SSL Report:
+ luxeylab.net
+ (92.243.8.85)
+
+ Assessed on: Fri, 17 Jul 2020 14:00:40 UTC
+ | Hide
+ | Clear cache
+
+
+
+ + +
+
+ Due to a recently discovered bug in Apple's code, your browser is exposed to MITM attacks. Click here for more information.
+
+
+
+
+
+ +
+
+
+
+
+
+
+
+
+
+
+
+Summary
+
+
+ +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ 20
+ 40
+ 60
+ 80
+ 100
+
+
+
+
+
+
+
+ Certificate
+
+
+
+
+ Protocol Support
+
+
+
+
+ Key Exchange
+
+
+
+ Cipher Strength
+ + +
+ Visit our documentation page
+ for more information, configuration guides, and books. Known issues are documented
+ here.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This server supports TLS 1.0 and TLS 1.1.
+ Grade capped to B. MORE INFO »
+
+
+
+
+
+
+
+
+
+
+ This server supports TLS 1.3.
+
+
+
+
+
+
+ HTTP Strict Transport Security (HSTS) with long duration deployed on this server.
+ MORE INFO »
+
+
+
+
+
+
+
+
+
+ Certificate #1: RSA 2048 bits (SHA256withRSA)
+
+
+
+
+
+
+
+
+
+
+ + +
+
+
+
+
+ + +
+
+
+
+
+
+
+
+
+ Server Key and Certificate #1
+
+
+
+ |
+ |
Subject | +
+ luxeylab.net
+ + Fingerprint SHA256: 3173b385c4db4e0d5ef8ea7cadf3f3a84d099e3dbcb8f507ea194a820855e7aa + Pin SHA256: sx2MqZVMZMHAz7CFZCV2Ki38O1PPMUDVWrwUhTgKppY= + + |
+
Common names | +luxeylab.net | +
Alternative names | +luxeylab.net www.luxeylab.net | +
Serial Number | +043611de408f4c669e3a0228a186b6025229 | +
Valid from | +Thu, 11 Jun 2020 15:50:01 UTC | +
Valid until | +Wed, 09 Sep 2020 15:50:01 UTC (expires in 1 month and 23 days) | +
Key | +RSA 2048 bits + (e 65537) | +
Weak key (Debian) | +No | +
Issuer | +Let's Encrypt Authority X3 + AIA: http://cert.int-x3.letsencrypt.org/ + + + |
+
Signature algorithm | +SHA256withRSA | +
Extended Validation | +No | +
Certificate Transparency | +Yes + (certificate) | +
OCSP Must Staple | +No | +
Revocation information | +
+ OCSP + OCSP: http://ocsp.int-x3.letsencrypt.org + + + |
+
Revocation status | +Good (not revoked) + + + + + | +
DNS CAA | +No (more info) | +
Trusted | +Yes
+ + Mozilla + Apple + Android + Java + Windows + + |
+
+
+ + +
+ Additional Certificates (if supplied)
+
+
+
+ |
+ |
Certificates provided | +2 (2557 bytes) | +
Chain issues | +None | +
#2 | |
Subject | +Let's Encrypt Authority X3 + + Fingerprint SHA256: 25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d + Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg= |
+
Valid until | +Wed, 17 Mar 2021 16:40:46 UTC (expires in 8 months) | +
Key | +RSA 2048 bits + (e 65537) | +
Issuer | +DST Root CA X3 | +
Signature algorithm | ++ SHA256withRSA | + + +
+ + +
+ + + + Certification Paths | +
+
+
+
+
+ Configuration
+
+
+
+
+
+
+
+
+
+ + + +
+
+
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+
+ + + + +
+
+
+
+
+
+
+
+
+ + +
+
+
+
+
+ +
+ Protocols | +|
TLS 1.3 | +Yes | +
TLS 1.2 | +Yes | +
TLS 1.1 | +Yes | +
TLS 1.0 | +Yes + |
SSL 3 | +No | +
SSL 2 | +No | +
+ + + +
Cipher Suites | +||
+
+
+ # TLS 1.3 (suites in server-preferred order)
+
+ |
+ ||
+ TLS_AES_256_GCM_SHA384 (0x1302 )
+
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+
+
+ |
+ 256 | +|
+ TLS_CHACHA20_POLY1305_SHA256 (0x1303 )
+
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+
+
+ |
+ 256 | +|
+ TLS_AES_128_GCM_SHA256 (0x1301 )
+
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+
+
+ |
+ 128 | +|
+
+
+ # TLS 1.2 (suites in server-preferred order)
+
+ |
+ ||
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030 )
+
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+
+
+ |
+ 256 | +|
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f )
+
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+
+
+ |
+ 128 | +|
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f )
+
+
+
+ DH 2048 bits FS
+
+
+ |
+ 256 | +|
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e )
+
+
+
+ DH 2048 bits FS
+
+
+ |
+ 128 | +|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028 )
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+ WEAK
+ |
+ 256 | + +|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014 )
