diff --git a/tests/tls.py b/tests/tls.py index 0c7b945..e06ddcc 100644 --- a/tests/tls.py +++ b/tests/tls.py @@ -17,7 +17,7 @@ # through some other host you can ssh into (maybe the box # itself?): # -# python3 --proxy user@ssh_host yourservername +# python3 tls.py --proxy user@ssh_host yourservername # # (This will launch "ssh -N -L10023:yourservername:testport user@ssh_host" # to create a tunnel.) diff --git a/tests/tls_results.txt b/tests/tls_results.txt index 33ebb7d..8747bac 100644 --- a/tests/tls_results.txt +++ b/tests/tls_results.txt @@ -13,18 +13,18 @@ PORT 25 * Session Resumption: With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts). - With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned. + With TLS Session Tickets: OK - Supported * SSLV2 Cipher Suites: Server rejected all cipher suites. * TLSV1_2 Cipher Suites: Preferred: - ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-GCM-SHA384 ECDH-521 bits 256 bits 250 2.0.0 Ok Accepted: - ECDHE-RSA-AES256-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA384 ECDH-521 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-GCM-SHA384 ECDH-521 bits 256 bits 250 2.0.0 Ok DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok DHE-RSA-AES256-SHA256 DH-2048 bits 256 bits 250 2.0.0 Ok DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok @@ -33,9 +33,9 @@ PORT 25 AES256-SHA256 - 256 bits 250 2.0.0 Ok AES256-SHA - 256 bits 250 2.0.0 Ok AES256-GCM-SHA384 - 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-GCM-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA256 ECDH-521 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-521 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-GCM-SHA256 ECDH-521 bits 128 bits 250 2.0.0 Ok DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok DHE-RSA-AES128-SHA256 DH-2048 bits 128 bits 250 2.0.0 Ok @@ -46,56 +46,47 @@ PORT 25 AES128-SHA256 - 128 bits 250 2.0.0 Ok AES128-SHA - 128 bits 250 2.0.0 Ok AES128-GCM-SHA256 - 128 bits 250 2.0.0 Ok - ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits 250 2.0.0 Ok - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits 250 2.0.0 Ok - DES-CBC3-SHA - 112 bits 250 2.0.0 Ok * TLSV1_1 Cipher Suites: Preferred: - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok Accepted: - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok AES256-SHA - 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-521 bits 128 bits 250 2.0.0 Ok DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok SEED-SHA - 128 bits 250 2.0.0 Ok CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok AES128-SHA - 128 bits 250 2.0.0 Ok - ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits 250 2.0.0 Ok - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits 250 2.0.0 Ok - DES-CBC3-SHA - 112 bits 250 2.0.0 Ok - - * TLSV1 Cipher Suites: - Preferred: - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok - Accepted: - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok - DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok - DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok - CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok - AES256-SHA - 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok - DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok - DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok - DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok - SEED-SHA - 128 bits 250 2.0.0 Ok - CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok - AES128-SHA - 128 bits 250 2.0.0 Ok - ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits 250 2.0.0 Ok - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits 250 2.0.0 Ok - DES-CBC3-SHA - 112 bits 250 2.0.0 Ok * SSLV3 Cipher Suites: Server rejected all cipher suites. + * TLSV1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-521 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + Should Not Offer: (none -- good) - Could Also Offer: DHE-DSS-AES128-GCM-SHA256, DHE-DSS-AES128-SHA, DHE-DSS-AES128-SHA256, DHE-DSS-AES256-GCM-SHA384, DHE-DSS-AES256-SHA, DHE-DSS-AES256-SHA256, DHE-DSS-CAMELLIA128-SHA, DHE-DSS-CAMELLIA256-SHA, DHE-DSS-SEED-SHA, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-DES-CBC3-SHA - Supported Clients: BingPreview/Jan 2015, OpenSSL/1.0.2, Yahoo Slurp/Jan 2015, OpenSSL/1.0.1l, YandexBot/Jan 2015, Android/4.4.2, Safari/7/iOS 7.1, Safari/8/iOS 8.1.2, Safari/6/iOS 6.0.1, Safari/7/OS X 10.9, Safari/8/OS X 10.10, Baidu/Jan 2015, Firefox/31.3.0 ESR/Win 7, IE/11/Win 7, IE/11/Win 8.1, IE Mobile/11/Win Phone 8.1, Java/8u31, Android/5.0.0, Googlebot/Feb 2015, Chrome/42/OS X, Android/4.1.1, Android/4.3, Android/4.0.4, Android/4.2.2, Safari/5.1.9/OS X 10.6.8, Safari/6.0.4/OS X 10.8.4, Firefox/37/OS X, OpenSSL/0.9.8y, Java/7u25, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, Android/2.3.7, Java/6u45, IE/8/XP + Could Also Offer: AES128-CCM, AES128-CCM8, AES256-CCM, AES256-CCM8, CAMELLIA128-SHA256, CAMELLIA256-SHA256, DHE-DSS-AES128-GCM-SHA256, DHE-DSS-AES128-SHA, DHE-DSS-AES128-SHA256, DHE-DSS-AES256-GCM-SHA384, DHE-DSS-AES256-SHA, DHE-DSS-AES256-SHA256, DHE-DSS-CAMELLIA128-SHA, DHE-DSS-CAMELLIA128-SHA256, DHE-DSS-CAMELLIA256-SHA, DHE-DSS-CAMELLIA256-SHA256, DHE-DSS-SEED-SHA, DHE-RSA-AES128-CCM, DHE-RSA-AES128-CCM8, DHE-RSA-AES256-CCM, DHE-RSA-AES256-CCM8, DHE-RSA-CAMELLIA128-SHA256, DHE-RSA-CAMELLIA256-SHA256, DHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-CCM, ECDHE-ECDSA-AES128-CCM8, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-CCM, ECDHE-ECDSA-AES256-CCM8, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-CAMELLIA128-SHA256, ECDHE-ECDSA-CAMELLIA256-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CAMELLIA128-SHA256, ECDHE-RSA-CAMELLIA256-SHA384, ECDHE-RSA-CHACHA20-POLY1305 + Supported Clients: Yahoo Slurp/Jan 2015, OpenSSL/1.0.2, BingPreview/Jan 2015, OpenSSL/1.0.1l, YandexBot/Jan 2015, Android/4.4.2, Safari/6/iOS 6.0.1, Safari/8/OS X 10.10, Safari/7/OS X 10.9, Safari/7/iOS 7.1, IE/11/Win 8.1, Safari/8/iOS 8.1.2, IE Mobile/11/Win Phone 8.1, IE/11/Win 7, Baidu/Jan 2015, Firefox/31.3.0 ESR/Win 7, Android/5.0.0, Chrome/42/OS X, Java/8u31, Googlebot/Feb 2015, Firefox/37/OS X, Android/4.3, Android/4.2.2, Safari/5.1.9/OS X 10.6.8, Android/4.0.4, Android/4.1.1, Safari/6.0.4/OS X 10.8.4, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, OpenSSL/0.9.8y, Java/7u25, Android/2.3.7, Java/6u45 PORT 587 -------- @@ -112,18 +103,18 @@ PORT 587 * Session Resumption: With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts). - With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned. + With TLS Session Tickets: OK - Supported * SSLV2 Cipher Suites: Server rejected all cipher suites. * TLSV1_2 Cipher Suites: Preferred: - ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-GCM-SHA384 ECDH-521 bits 256 bits 250 2.0.0 Ok Accepted: - ECDHE-RSA-AES256-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA384 ECDH-521 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-GCM-SHA384 ECDH-521 bits 256 bits 250 2.0.0 Ok DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok DHE-RSA-AES256-SHA256 DH-2048 bits 256 bits 250 2.0.0 Ok DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok @@ -132,9 +123,9 @@ PORT 587 AES256-SHA256 - 