Академический Документы
Профессиональный Документы
Культура Документы
Test SSL/TLS implementation of any service on any port for compliance with PCI DSS requirements, HIPAA guidance and NIST
guidelines.
The server has TLS 1.0 enabled. It is non-compliant with NIST Non-compliant with PCI DSS and NIST
since SP 800-52 REV. 2 and non-compliant with PCI DSS since
the 30th of June 2018.
The server has TLS 1.1 enabled. NIST recommends to drop TLS Information
1.1 support since SP 800-52 REV. 2
CERTIFICATE CHAIN
Intermediate CA
*.thomann.de
Server certificate
All the certificates provided by the server are trusted. Good configuration
SUPPORTED CIPHERS
List of all cipher suites supported by the server:
TLSV1.2
TLSV1.1
TLSV1.0
SUPPORTED PROTOCOLS
List of all SSL/TLS protocols supported by the server:
GOLDENDOODLE
ZOMBIE POODLE
SLEEPING POODLE
0-LENGTH OPENSSL
CVE-2016-2107
The server is not vulnerable to OpenSSL padding-oracle flaw (CVE-2016- Not vulnerable
2107).
The server does not support client-initiated insecure renegotiation. Good configuration
ROBOT
The server is not vulnerable to ROBOT (Return Of Bleichenbacher's Oracle Not vulnerable
Threat) vulnerability.
HEARTBLEED
The server version of OpenSSL is not vulnerable to Heartbleed attack. Not vulnerable
CVE-2014-0224
The server is not vulnerable to CVE-2014-0224 (OpenSSL CCS flaw). Not vulnerable
All the X509 certificates provided by the server are in version 3. Good configuration
The server does not support OCSP stapling for its RSA certificate. Its support Non-compliant with HIPAA guidance
allows better verification of the certificate validation status.
SUPPORTED PROTOCOLS
List of all SSL/TLS protocols supported by the server:
SUPPORTED CIPHERS
List of all cipher suites supported by the server:
TLSV1.2
TLSV1.1
TLSV1.0
TLSV1.1 SUPPORTED
The server supports TLSv1.1 which is required minimum to comply with HIPAA Good configuration
guidance.
EC_POINT_FORMAT EXTENSION
All the X509 certificates provided by the server are in version 3. Good configuration
The server does not support OCSP stapling for its RSA certificate. Its support Non-compliant with NIST guidelines
allows better verification of the certificate validation status.
SUPPORTED CIPHERS
List of all cipher suites supported by the server:
TLSV1.2
TLSV1.1
TLSV1.0
SUPPORTED PROTOCOLS
List of all SSL/TLS protocols supported by the server:
TLSV1.1 SUPPORTED
The server supports TLSv1.1. It's still compliant, but NIST recommends to drop Information
TLS 1.1 support since SP 800-52 REV. 2
The server does not support TLSv1.3 which is the only version of TLS that Information
currently has no known flaws or exploitable weaknesses.
The server does not support Extended Master Secret extension for TLS vresions Non-compliant with NIST guidelines
≤ 1.2.
EC_POINT_FORMAT EXTENSION
DNSCAA
This domain does not have a Certification Authority Authorization (CAA) record. Information
The RSA certificate provided is NOT an Extended Validation (EV) certificate. Information
The server does not support TLSv1.3 which is the only version of TLS that Misconfiguration or weakness
currently has no known flaws or exploitable weaknesses.
TLSv1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Good configuration
For TLS family of protocols, the server prefers cipher suite(s) providing Perfect Good configuration
Forward Secrecy (PFS).
The HTTP version of the website does not redirect to the HTTPS version. We Misconfiguration or weakness
advise to enable redirection.
The server does not enforce HTTP Strict Transport Security. We advise to Misconfiguration or weakness
enable it to enforce the user to browse the website in HTTPS.
TLS_FALLBACK_SCSV
The server supports TLS_FALLBACK_SCSV extension for protocol downgrade Good configuration
attack prevention.
The server does not support client-initiated secure renegotiation. Good configuration