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+ WEAK
+ |
+ 256 | + +|
+ TLS_DHE_RSA_WITH_AES_256_CCM_8 (0xc0a3 )
+
+
+
+ DH 2048 bits FS
+
+
+ |
+ 256 | +|
+ TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f )
+
+
+
+ DH 2048 bits FS
+
+
+ |
+ 256 | +|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b )
+
+
+ DH 2048 bits FS
+ WEAK
+ |
+ 256 | + +|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39 )
+
+
+ DH 2048 bits FS
+ WEAK
+ |
+ 256 | + +|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027 )
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+ WEAK
+ |
+ 128 | + +|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013 )
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+ WEAK
+ |
+ 128 | + +|
+ TLS_DHE_RSA_WITH_AES_128_CCM_8 (0xc0a2 )
+
+
+
+ DH 2048 bits FS
+
+
+ |
+ 128 | +|
+ TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e )
+
+
+
+ DH 2048 bits FS
+
+
+ |
+ 128 | +|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67 )
+
+
+ DH 2048 bits FS
+ WEAK
+ |
+ 128 | + +|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33 )
+
+
+ DH 2048 bits FS
+ WEAK
+ |
+ 128 | + +|
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d )
+ WEAK
+ |
+ 256 | + +|
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c )
+ WEAK
+ |
+ 128 | + +|
TLS_RSA_WITH_AES_256_CCM_8 (0xc0a1 )
+ WEAK
+ |
+ 256 | + +|
TLS_RSA_WITH_AES_256_CCM (0xc09d )
+ WEAK
+ |
+ 256 | + +|
TLS_RSA_WITH_AES_128_CCM_8 (0xc0a0 )
+ WEAK
+ |
+ 128 | + +|
TLS_RSA_WITH_AES_128_CCM (0xc09c )
+ WEAK
+ |
+ 128 | + +|
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d )
+ WEAK
+ |
+ 256 | + +|
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c )
+ WEAK
+ |
+ 128 | + +|
TLS_RSA_WITH_AES_256_CBC_SHA (0x35 )
+ WEAK
+ |
+ 256 | + +|
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f )
+ WEAK
+ |
+ 128 | + +|
+
+
+ # TLS 1.1 (suites in server-preferred order)
+
+ |
+ ||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014 )
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+ WEAK
+ |
+ 256 | + +|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39 )
+
+
+ DH 2048 bits FS
+ WEAK
+ |
+ 256 | + +|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013 )
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+ WEAK
+ |
+ 128 | + +|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33 )
+
+
+ DH 2048 bits FS
+ WEAK
+ |
+ 128 | + +|
TLS_RSA_WITH_AES_256_CBC_SHA (0x35 )
+ WEAK
+ |
+ 256 | + +|
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f )
+ WEAK
+ |
+ 128 | + +|
+
+
+ # TLS 1.0 (suites in server-preferred order)
+
+ |
+ ||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014 )
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+ WEAK
+ |
+ 256 | + +|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39 )
+
+
+ DH 2048 bits FS
+ WEAK
+ |
+ 256 | + +|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013 )
+ ECDH secp384r1 (eq. 7680 bits RSA) FS
+ WEAK
+ |
+ 128 | + +|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33 )
+
+
+ DH 2048 bits FS
+ WEAK
+ |
+ 128 | + +|
TLS_RSA_WITH_AES_256_CBC_SHA (0x35 )
+ WEAK
+ |
+ 256 | + +|
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f )
+ WEAK
+ |
+ 128 | + +
+ + +
Handshake Simulation | +|||
+ Android 2.3.7 + No SNI 2 | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_DHE_RSA_WITH_AES_128_CBC_SHA + + + + DH 2048 + + + + FS + + + | + + + +
