSL Performance

Thierry ZOLLER Principal Security Consultant

Tidspunkt : : :59 (49 dag(e)) Operativsystem (OS) fordelt på browsere Total: Safari9 ios %

Configuring SSL Termination

Integrated SSL Scanning

SEZ SEZ Online Manual- DSC Signing with Java Applet. V Version 1.0 ersion 1.0

TLS/SSL hardening and compatibility Report 2011

PCI Compliance Considerations

Securing VMware View Communication Channels with SSL Certificates TECHNICAL WHITE PAPER

Einführung in SSL mit Wireshark

Release Notes. Platform Compatibility. Supported Operating Systems and Browsers: AMC. WorkPlace

Certificate technology on Pulse Secure Access

SSL Certificate Verification

ISY994 Series Network Security Configuration Guide Requires firmware version Requires Java 1.7+

UserGuide ReflectionPKIServicesManager

Creating and Managing Certificates for My webmethods Server. Version 8.2 and Later

Click Start > Control Panel > System icon to open System Properties dialog box. Click Advanced > Environment Variables.

TLS all the tubes! TLS Fast Yet? IsWebRTC. It can be. Making TLS fast(er)... the nuts and bolts. +Ilya

TLS Specification for Storage Systems

Vulnerabilità dei protocolli SSL/TLS

Harden SSL/TLS v1.01. Windows hardening tool. Thierry ZOLLER.

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

PROCEDURE FOR UPDATING LISTS THROUGH WEB INTERFACE

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Information. Questions will be answered at the end. Please submit questions to Erick Mendoza using the chat function.

Secure Web Access Solution

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Public Key Infrastructures

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Certificate technology on Junos Pulse Secure Access

This section includes troubleshooting topics about certificates.

Internet Banking System Web Application Penetration Test Report

What s New in Security

IPv4 Shortage Multiple SSL Certificates on a single IP address

Cisco AnyConnect VPN Client Installation Guide for Single Factor Authentication: Windows

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

Lesson 10: Attacks to the SSL Protocol

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

present the complete guide to ssl and seo

Contact Information. Document Number: Document Revision: SSL Proxy Deployment Guide SGOS 5.1.4

Securing REST APIs with SSL/TLS

MitM attacks on multi-platform banking applications

New CICS support for Secure Sockets Layer

Low-Level TLS Hacking

Security. Learning Objectives. This module will help you...

The IVE also supports using the following additional features with CA certificates:

SSL Handshake Analysis

Spikes Security Isla Browser Isolation System. Prepared for Spikes Security

Key Management and Distribution

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

SSL Certificates in IPBrick

Crypto at Scale. Brian Sniffen

Credit Card Retrieval API Implementation Guide This guide illustrates how to implement the Credit Card Retrieval API.

Bugzilla ID: Bugzilla Summary:

SSL: Secure Socket Layer

Internet Engineering Task Force (IETF) Request for Comments: Category: Standards Track ISSN: A. Langley Google June 2015

What s Your HTTPS Grade? A Case Study of HTTPS/SSL at Mid Michigan Community College. Brandon bkish@midmich.edu

SBClient SSL. Ehab AbuShmais

Release Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7/v1.8

Certificates and network security

Public Key Infrastructure (PKI)

Implementing Secure Sockets Layer on iseries

Contents. Before You Install Server Installation Configuring Print Audit Secure... 10

Transcription:

Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > okidirect.co.uk SSL Report: okidirect.co.uk (84.18.207.58) Assessed on: Fri, 26 Jun 2015 12:51:45 UTC HIDDEN Clear cache Scan Another» Summary Overall Rating Certificate 100 Protocol Support 95 Key Exchange 90 Cipher Strength 90 0 20 40 60 80 100 Visit our documentation page for more information, configuration guides, and books. Known issues are documented here. Intermediate certificate has a weak signature. When renewing, ensure you upgrade to an all-sha2 chain. MORE INFO» This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO» The server does not support Forward Secrecy with the reference browsers. MORE INFO» This site works only in browsers with SNI support. This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. Authentication Server Key and Certificate #1 Common names Alternative names Prefix handling Valid from okidirect.co.uk Both (with and without WWW) Mon, 05 Jan 201520:16:16 UTC Sat, 09 Jan 201603:51:44 UTC (expires in 6 months and 13 days) Weak key (Debian) Extended Validation Certificate Transparency Revocation information Revocation status Trusted SHA256withRSA CRL, OCSP Good (not revoked) Additional Certificates (if supplied) Certificates provided Chain issues 3 (3180 bytes) ne

