#2 sslyze [4] $ apt install python-pip $ pip install --upgrade setuptools $ pip install --upgrade sslyze $ python -m sslyze --regular 10.253.194.151:443 AVAILABLE PLUGINS ----------------- OpenSslCcsInjectionPlugin CompressionPlugin HeartbleedPlugin OpenSslCipherSuitesPlugin SessionRenegotiationPlugin FallbackScsvPlugin SessionResumptionPlugin HttpHeadersPlugin RobotPlugin CertificateInfoPlugin CHECKING HOST(S) AVAILABILITY ----------------------------- 10.253.194.151:443 => 10.253.194.151 SCAN RESULTS FOR 10.253.194.151:443 - 10.253.194.151 ---------------------------------------------------- * OpenSSL CCS Injection: OK - Not vulnerable to OpenSSL CCS injection * Session Renegotiation: Client-initiated Renegotiation: OK - Rejected Secure Renegotiation: OK - Supported * OpenSSL Heartbleed: OK - Not vulnerable to Heartbleed * Resumption Support: With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts). With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned. * SSLV3 Cipher Suites: Server rejected all cipher suites. * TLSV1 Cipher Suites: Server rejected all cipher suites. * SSLV2 Cipher Suites: Server rejected all cipher suites. * TLSV1_3 Cipher Suites: Server rejected all cipher suites. * Downgrade Attacks: TLS_FALLBACK_SCSV: OK - Supported * TLSV1_2 Cipher Suites: Forward Secrecy OK - Supported RC4 OK - Not Supported Preferred: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits HTTP 200 OK Accepted: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH-2048 bits 256 bits HTTP 200 OK TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH-256 bits 256 bits HTTP 200 OK TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDH-256 bits 256 bits HTTP 200 OK DHE_RSA_WITH_AES_256_CCM_8 - 256 bits HTTP 200 OK TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH-256 bits 256 bits HTTP 200 OK TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH-2048 bits 256 bits HTTP 200 OK TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-2048 bits 256 bits HTTP 200 OK TLS_DHE_RSA_WITH_AES_256_CCM - 256 bits HTTP 200 OK TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH-256 bits 128 bits HTTP 200 OK TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH-2048 bits 128 bits HTTP 200 OK * ROBOT Attack: OK - Not vulnerable, RSA cipher suites not supported * Deflate Compression: OK - Compression disabled * TLSV1_1 Cipher Suites: Server rejected all cipher suites. * Certificate Information: Content SHA1 Fingerprint: 79af5ab28acdf6c880cf5bd9da2a6acb4dfc46bf Common Name: 10.253.194.151 Issuer: 10.253.194.151 Serial Number: 56128595917874360689874067407377294145249645142 Not Before: 2019-07-15 06:08:16 Not After: 2020-07-14 06:08:16 Signature Algorithm: sha256 Public Key Algorithm: RSA Key Size: 2048 Exponent: 65537 (0x10001) DNS Subject Alternative Names: [] Trust Hostname Validation: OK - Certificate matches 10.253.194.151 Android CA Store (8.1.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate iOS CA Store (11): FAILED - Certificate is NOT Trusted: self signed certificate Java CA Store (jre-10.0.2): FAILED - Certificate is NOT Trusted: self signed certificate macOS CA Store (High Sierra): FAILED - Certificate is NOT Trusted: self signed certificate Mozilla CA Store (2018-04-12): FAILED - Certificate is NOT Trusted: self signed certificate Windows CA Store (2018-06-30): FAILED - Certificate is NOT Trusted: self signed certificate Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate Received Chain: 10.253.194.151 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?) Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?) Received Chain Order: OK - Order is valid Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?) Extensions OCSP Must-Staple: NOT SUPPORTED - Extension not found Certificate Transparency: NOT SUPPORTED - Extension not found OCSP Stapling NOT SUPPORTED - Server did not send back an OCSP response SCAN COMPLETED IN 0.47 S