+ Android 4.0.4 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 4.1.1 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 4.2.2 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 4.3 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 4.4.2 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 5.0.0 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 6.0 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 7.0 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 8.0 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 8.1 + | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Android 9.0 + | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Baidu Jan 2015 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ BingPreview Jan 2015 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Chrome 49 / XP SP3 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Chrome 69 / Win 7 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Chrome 70 / Win 10 + | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Chrome 80 / Win 10 + R | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Firefox 31.3.0 ESR / Win 7 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Firefox 47 / Win 7 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Firefox 49 / XP SP3 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Firefox 62 / Win 7 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Firefox 73 / Win 10 + R | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Googlebot Feb 2018 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ IE 7 / Vista + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ IE 8 / XP + No FS 1 No SNI 2 | + +
+ Server sent fatal alert: handshake_failure + + + + |
+
+
+ ||
+ IE 8-10 / Win 7 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ IE 11 / Win 7 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + + + + DH 2048 + + + + FS + + + | + + + +
+ IE 11 / Win 8.1 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + + + + DH 2048 + + + + FS + + + | + + + +
+ IE 10 / Win Phone 8.0 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ IE 11 / Win Phone 8.1 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ IE 11 / Win Phone 8.1 Update + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + + + + DH 2048 + + + + FS + + + | + + + +
+ IE 11 / Win 10 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Edge 15 / Win 10 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Edge 16 / Win 10 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Edge 18 / Win 10 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Edge 13 / Win Phone 10 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Java 6u45 + No SNI 2 | + +
+ Client does not support DH parameters > 1024 bits + + RSA 2048 (SHA256) + | + + TLS 1.0 + + | + + TLS_DHE_RSA_WITH_AES_128_CBC_SHA + + | DH 2048 + + + |
+
+
+ ||
+ Java 7u25 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Java 8u161 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Java 11.0.3 + | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Java 12.0.1 + | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ OpenSSL 0.9.8y + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA + + + + DH 2048 + + + + FS + + + | + + + +
+ OpenSSL 1.0.1l + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ OpenSSL 1.0.2s + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ OpenSSL 1.1.0k + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ OpenSSL 1.1.1c + R | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 5.1.9 / OS X 10.6.8 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 6 / iOS 6.0.1 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 6.0.4 / OS X 10.8.4 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.0 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 7 / iOS 7.1 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 7 / OS X 10.9 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 8 / iOS 8.4 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 8 / OS X 10.10 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 9 / iOS 9 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 9 / OS X 10.11 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 10 / iOS 10 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 10 / OS X 10.12 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 12.1.2 / MacOS 10.14.6 Beta + R | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Safari 12.1.1 / iOS 12.3.1 + R | + + ++ - + + | + ++ TLS 1.3 + + + | + ++ TLS_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Apple ATS 9 / iOS 9 + R | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + > http/1.1 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ Yahoo Slurp Jan 2015 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+ YandexBot Jan 2015 + | + + ++ RSA 2048 (SHA256) + + | + ++ TLS 1.2 + + + | + ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + + + + + ECDH secp384r1 + + + FS + + + | + + + +