Additional Certificates (if supplied) #2 Subject Fri, 20 May 2022 21:39:32 UTC (expires in 6 years and 10 months) SHA256withRSA #3 Subject Fingerprint: 7359755c6df9a0abc3060bce369564c8ec4542a3 Tue, 21 Aug 2018 04:00:00 UTC (expires in 3 years and 1 month) Equifax / Equifax Secure Certificate Authority SHA1withRSA WEAK Certification Paths Path #1: Trusted 1 Sent by server 2 Sent by server 3 In trust store Fingerprint: a329ae77e13c60c29bf28c0858eb75e93a923795 Self-signed Fingerprint: de28f4a4ffe5b92fa3c503d1a349a7f9962a8212 RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate Path #2: Trusted 1 Sent by server 2 Sent by server 3 Sent by server 4 In trust store Fingerprint: a329ae77e13c60c29bf28c0858eb75e93a923795 Fingerprint: 7359755c6df9a0abc3060bce369564c8ec4542a3 RSA 2048 bits (e 65537) / SHA1withRSA WEAK SIGNATURE Equifax / Equifax Secure Certificate Authority Self-signed Fingerprint: d23209ad23d314232174e40d7f9d62139786633a RSA 1024 bits (e 65537) / SHA1withRSA WEAK KEY IN MOZILLA'S TRUST STORE MORE INFO» Weak or insecure signature, but no impact on root certificate Configuration Protocols TLS 1.2 TLS 1.1 TLS 1.0 SSL 3 SSL 2

Cipher Suites (sorted by strength; the server has no preference) TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128 TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128 TLS_RSA_WITH_IDEA_CBC_SHA (0x7) 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128 TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH 256 bits (eq. 3072 bits RSA) FS 112 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256 Handshake Simulation Android 2.3.7 SNI 2 Incorrect certificate because this client doesn't support SNI Fail 2 Android 4.0.4 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.1.1 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.2.2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.3 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.4.2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 Android 5.0.0 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Baidu Jan 2015 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 BingPreview Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 Chrome 42 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 31.3.0 ESR / Win 7 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 37 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Googlebot Feb 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 IE 6 / XP FS 1 SNI 2 Protocol or cipher suite mismatch Fail 3 IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) FS 128 IE 8 / XP FS 1 SNI 2 Incorrect certificate because this client doesn't support SNI Fail 2 IE 8-10 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) FS 128 IE 11 / Win 7 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 IE 11 / Win 8.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) FS 128 IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Java 6u45 SNI 2 Incorrect certificate because this client doesn't support SNI Fail 2 Java 7u25 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Java 8u31 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 OpenSSL 0.9.8y TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) FS 256 OpenSSL 1.0.1l R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 OpenSSL 1.0.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256

Handshake Simulation Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Safari 6 / ios 6.0.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 6.0.4 / OS X 10.8.4 R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Safari 7 / ios 7.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 7 / OS X 10.9 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 8 / ios 8.1.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 8 / OS X 10.10 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Yahoo Slurp Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 YandexBot Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). Protocol Details Secure Renegotiation Secure Client-Initiated Renegotiation Supported Insecure Client-Initiated Renegotiation BEAST attack POODLE (SSLv3) POODLE (TLS) Downgrade attack prevention TLS compression RC4 Heartbeat (extension) Heartbleed (vulnerability) OpenSSL CCS vuln. (CVE-2014-0224) Forward Secrecy Next Protocol Negotiation (NPN) Session resumption (caching) Session resumption (tickets) OCSP stapling Strict Transport Security (HSTS) Public Key Pinning (HPKP) Long handshake intolerance TLS extension intolerance TLS version intolerance t mitigated server-side (more info) TLS 1.0: 0x7, SSL 3 not supported (more info) (more info), TLS_FALLBACK_SCSV supported (more info) WEAK (more info) (more info) (more info) With some browsers (more info) Incorrect SNI alerts - Uses common DH prime SSL 2 handshake compatibility Miscellaneous Test date Test duration Fri, 26 Jun 2015 12:49:36 UTC 128.769 seconds HTTP status code 200 HTTP server signature Server hostname Apache durian.active-ns.com SSL Report v1.18.1

Copyright 2009-2015 Qualys, Inc. All Rights Reserved. Terms and Conditions

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information