Professional Documents
Culture Documents
com Contact
Youarehere:Home>Projects>SSLServerTest>fayte.com
SSLReport:fayte.com(52.36.204.59)
Assessedon:Fri,12May201705:20:25UTC|Hide|Clearcache ScanAnother
Summary
OverallRating
Certificate
C ProtocolSupport
KeyExchange
CipherStrength
0 20 40 60 80 100
Visitourdocumentationpageformoreinformation,configurationguides,andbooks.Knownissuesaredocumentedhere.
ThisserverisvulnerabletothePOODLEattack.Ifpossible,disableSSL3tomitigate.GradecappedtoC.MOREINFO
ThisserveracceptsRC4cipher,butonlywitholderprotocols.GradecappedtoB.MOREINFO
TheserverdoesnotsupportForwardSecrecywiththereferencebrowsers.MOREINFO
Certificate#1:RSA2048bits(SHA256withRSA)
ServerKeyandCertificate#1
fayte.com
Subject FingerprintSHA256:9e73c1b60f2196517a1a1ef4d23ed1fa4aa59116809c318072eef09ec6a8f4e4
PinSHA256:VHk5Zwqm3fmOMHvqOlh4xqDSWWDz4FeDnek5vkQlLp8=
Commonnames fayte.com
Alternativenames fayte.comwww.fayte.com
Validfrom Fri,14Apr201700:00:00UTC
Validuntil Wed,06Jun201823:59:59UTC(expiresin1year)
Key RSA2048bits(e65537)
Weakkey(Debian) No
COMODORSADomainValidationSecureServerCA
Issuer
AIA:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
Signaturealgorithm SHA256withRSA
ExtendedValidation No
CertificateTransparency No
OCSPMustStaple No
CRL,OCSP
Revocationinformation CRL:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
OCSP:http://ocsp.comodoca.com
Revocationstatus Good(notrevoked)
DNSCAA No(moreinfo)
Trusted Yes
AdditionalCertificates(ifsupplied)
Certificatesprovided 3(4295bytes)
Chainissues None
#2
COMODORSADomainValidationSecureServerCA
Subject FingerprintSHA256:02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0
PinSHA256:klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=
Validuntil Sun,11Feb202923:59:59UTC(expiresin11yearsand8months)
Key RSA2048bits(e65537)
Issuer COMODORSACertificationAuthority
Signaturealgorithm SHA384withRSA
#3
COMODORSACertificationAuthority
Subject FingerprintSHA256:4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da
PinSHA256:grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=
Validuntil Sat,30May202010:48:38UTC(expiresin3years)
Key RSA4096bits(e65537)
Issuer AddTrustExternalCARoot
Signaturealgorithm SHA384withRSA
CertificationPaths
Clickheretoexpand
Configuration
Protocols
TLS1.2 Yes
TLS1.1 Yes
TLS1.0 Yes
SSL3INSECURE Yes
SSL2 No
CipherSuites
#TLS1.2(serverhasnopreference)
TLS_RSA_WITH_3DES_EDE_CBC_SHA(0xa)WEAK 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(0x16)DH2048bitsFSWEAK 112
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(0xc012)ECDHsecp256r1(eq.3072bitsRSA)FSWEAK 112
TLS_RSA_WITH_AES_128_CBC_SHA(0x2f) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x33)DH2048bitsFS 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(0x41) 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(0x45)DH2048bitsFS 128
TLS_RSA_WITH_SEED_CBC_SHA(0x96) 128
TLS_DHE_RSA_WITH_SEED_CBC_SHA(0x9a)DH2048bitsFS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013)ECDHsecp256r1(eq.3072bitsRSA)FS 128
TLS_RSA_WITH_AES_128_CBC_SHA256(0x3c) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x67)DH2048bitsFS 128
TLS_RSA_WITH_AES_128_GCM_SHA256(0x9c) 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x9e)DH2048bitsFS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xc027)ECDHsecp256r1(eq.3072bitsRSA)FS 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xc02f)ECDHsecp256r1(eq.3072bitsRSA)FS 128
CipherSuites
TLS_RSA_WITH_RC4_128_SHA(0x5)INSECURE 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xc011)ECDHsecp256r1(eq.3072bitsRSA)FSINSECURE 128
TLS_RSA_WITH_AES_256_CBC_SHA(0x35) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x39)DH2048bitsFS 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(0x84) 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(0x88)DH2048bitsFS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xc014)ECDHsecp256r1(eq.3072bitsRSA)FS 256
TLS_RSA_WITH_AES_256_CBC_SHA256(0x3d) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x6b)DH2048bitsFS 256
TLS_RSA_WITH_AES_256_GCM_SHA384(0x9d) 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x9f)DH2048bitsFS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xc028)ECDHsecp256r1(eq.3072bitsRSA)FS 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xc030)ECDHsecp256r1(eq.3072bitsRSA)FS 256
#TLS1.1(serverhasnopreference)
#TLS1.0(serverhasnopreference)
#SSL3(serverhasnopreference)
HandshakeSimulation
ClientabortsonSNIunrecognized_namewarning
Java7u25
RSA2048(SHA256)|TLS1.0|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA|ECDHsecp256r1
ClientabortsonSNIunrecognized_namewarning
Java8u31
RSA2048(SHA256)|TLS1.2|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|ECDHsecp256r1
(1)ClientsthatdonotsupportForwardSecrecy(FS)areexcludedwhendeterminingsupportforit.
