SCAN RESULTS FOR 10.253.194.151:443 - 10.253.194.151
----------------------------------------------------
* OpenSSL CCS Injection: OK - Not vulnerable to OpenSSL CCS injection
* Session Renegotiation: Client-initiated Renegotiation: OK - Rejected
Secure Renegotiation: OK - Supported
* OpenSSL Heartbleed: OK - Not vulnerable to Heartbleed
* Resumption Support:
With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
* SSLV3 Cipher Suites:
Server rejected all cipher suites.
* TLSV1 Cipher Suites:
Server rejected all cipher suites.
* SSLV2 Cipher Suites:
Server rejected all cipher suites.
* TLSV1_3 Cipher Suites:
Server rejected all cipher suites.
* Downgrade Attacks: TLS_FALLBACK_SCSV: OK - Supported
* TLSV1_2 Cipher Suites:
Forward Secrecy OK - Supported
RC4 OK - Not Supported
Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits HTTP 200 OK
Accepted: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-2048 bits 256 bits HTTP 200 OK TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits HTTP 200 OK TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits HTTP 200 OK DHE_RSA_WITH_AES_256_CCM_8 - 256 bits HTTP 200 OK TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits HTTP 200 OK TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-2048 bits 256 bits HTTP 200 OK TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-2048 bits 256 bits HTTP 200 OK TLS_DHE_RSA_WITH_AES_256_CCM - 256 bits HTTP 200 OK TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits HTTP 200 OK TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-2048 bits 128 bits HTTP 200 OK
* ROBOT Attack: OK - Not vulnerable, RSA cipher suites not supported
* Deflate Compression: OK - Compression disabled
* TLSV1_1 Cipher Suites:
Server rejected all cipher suites.
* Certificate Information:
Content
SHA1 Fingerprint: 79af5ab28acdf6c880cf5bd9da2a6acb4dfc46bf
Common Name: 10.253.194.151
Issuer: 10.253.194.151
Serial Number: 56128595917874360689874067407377294145249645142
Not Before: 2019-07-15 06:08:16
Not After: 2020-07-14 06:08:16
Signature Algorithm: sha256
Public Key Algorithm: RSA
Key Size: 2048
Exponent: 65537 (0x10001)
DNS Subject Alternative Names: []
Trust
Hostname Validation: OK - Certificate matches 10.253.194.151
Android CA Store (8.1.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
iOS CA Store (11): FAILED - Certificate is NOT Trusted: self signed certificate
Java CA Store (jre-10.0.2): FAILED - Certificate is NOT Trusted: self signed certificate
macOS CA Store (High Sierra): FAILED - Certificate is NOT Trusted: self signed certificate
Mozilla CA Store (2018-04-12): FAILED - Certificate is NOT Trusted: self signed certificate
Windows CA Store (2018-06-30): FAILED - Certificate is NOT Trusted: self signed certificate
Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
Received Chain: 10.253.194.151
Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
Received Chain Order: OK - Order is valid
Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
Extensions
OCSP Must-Staple: NOT SUPPORTED - Extension not found
Certificate Transparency: NOT SUPPORTED - Extension not found
OCSP Stapling NOT SUPPORTED - Server did not send back an OCSP response
#2 sslyze [4]
$ apt install python-pip
$ pip install --upgrade setuptools
$ pip install --upgrade sslyze
$ python -m sslyze --regular 10.253.194.151:443
AVAILABLE PLUGINS
-----------------
OpenSslCcsInj ectionPlugin SuitesPlugin tiationPlugin lugin tionPlugin foPlugin
CompressionPlugin
HeartbleedPlugin
OpenSslCipher
SessionRenego
FallbackScsvP
SessionResump
HttpHeadersPlugin
RobotPlugin
CertificateIn
CHECKING HOST(S) AVAILABILITY ------- ------- ------- --
------
10.253. 194.151: 443 => 10.253.194.151
SCAN RESULTS FOR 10.253.194.151:443 - 10.253.194.151 ------- ------- ------- ------- ------- ------- ----
------
* OpenSSL CCS Injection:
OK - Not vulnerable to OpenSSL CCS injection
* Session Renegotiation:
Client- initiated Renegotiation: OK - Rejected
Secure Renegotiation: OK - Supported
* OpenSSL Heartbleed:
OK - Not vulnerable to Heartbleed
* Resumption Support:
With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
* SSLV3 Cipher Suites:
Server rejected all cipher suites.
