No engine or GOST support via engine with your /usr/bin/openssl ########################################################### testssl.sh 3.0 from https://testssl.sh/ This program is free software. Distribution and modification under GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Please file bugs @ https://testssl.sh/bugs/ ########################################################### Using "OpenSSL 1.0.2k-fips 26 Jan 2017" [~118 ciphers] on s1008:/usr/bin/openssl (built: "reproducible build, date unspecified", platform: "linux-x86_64") Start 2020-03-14 14:53:37 --\>\> 210.197.64.173:443 (direct.tos.hirogin.co.jp) \<\<-- rDNS (210.197.64.173): 210197064173.cidr.odn.ne.jp. Service detected: HTTP Testing protocols via sockets except NPN+ALPN SSLv2 not offered (OK) SSLv3 offered (NOT ok) TLS 1 offered (deprecated) TLS 1.1 offered (deprecated) TLS 1.2 offered (OK) TLS 1.3 not offered and downgraded to a weaker protocol NPN/SPDY not offered ALPN/HTTP2 not offered Testing cipher categories NULL ciphers (no encryption) not offered (OK) Anonymous NULL Ciphers (no authentication) not offered (OK) Export ciphers (w/o ADH+NULL) not offered (OK) LOW: 64 Bit + DES, RC[2,4] (w/o export) offered (NOT ok) Triple DES Ciphers / IDEA offered Obsolete: SEED + 128+256 Bit CBC cipher offered Strong encryption (AEAD ciphers) offered (OK) Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 No ciphers supporting Forward Secrecy offered Testing server preferences Has server cipher order? yes (OK) Negotiated protocol TLSv1.2 Negotiated cipher AES128-GCM-SHA256 Cipher order SSLv3: AES128-SHA AES256-SHA RC4-SHA RC4-MD5 DES-CBC3-SHA TLSv1: AES128-SHA AES256-SHA RC4-SHA RC4-MD5 DES-CBC3-SHA TLSv1.1: AES128-SHA AES256-SHA RC4-SHA RC4-MD5 DES-CBC3-SHA TLSv1.2: AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA Testing server defaults (Server Hello) TLS extensions (standard) "renegotiation info/#65281" "max fragment length/#1" Session Ticket RFC 5077 hint no -- no lifetime advertised SSL Session ID support yes Session Resumption Tickets no, ID: yes TLS clock skew Random values, no fingerprinting possible Signature Algorithm SHA256 with RSA Server key size RSA 2048 bits Server key usage Digital Signature, Key Encipherment Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication Serial / Fingerprints 050664D1DBA7646D7EA2633DA33A69AA / SHA1 79AC739D18244DD49CE4251D630A37146B81E7DA SHA256 F57F3F426F1F25F7A5A2580FB587D54A09F0905CE0B7B5EE043086F54710288D Common Name (CN) direct.tos.hirogin.co.jp subjectAltName (SAN) direct.tos.hirogin.co.jp Issuer DigiCert SHA2 Extended Validation Server CA (DigiCert Inc from US) Trust (hostname) Ok via SAN (same w/o SNI) Chain of trust Ok EV cert (experimental) yes ETS/\"eTLS\", visibility info not present Certificate Validity (UTC) 345 \>= 60 days (2020-01-26 09:00 --> 2021-02-22 21:00) # of certificates provided 4 Certificate Revocation List http://crl3.digicert.com/sha2-ev-server-g2.crl http://crl4.digicert.com/sha2-ev-server-g2.crl OCSP URI http://ocsp.digicert.com OCSP stapling not offered OCSP must staple extension -- DNS CAA RR (experimental) not offered Certificate Transparency yes (certificate extension) Testing HTTP header response @ \"/\" HTTP Status Code 302 Found, redirecting to "/index.html" HTTP clock skew 0 sec from localtime Strict Transport Security not offered Public Key Pinning -- Server banner (no "Server" line in header, interesting!) Application banner -- Cookie(s) (none issued at "/") -- maybe better try target URL of 30x Security headers -- Reverse Proxy banner -- Testing vulnerabilities Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension CCS (CVE-2014-0224) not vulnerable (OK) Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension ROBOT not vulnerable (OK) Secure Renegotiation (RFC 5746) supported (OK) Secure Client-Initiated Renegotiation not vulnerable (OK) CRIME, TLS (CVE-2012-4929) not vulnerable (OK) BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested POODLE, SSL (CVE-2014-3566) VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below) TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention NOT supported and vulnerable to POODLE SSL SWEET32 (CVE-2016-2183, CVE-2016-6329) VULNERABLE, uses 64 bit block ciphers FREAK (CVE-2015-0204) not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services https://censys.io/ipv4?q=F57F3F426F1F25F7A5A2580FB587D54A09F0905CE0B7B5EE043086F54710288D could help you to find out LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2 BEAST (CVE-2011-3389) SSL3: AES128-SHA AES256-SHA DES-CBC3-SHA TLS1: AES128-SHA AES256-SHA DES-CBC3-SHA VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated) LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches RC4 (CVE-2013-2566, CVE-2015-2808) VULNERABLE (NOT ok): RC4-SHA RC4-MD5 Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) ----------------------------------------------------------------------------------------------------------------------------- x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5 x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA Running client simulations (HTTP) via sockets Android 4.4.2 TLSv1.2 AES128-GCM-SHA256, No FS Android 5.0.0 TLSv1.2 AES128-GCM-SHA256, No FS Android 6.0 TLSv1.2 AES128-GCM-SHA256, No FS Android 7.0 TLSv1.2 AES128-GCM-SHA256, No FS Android 8.1 (native) TLSv1.2 AES128-GCM-SHA256, No FS Android 9.0 (native) TLSv1.2 AES128-GCM-SHA256, No FS Android 10.0 (native) TLSv1.2 AES128-GCM-SHA256, No FS Chrome 74 (Win 10) TLSv1.2 AES128-GCM-SHA256, No FS Chrome 79 (Win 10) TLSv1.2 AES128-GCM-SHA256, No FS Firefox 66 (Win 8.1/10) TLSv1.2 AES128-SHA, No FS Firefox 71 (Win 10) TLSv1.2 AES128-SHA, No FS IE 6 XP SSLv3 RC4-SHA, No FS IE 8 Win 7 TLSv1.0 AES128-SHA, No FS IE 8 XP TLSv1.0 RC4-SHA, No FS IE 11 Win 7 TLSv1.2 AES128-GCM-SHA256, No FS IE 11 Win 8.1 TLSv1.2 AES128-GCM-SHA256, No FS IE 11 Win Phone 8.1 TLSv1.2 AES128-SHA256, No FS IE 11 Win 10 TLSv1.2 AES128-GCM-SHA256, No FS Edge 15 Win 10 TLSv1.2 AES128-GCM-SHA256, No FS Edge 17 (Win 10) TLSv1.2 AES128-GCM-SHA256, No FS Opera 66 (Win 10) TLSv1.2 AES128-GCM-SHA256, No FS Safari 9 iOS 9 TLSv1.2 AES128-GCM-SHA256, No FS Safari 9 OS X 10.11 TLSv1.2 AES128-GCM-SHA256, No FS Safari 10 OS X 10.12 TLSv1.2 AES128-GCM-SHA256, No FS Safari 12.1 (iOS 12.2) TLSv1.2 AES128-GCM-SHA256, No FS Safari 13.0 (macOS 10.14.6) TLSv1.2 AES128-GCM-SHA256, No FS Apple ATS 9 iOS 9 No connection Java 6u45 TLSv1.0 AES128-SHA, No FS Java 7u25 TLSv1.0 AES128-SHA, No FS Java 8u161 TLSv1.2 AES128-GCM-SHA256, No FS Java 11.0.2 (OpenJDK) TLSv1.2 AES128-GCM-SHA256, No FS Java 12.0.1 (OpenJDK) TLSv1.2 AES128-GCM-SHA256, No FS OpenSSL 1.0.2e TLSv1.2 AES128-GCM-SHA256, No FS OpenSSL 1.1.0l (Debian) TLSv1.2 AES128-GCM-SHA256, No FS OpenSSL 1.1.1d (Debian) TLSv1.2 AES128-GCM-SHA256, No FS Thunderbird (68.3) TLSv1.2 AES128-SHA, No FS Done 2020-03-14 14:54:54 [ 79s] --\>\> 210.197.64.173:443 (direct.tos.hirogin.co.jp) \<\<--