SSL Report: ebanking.aikbanka.rs ( )

Similar documents
SSL Report: ebfl.srpskabanka.rs ( )

SSL Report: okidirect.co.uk ( )

Is Your SSL Website and Mobile App Really Secure?

SSL BEST PRACTICES OVERVIEW

SSL Server Rating Guide

SSL implementieren aber sicher!

Introduction. Purpose. Background. Details

Cleaning Encrypted Traffic

Internet SSL Survey 2010! Black Hat USA 2010

Security Protocols/Standards

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

HTTPS is Fast and Hassle-free with CloudFlare

Maximizing Performance with SPDY & SSL. Billy Hoffman

Thierry ZOLLER Principal Security Consultant

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

SSL and Browsers: The Pillars of Broken Security

Implementation Vulnerabilities in SSL/TLS

A Study of What Really Breaks SSL HITB Amsterdam 2011

Fast, Scalable And Secure Web Hosting For Entrepreneurs

MatrixSSL Developer's Guide Version 3.7

Secure Sockets Layer

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

ATS Test Documentation

Lecture 7: Transport Level Security SSL/TLS. Course Admin

What s New in Security

Integrated SSL Scanning

PCI Compliance Considerations

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

SSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust

Client System Requirements for Brainloop Secure Dataroom as of Version 8.30

Summary of Results. NGINX SSL Performance

SSL GOOD PRACTICE GUIDE

SSL Handshake Analysis

Harden SSL/TLS v1.01. Windows hardening tool. Thierry ZOLLER.

TLS all the tubes! TLS Fast Yet? IsWebRTC. It can be. Making TLS fast(er)... the nuts and bolts. +Ilya

SSL/TLS: The Ugly Truth

Cisco AnyConnect VPN Client Installation Guide for Single Factor Authentication: Windows

TLS/SSL hardening and compatibility Report 2011

SSL: Paved With Good Intentions. Richard Moore

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Spikes Security Isla Browser Isolation System. Prepared for Spikes Security

NetScaler. Web Service Availability and Security

Configuring SSL Termination

SSL GOOD PRACTICE GUIDE

Internet Engineering Task Force (IETF) Request for Comments: Category: Standards Track ISSN: A. Langley Google June 2015

Integrated SSL Scanning

Low-Level TLS Hacking

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

What s Your HTTPS Grade? A Case Study of HTTPS/SSL at Mid Michigan Community College. Brandon bkish@midmich.edu

Einführung in SSL mit Wireshark

Intro to AppDynamics with SSL

Mobile Services Security: Mobile Platform Security. AF Security

ISY994 Series Network Security Configuration Guide Requires firmware version Requires Java 1.7+

IPv4 Shortage Multiple SSL Certificates on a single IP address

Automated Vulnerability Scan Results

Security. Learning Objectives. This module will help you...

Secure, insecure, secure, insecure: The ongoing saga of the SSL/TLS protocol. Dr Douglas Stebila

SSL Certificate Verification

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

SBClient SSL. Ehab AbuShmais

MitM attacks on multi-platform banking applications

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Securing VMware View Communication Channels with SSL Certificates TECHNICAL WHITE PAPER

TLS Specification for Storage Systems

New CICS support for Secure Sockets Layer

SSL: Secure Socket Layer

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Network Security Essentials Chapter 5

Key Management and Distribution

present the complete guide to ssl and seo

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Best Practice Guide (SSL Implementation) for Mobile App Development 最 佳 行 事 指 引. Jointly published by. Publication version 1.

Public Key Infrastructure (PKI)

Information Security

SSL Protect your users, start with yourself

Overview. SSL Cryptography Overview CHAPTER 1

Click Start > Control Panel > System icon to open System Properties dialog box. Click Advanced > Environment Variables.

SSL Enforcer Documentation

Tidspunkt : : :59 (49 dag(e)) Operativsystem (OS) fordelt på browsere Total: Safari9 ios %

IIS Reverse Proxy Implementation

Vulnerabilità dei protocolli SSL/TLS

GNUTLS. a Transport Layer Security Library This is a Draft document Applies to GnuTLS by Nikos Mavroyanopoulos

Displaying SSL Certificate and Key Pair Information

Smart Card Authentication. Administrator's Guide

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Rocket UniData. Security Features. Version December 2015 UDT-811 SECU-1

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

SEZ SEZ Online Manual- DSC Signing with Java Applet. V Version 1.0 ersion 1.0

Insecure network services

Creating and Managing Certificates for My webmethods Server. Version 8.2 and Later

Crypto at Scale. Brian Sniffen

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications

PROCEDURE FOR UPDATING LISTS THROUGH WEB INTERFACE

Securing REST APIs with SSL/TLS

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

[SMO-SFO-ICO-PE-046-GU-

Transcription:

Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > SSL Report: (213.240.51.166) Assessed on: Sun, 03 Jan 2016 14:36:01 UTC HIDDEN Clear cache Scan Another» Summary Overall Rating Certificate F Protocol Support Key Exchange Cipher Strength 0 20 40 60 80 100 Visit our documentation page for more information, configuration guides, and books. Known issues are documented here. This server supports SSL 2, which is obsolete and insecure. Grade set to F. This server uses SSL 3, which is obsolete and insecure. Grade capped to B. MORE INFO» The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO» This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B. MORE INFO» The server does not support Forward Secrecy with the reference browsers. MORE INFO» Authentication Server Key and Certificate #1 Common names Alternative names Prefix handling Valid from www. Both (with and without WWW) Fri, 13 v 2015 07:14:38 UTC Mon, 28 v 2016 19:26:40 UTC (expires in 10 months and 25 days) Weak key (Debian) Extended Validation Certificate Transparency Revocation information Revocation status Trusted CRL, OCSP Good (not revoked) 1 of 5 03/01/16 15:36

Additional Certificates (if supplied) Certificates provided Chain issues 3 (3735 bytes) ne #2 Sat, 03 May 2031 07:00:00 UTC (expires in 15 years and 3 months) #3 Fingerprint SHA1: 340b2880f446fcc04e59ed33f52b3d08d6242964 Fri, 30 May 2031 07:00:00 UTC (expires in 15 years and 4 months) The Go Daddy Group, Inc. / Go Daddy Class 2 Certification Authority Certification Paths Path #1: Trusted 1 Sent by server 2 Sent by server 3 In trust store Self-signed Fingerprint SHA1: 47beabc922eae80e78783462a79f45c254fde68b Path #2: Trusted 1 Sent by server 2 Sent by server 3 Sent by server 4 In trust store Fingerprint SHA1: 340b2880f446fcc04e59ed33f52b3d08d6242964 The Go Daddy Group, Inc. / Go Daddy Class 2 Certification Authority Self-signed Fingerprint SHA1: 2796bae63f1801e277261ba0d77770028f20eee4 Pin SHA256: VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= RSA 2048 bits (e 3) / SHA1withRSA Weak or insecure signature, but no impact on root certificate Configuration Protocols 2 of 5 03/01/16 15:36

Protocols TLS 1.2 TLS 1.1 TLS 1.0 SSL 3 INSECURE SSL 2 INSECURE Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites at the end) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256 TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0) INSECURE 112 SSL_CK_RC4_128_WITH_MD5 (0x10080) INSECURE 128 Handshake Simulation Android 2.3.7 SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android 4.0.4 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android 4.1.1 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android 4.2.2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android 4.3 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android 4.4.2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Android 5.0.0 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Baidu Jan 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS BingPreview Jan 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Chrome 47 / OS X R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Firefox 31.3.0 ESR / Win 7 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Firefox 42 / OS X R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Googlebot Feb 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 6 / XP FS 1 SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_SHA RC4 IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 8 / XP FS 1 SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA RC4 IE 8-10 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win 8.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win Phone 8.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win Phone 8.1 Update R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS IE 11 / Win 10 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Edge 13 / Win 10 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Edge 13 / Win Phone 10 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Java 6u45 SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Java 7u25 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Java 8u31 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS OpenSSL 0.9.8y TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS OpenSSL 1.0.1l R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS OpenSSL 1.0.2 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS 3 of 5 03/01/16 15:36

Handshake Simulation Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 6 / ios 6.0.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 6.0.4 / OS X 10.8.4 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 7 / ios 7.1 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 7 / OS X 10.9 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 8 / ios 8.4 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 8 / OS X 10.10 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 9 / ios 9 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Safari 9 / OS X 10.11 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS Apple ATS 9 / ios 9 R Protocol or cipher suite mismatch TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDH secp256r1 Yahoo Slurp Jan 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS YandexBot Jan 2015 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA FS (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). Protocol Details Secure Renegotiation Secure Client-Initiated Renegotiation Insecure Client-Initiated Renegotiation BEAST attack POODLE (SSLv3) POODLE (TLS) Downgrade attack prevention SSL/TLS compression Supported t mitigated server-side (more info) SSL 3: 0x5, TLS 1.0: 0x2f, mitigated (more info) SSL 3: 0x5 (more info), TLS_FALLBACK_SCSV not supported (more info) RC4 INSECURE (more info) Heartbeat (extension) Heartbleed (vulnerability) OpenSSL CCS vuln. (CVE-2014-0224) (more info) (more info) Forward Secrecy WEAK (more info) Application-Layer Protocol Negotiation (ALPN) Next Protocol Negotiation (NPN) Session resumption (caching) Session resumption (tickets) OCSP stapling Strict Transport Security (HSTS) (IDs assigned but not accepted) HSTS Preloading t in: Chrome Edge Firefox IE Tor Public Key Pinning (HPKP) Public Key Pinning Report-Only Long handshake intolerance TLS extension intolerance TLS version intolerance Incorrect SNI alerts Uses common DH primes DH public server param (Ys) reuse SSL 2 handshake compatibility, DHE suites not supported, DHE suites not supported Miscellaneous Test date Sun, 03 Jan 2016 14:33:49 UTC 4 of 5 03/01/16 15:36

Miscellaneous Test duration 131.412 seconds HTTP status code 403 HTTP server signature Microsoft-IIS/7.5 Server hostname - SSL Report v1.21.13 Copyright 2009-2016 Qualys, Inc. All Rights Reserved. Terms and Conditions 5 of 5 03/01/16 15:36

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information