* TLSV1 Cipher Suites:
Server rejected all cipher suites.
* SSLV2 Cipher Suites:
Server rejected all cipher suites.
* TLSV1_3 Cipher Suites:
Server rejected all cipher suites.
* Downgrade Attacks:
TLS_FALLBACK_ SCSV: OK - Supported
* TLSV1_2 Cipher Suites:
Forward Secrecy OK - Supported
RC4 OK - Not Supported
Preferred:
TLS_ECDHE_ RSA_WITH_ AES_256_ GCM_SHA384 ECDH-256 bits 256 bits HTTP 200 OK
TLS_DHE_ RSA_WITH_ AES_256_ CBC_SHA256 DH-2048 bits 256 bits HTTP 200 OK
TLS_ECDHE_ RSA_WITH_ AES_256_ CBC_SHA ECDH-256 bits 256 bits HTTP 200 OK
TLS_ECDHE_ RSA_WITH_ AES_256_ CBC_SHA384 ECDH-256 bits 256 bits HTTP 200 OK
DHE_RSA_ WITH_AES_ 256_CCM_ 8 - 256 bits HTTP 200 OK
TLS_ECDHE_ RSA_WITH_ AES_256_ GCM_SHA384 ECDH-256 bits 256 bits HTTP 200 OK
TLS_DHE_ RSA_WITH_ AES_256_ GCM_SHA384 DH-2048 bits 256 bits HTTP 200 OK
TLS_DHE_ RSA_WITH_ AES_256_ CBC_SHA DH-2048 bits 256 bits HTTP 200 OK
TLS_DHE_ RSA_WITH_ AES_256_ CCM - 256 bits HTTP 200 OK
TLS_ECDHE_ RSA_WITH_ AES_128_ GCM_SHA256 ECDH-256 bits 128 bits HTTP 200 OK
TLS_DHE_ RSA_WITH_ AES_128_ GCM_SHA256 DH-2048 bits 128 bits HTTP 200 OK
Accepted:
* ROBOT Attack:
OK - Not vulnerable, RSA cipher suites not supported
* Deflate Compression:
OK - Compression disabled
* TLSV1_1 Cipher Suites:
Server rejected all cipher suites.
* Certificate Information: 880cf5bd9da2a6a cb4dfc46bf 606898740674073 772941452496451 42
Content
SHA1 Fingerprint: 79af5ab28acdf6c
Common Name: 10.253.194.151
Issuer: 10.253.194.151
Serial Number: 561285959178743
Not Before: 2019-07-15 06:08:16
Not After: 2020-07-14 06:08:16
Signature Algorithm: sha256
Public Key Algorithm: RSA
Key Size: 2048
Exponent: 65537 (0x10001)
DNS Subject Alternative Names: []
Trust
Hostname Validation: OK - Certificate matches 10.253.194.151
Android CA Store (8.1.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
iOS CA Store (11): FAILED - Certificate is NOT Trusted: self signed certificate
Java CA Store (jre-10.0.2): FAILED - Certificate is NOT Trusted: self signed certificate
macOS CA Store (High Sierra): FAILED - Certificate is NOT Trusted: self signed certificate
Mozilla CA Store (2018-04-12): FAILED - Certificate is NOT Trusted: self signed certificate
Windows CA Store (2018-06-30): FAILED - Certificate is NOT Trusted: self signed certificate
Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
Received Chain: 10.253.194.151
Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
Received Chain Order: OK - Order is valid
Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
Extensions
OCSP Must-Staple: NOT SUPPORTED - Extension not found
Certificate Transparency: NOT SUPPORTED - Extension not found
OCSP Stapling
NOT SUPPORTED - Server did not send back an OCSP response
SCAN COMPLETED IN 0.47 S