testssl.sh


No engine or GOST support via engine with your /usr/bin/openssl

###########################################################
    testssl.sh       3.0 from https://testssl.sh/

      This program is free software. Distribution and
             modification under GPLv2 permitted.
      USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2k-fips  26 Jan 2017" [~118 ciphers]
 on s1008:/usr/bin/openssl
 (built: "reproducible build, date unspecified", platform: "linux-x86_64")


 Start 2020-06-25 11:07:14        --\>\> 202.33.167.141:443 (bank-chukai-vpn.smbcnikko.co.jp) \<\<--

 rDNS (202.33.167.141):  --
 Service detected:       HTTP


 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered (deprecated)
 TLS 1.1    offered (deprecated)
 TLS 1.2    offered (OK)
 TLS 1.3    not offered and downgraded to a weaker protocol
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Testing cipher categories 

 NULL ciphers (no encryption)                  not offered (OK)
 Anonymous NULL Ciphers (no authentication)    not offered (OK)
 Export ciphers (w/o ADH+NULL)                 not offered (OK)
 LOW: 64 Bit + DES, RC[2,4] (w/o export)       not offered (OK)
 Triple DES Ciphers / IDEA                     not offered
 Obsolete: SEED + 128+256 Bit CBC cipher       offered
 Strong encryption (AEAD ciphers)              offered (OK)


 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 

 PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384
                              ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-GCM-SHA384
                              DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA
                              ECDHE-RSA-AES128-GCM-SHA256
                              ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256
                              DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA 
 Elliptic curves offered:     prime256v1 
 DH group offered:            RFC2409/Oakley Group 2 (1024 bits)

 Testing server preferences 

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Cipher order
    TLSv1:     DHE-RSA-AES256-SHA AES256-SHA DHE-RSA-AES128-SHA AES128-SHA 
    TLSv1.1:   DHE-RSA-AES256-SHA AES256-SHA DHE-RSA-AES128-SHA AES128-SHA