+
+
+ # Not simulated clients (Protocol mismatch)
+ |
+ |||
+ IE 6 / XP + No FS 1 No SNI 2 | + +
+ Protocol mismatch (not simulated) + + + + |
+
+
+ ||
+ | +|||
+ (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. + | |||
+ (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. + | |||
+ (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version. + | |||
+ (R) Denotes a reference browser or client, with which we expect better effective security. + | |||
+ (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). + | |||
+ (All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. + |
+ + +
Protocol Details | +||||||
DROWN | +No, server keys and hostname not seen elsewhere with SSLv2 +
|
+ |||||
Secure Renegotiation | +Supported | +|||||
Secure Client-Initiated Renegotiation | +No | +|||||
Insecure Client-Initiated Renegotiation | +No | +|||||
BEAST attack | +
+ Not mitigated server-side (more info)
+ TLS 1.0: 0xc014
+ |
+ |||||
POODLE (SSLv3) | ++ No, SSL 3 not supported (more info) + | +|||||
POODLE (TLS) | ++ No + (more info) + | +|||||
Zombie POODLE | +No (more info)
+ TLS 1.2 : 0xc014 |
+ |||||
GOLDENDOODLE | +No (more info)
+ TLS 1.2 : 0xc014 |
+ |||||
OpenSSL 0-Length | +No (more info)
+ TLS 1.2 : 0xc014 |
+ |||||
Sleeping POODLE | +No (more info)
+ TLS 1.2 : 0xc014 |
+ |||||
Downgrade attack prevention | ++ Yes, TLS_FALLBACK_SCSV supported (more info) + | +|||||
SSL/TLS compression | +No | +|||||
RC4 | +No | +|||||
Heartbeat (extension) | +No | +|||||
Heartbleed (vulnerability) | +No (more info) | +|||||
Ticketbleed (vulnerability) | +No (more info) | +|||||
OpenSSL CCS vuln. (CVE-2014-0224) | +No (more info) | +|||||
OpenSSL Padding Oracle vuln. (CVE-2016-2107) |
+ No (more info) | +|||||
ROBOT (vulnerability) | +No (more info) | +|||||
Forward Secrecy | +Yes (with most browsers) + ROBUST (more info) | +|||||
ALPN | +Yes + http/1.1 + | +|||||
NPN | +Yes + http/1.1 + | +|||||
Session resumption (caching) | +Yes | +|||||
Session resumption (tickets) | +No | +|||||
OCSP stapling | +Yes + + | +|||||
Strict Transport Security (HSTS) | +Yes max-age=63072000; includeSubDomains; + |
+ |||||
HSTS Preloading | ++ + + + + Not in: + Chrome + Edge + Firefox + IE + + + | +|||||
Public Key Pinning (HPKP) | +No (more info) | +|||||
Public Key Pinning Report-Only | +No | +|||||
Public Key Pinning (Static) | +No (more info) | +|||||
Long handshake intolerance | +No | +|||||
TLS extension intolerance | +No | +|||||
TLS version intolerance | ++ + + + + + No | +|||||
Incorrect SNI alerts | +No | +|||||
Uses common DH primes | +No | +|||||
DH public server param (Ys) reuse | +No | +|||||
ECDH public server param reuse | +No | +|||||
Supported Named Groups | ++ secp384r1 | +|||||
SSL 2 handshake compatibility | +Yes | +|||||
0-RTT enabled | +No | +
+ + + + +
+ + + HTTP Requests + | +
+
+ 1 https://luxeylab.net/
+ (HTTP/1.1 200 OK)
+
+ | ||
+ 1 + | +||
Server | +nginx | +|
Date | +Fri, 17 Jul 2020 13:58:12 GMT | +|
Content-Type | +text/html; charset=utf-8 | +|
Content-Length | +1834 | +|
Last-Modified | +Mon, 20 Apr 2020 13:05:21 GMT | +|
Connection | +close | +|
Vary | +Accept-Encoding | +|
ETag | +"5e9d9e11-72a" | +|
Strict-Transport-Security | +max-age=63072000; includeSubDomains; | +|
X-Content-Type-Options | +nosniff | +|
X-XSS-Protection | +1; mode=block | +|
X-Download-Options | +noopen | +|
X-Permitted-Cross-Domain-Policies | +none | +|
Accept-Ranges | +bytes | +
+ + +
Miscellaneous | +|
Test date | +Fri, 17 Jul 2020 13:58:02 UTC | +
Test duration | +157.610 seconds | +
HTTP status code | ++ 200 + | +
HTTP server signature | +nginx | +
Server hostname | +xvm-8-85.dc0.ghst.net | +
+ +
SSL Report v2.1.5
+ +