(2)NosupportforvirtualSSLhosting(SNI).ConnectstothedefaultsiteiftheserverusesSNI.
(3)Onlyfirstconnectionattemptsimulated.Browserssometimesretrywithalowerprotocolversion.
(R)Denotesareferencebrowserorclient,withwhichweexpectbettereffectivesecurity.
(All)Weusedefaults,butsomeplatformsdonotusetheirbestprotocolsandfeatures(e.g.,Java6&7,olderIE).
ProtocolDetails
No,serverkeysandhostnamenotseenelsewherewithSSLv2
(1)Forabetterunderstandingofthistest,pleasereadthislongerexplanation
DROWN
(2)KeyusagedatakindlyprovidedbytheCensysnetworksearchengineoriginalDROWNtesthere
(3)Censysdataisonlyindicativeofpossiblekeyandcertificatereusepossiblyoutofdateandnotcomplete
SecureRenegotiation Supported
SecureClientInitiatedRenegotiation No
InsecureClientInitiatedRenegotiation No
BEASTattack Notmitigatedserverside(moreinfo)SSL3:0xa,TLS1.0:0xa
POODLE(SSLv3) VulnerableINSECURE(moreinfo)SSL3:0xa
POODLE(TLS) No(moreinfo)
Downgradeattackprevention Yes,TLS_FALLBACK_SCSVsupported(moreinfo)
SSL/TLScompression No
RC4 YesINSECURE(moreinfo)
Heartbeat(extension) Yes
Heartbleed(vulnerability) No(moreinfo)
Ticketbleed(vulnerability) No(moreinfo)
OpenSSLCCSvuln.(CVE20140224) No(moreinfo)
OpenSSLPaddingOraclevuln.
No(moreinfo)
(CVE20162107)
ForwardSecrecy Withsomebrowsers(moreinfo)
ALPN No
NPN No
Sessionresumption(caching) Yes
Sessionresumption(tickets) Yes
OCSPstapling No
StrictTransportSecurity(HSTS) No
ProtocolDetails
HSTSPreloading Notin:ChromeEdgeFirefoxIE
PublicKeyPinning(HPKP) No(moreinfo)
PublicKeyPinningReportOnly No
PublicKeyPinning(Static) No(moreinfo)
Longhandshakeintolerance No
TLSextensionintolerance No
TLSversionintolerance No
IncorrectSNIalerts fayte.com
UsescommonDHprimes No
DHpublicserverparam(Ys)reuse No
ECDHpublicserverparamreuse No
SupportedECNamedCurves secp256r1
SSL2handshakecompatibility Yes
HTTPRequests
1 https://fayte.com/(HTTP/1.1200OK)
Date Fri,12May201705:19:33GMT
Server Apache/2.4.7(Ubuntu)
XPoweredBy PHP/5.5.91ubuntu4.17
PHPSESSID=smg7hc04pbjqnstj79mapem1b3expires=Fri,12May201708:19:33GMT
SetCookie
MaxAge=10800path=/
1 Expires Thu,19Nov198108:52:00GMT
CacheControl nostore,nocache,mustrevalidate,postcheck=0,precheck=0
Pragma nocache
Vary AcceptEncoding
Connection close
ContentType text/html
Miscellaneous
Testdate Fri,12May201705:19:15UTC
Testduration 70.661seconds
HTTPstatuscode 200
HTTPserversignature Apache/2.4.7(Ubuntu)
Serverhostname ec2523620459.uswest2.compute.amazonaws.com
SSLReportv1.28.5
Copyright20092017Qualys,Inc.AllRightsReserved. TermsandConditions
Qualysistheleadingproviderofintegratedassetdiscovery,networksecurity,threatprotection,compliancemonitoringandwebapplicationsecuritysolutions.