256 bits 250 2.0.0 Ok AES256-SHA - 256 bits 250 2.0.0 Ok AES256-GCM-SHA384 - 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-GCM-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA256 ECDH-521 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-521 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-GCM-SHA256 ECDH-521 bits 128 bits 250 2.0.0 Ok DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok DHE-RSA-AES128-SHA256 DH-2048 bits 128 bits 250 2.0.0 Ok @@ -148,31 +139,14 @@ PORT 587 * TLSV1_1 Cipher Suites: Preferred: - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok Accepted: - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok AES256-SHA - 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok - DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok - DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok - DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok - SEED-SHA - 128 bits 250 2.0.0 Ok - CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok - AES128-SHA - 128 bits 250 2.0.0 Ok - - * TLSV1 Cipher Suites: - Preferred: - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok - Accepted: - ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok - DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok - DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok - CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok - AES256-SHA - 256 bits 250 2.0.0 Ok - ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-521 bits 128 bits 250 2.0.0 Ok DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok @@ -183,9 +157,26 @@ PORT 587 * SSLV3 Cipher Suites: Server rejected all cipher suites. + * TLSV1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA ECDH-521 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-521 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + Should Not Offer: AES128-GCM-SHA256, AES128-SHA, AES128-SHA256, AES256-GCM-SHA384, AES256-SHA, AES256-SHA256, CAMELLIA128-SHA, CAMELLIA256-SHA, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA, DHE-RSA-AES256-SHA256, DHE-RSA-CAMELLIA128-SHA, DHE-RSA-CAMELLIA256-SHA, DHE-RSA-SEED-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, SEED-SHA - Could Also Offer: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384 - Supported Clients: BingPreview/Jan 2015, OpenSSL/1.0.2, Yahoo Slurp/Jan 2015, OpenSSL/1.0.1l, YandexBot/Jan 2015, Android/4.4.2, Safari/7/iOS 7.1, IE/11/Win 7, IE/11/Win 8.1, Safari/8/iOS 8.1.2, Safari/6/iOS 6.0.1, Safari/7/OS X 10.9, IE Mobile/11/Win Phone 8.1, Safari/8/OS X 10.10, Baidu/Jan 2015, Firefox/31.3.0 ESR/Win 7, Java/8u31, Android/5.0.0, Chrome/42/OS X, Googlebot/Feb 2015, Firefox/37/OS X, Android/4.1.1, Android/4.3, Android/4.0.4, Android/4.2.2, Safari/5.1.9/OS X 10.6.8, Safari/6.0.4/OS X 10.8.4, OpenSSL/0.9.8y, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, Java/7u25, Android/2.3.7, Java/6u45 + Could Also Offer: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305 + Supported Clients: Yahoo Slurp/Jan 2015, OpenSSL/1.0.2, BingPreview/Jan 2015, OpenSSL/1.0.1l, YandexBot/Jan 2015, Android/4.4.2, Safari/6/iOS 6.0.1, Safari/8/OS X 10.10, Safari/7/OS X 10.9, Safari/7/iOS 7.1, IE/11/Win 8.1, Safari/8/iOS 8.1.2, IE Mobile/11/Win Phone 8.1, IE/11/Win 7, Baidu/Jan 2015, Firefox/31.3.0 ESR/Win 7, Android/5.0.0, Chrome/42/OS X, Java/8u31, Googlebot/Feb 2015, Firefox/37/OS X, Android/4.3, Android/4.2.2, Safari/5.1.9/OS X 10.6.8, Android/4.0.4, Android/4.1.1, Safari/6.0.4/OS X 10.8.4, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, OpenSSL/0.9.8y, Java/7u25, Android/2.3.7, Java/6u45 PORT 443 -------- @@ -197,19 +188,19 @@ PORT 443 Client-initiated Renegotiations: OK - Rejected Secure Renegotiation: OK - Supported - * OpenSSL Heartbleed: - OK - Not vulnerable to Heartbleed - * HTTP Strict Transport Security: OK - HSTS header received: max-age=15768000 -Unhandled exception when processing --chrome_sha1: -exceptions.TypeError - Incorrect padding - * Session Resumption: With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts). With TLS Session Tickets: OK - Supported + * OpenSSL Heartbleed: + OK - Not vulnerable to Heartbleed + +Unhandled exception when processing --chrome_sha1: +exceptions.TypeError - Incorrect padding + * SSLV2 Cipher Suites: Server rejected all cipher suites. @@ -235,9 +226,6 @@ exceptions.TypeError - Incorrect padding AES128-SHA256 - 128 bits HTTP 200 OK AES128-SHA - 128 bits HTTP 200 OK AES128-GCM-SHA256 - 128 bits HTTP 200 OK - ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits HTTP 200 OK - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits HTTP 200 OK - DES-CBC3-SHA - 112 bits HTTP 200 OK * TLSV1_1 Cipher Suites: Preferred: @@ -249,9 +237,9 @@ exceptions.TypeError - Incorrect padding ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK AES128-SHA - 128 bits HTTP 200 OK - ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits HTTP 200 OK - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits HTTP 200 OK - DES-CBC3-SHA - 112 bits HTTP 200 OK + + * SSLV3 Cipher Suites: + Server rejected all cipher suites. * TLSV1 Cipher Suites: Preferred: @@ -262,17 +250,11 @@ exceptions.TypeError - Incorrect padding AES256-SHA - 256 bits HTTP 200 OK ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK - AES128-SHA - 128 bits HTTP 200 OK - ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits HTTP 200 OK - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits HTTP 200 OK - DES-CBC3-SHA - 112 bits HTTP 200 OK - - * SSLV3 Cipher Suites: - Server rejected all cipher suites. + AES128-SHA - 128 bits HTTP 200 OK Should Not Offer: (none -- good) - Could Also Offer: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-DES-CBC3-SHA - Supported Clients: BingPreview/Jan 2015, OpenSSL/1.0.2, YandexBot/Jan 2015, OpenSSL/1.0.1l, Yahoo Slurp/Jan 2015, Android/4.4.2, Safari/7/iOS 7.1, Safari/8/iOS 8.1.2, Safari/6/iOS 6.0.1, Safari/7/OS X 10.9, Safari/8/OS X 10.10, IE/11/Win 7, IE/11/Win 8.1, IE Mobile/11/Win Phone 8.1, Java/8u31, Android/5.0.0, Googlebot/Feb 2015, Firefox/31.3.0 ESR/Win 7, Chrome/42/OS X, Baidu/Jan 2015, Android/4.1.1, Android/4.3, Android/4.0.4, Android/4.2.2, Safari/5.1.9/OS X 10.6.8, Safari/6.0.4/OS X 10.8.4, Firefox/37/OS X, OpenSSL/0.9.8y, Java/7u25, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, Java/6u45, Android/2.3.7, IE/8/XP + Could Also Offer: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305 + Supported Clients: Yahoo Slurp/Jan 2015, OpenSSL/1.0.2, YandexBot/Jan 2015, BingPreview/Jan 2015, OpenSSL/1.0.1l, Android/4.4.2, Safari/6/iOS 6.0.1, Safari/8/OS X 10.10, Safari/7/OS X 10.9, Safari/7/iOS 7.1, IE/11/Win 8.1, Safari/8/iOS 8.1.2, IE Mobile/11/Win Phone 8.1, IE/11/Win 7, Android/5.0.0, Chrome/42/OS X, Java/8u31, Googlebot/Feb 2015, Firefox/31.3.0 ESR/Win 7, Firefox/37/OS X, Android/4.3, Android/4.2.2, Baidu/Jan 2015, Safari/5.1.9/OS X 10.6.8, Android/4.0.4, Android/4.1.1, Safari/6.0.4/OS X 10.8.4, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, OpenSSL/0.9.8y, Java/7u25, Android/2.3.7, Java/6u45 PORT 993 -------- @@ -286,13 +268,13 @@ _nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected rec * OpenSSL Heartbleed: OK - Not vulnerable to Heartbleed - * SSLV2 Cipher Suites: - Server rejected all cipher suites. - * Session Resumption: With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts). With TLS Session Tickets: NOT SUPPORTED - TLS ticket assigned but not accepted. + * SSLV2 Cipher Suites: + Server rejected all cipher suites. + * TLSV1_2 Cipher Suites: Preferred: ECDHE-RSA-AES128-GCM-SHA256 ECDH-384 bits 128 bits @@ -315,9 +297,6 @@ _nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected rec AES128-SHA256 - 128 bits AES128-SHA - 128 bits AES128-GCM-SHA256 - 128 bits - ECDHE-RSA-DES-CBC3-SHA ECDH-384 bits 112 bits - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits - DES-CBC3-SHA - 112 bits * TLSV1_1 Cipher Suites: Preferred: @@ -329,9 +308,9 @@ _nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected rec ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits DHE-RSA-AES128-SHA DH-2048 bits 128 bits AES128-SHA - 128 bits - ECDHE-RSA-DES-CBC3-SHA ECDH-384 bits 112 bits - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits - DES-CBC3-SHA - 112 bits + + * SSLV3 Cipher Suites: + Server rejected all cipher suites. * TLSV1 Cipher Suites: Preferred: @@ -342,17 +321,11 @@ _nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected rec AES256-SHA - 256 bits ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits DHE-RSA-AES128-SHA DH-2048 bits 128 bits - AES128-SHA - 128 bits - ECDHE-RSA-DES-CBC3-SHA ECDH-384 bits 112 bits - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits - DES-CBC3-SHA - 112 bits + AES128-SHA - 128 bits - * SSLV3 Cipher Suites: - Server rejected all cipher suites. - - Should Not Offer: AES128-GCM-SHA256, AES128-SHA, AES128-SHA256, AES256-GCM-SHA384, AES256-SHA, AES256-SHA256, DES-CBC3-SHA, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA, DHE-RSA-AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA - Could Also Offer: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384 - Supported Clients: BingPreview/Jan 2015, OpenSSL/1.0.2, YandexBot/Jan 2015, OpenSSL/1.0.1l, Yahoo Slurp/Jan 2015, Android/4.4.2, Safari/7/iOS 7.1, Safari/8/iOS 8.1.2, Safari/6/iOS 6.0.1, Safari/7/OS X 10.9, Safari/8/OS X 10.10, IE/11/Win 7, IE/11/Win 8.1, IE Mobile/11/Win Phone 8.1, Java/8u31, Android/5.0.0, Googlebot/Feb 2015, Firefox/31.3.0 ESR/Win 7, Chrome/42/OS X, Baidu/Jan 2015, Android/4.1.1, Android/4.3, Android/4.0.4, Android/4.2.2, Safari/5.1.9/OS X 10.6.8, Safari/6.0.4/OS X 10.8.4, Firefox/37/OS X, OpenSSL/0.9.8y, Java/7u25, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, Java/6u45, Android/2.3.7, IE/8/XP + Should Not Offer: AES128-GCM-SHA256, AES128-SHA, AES128-SHA256, AES256-GCM-SHA384, AES256-SHA, AES256-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA, DHE-RSA-AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA + Could Also Offer: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305 + Supported Clients: Yahoo Slurp/Jan 2015, OpenSSL/1.0.2, YandexBot/Jan 2015, BingPreview/Jan 2015, OpenSSL/1.0.1l, Android/4.4.2, Safari/6/iOS 6.0.1, Safari/8/OS X 10.10, Safari/7/OS X 10.9, Safari/7/iOS 7.1, IE/11/Win 8.1, Safari/8/iOS 8.1.2, IE Mobile/11/Win Phone 8.1, IE/11/Win 7, Android/5.0.0, Chrome/42/OS X, Java/8u31, Googlebot/Feb 2015, Firefox/31.3.0 ESR/Win 7, Firefox/37/OS X, Android/4.3, Android/4.2.2, Baidu/Jan 2015, Safari/5.1.9/OS X 10.6.8, Android/4.0.4, Android/4.1.1, Safari/6.0.4/OS X 10.8.4, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, OpenSSL/0.9.8y, Java/7u25, Android/2.3.7, Java/6u45 PORT 995 -------- @@ -366,13 +339,13 @@ _nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected rec * OpenSSL Heartbleed: OK - Not vulnerable to Heartbleed - * SSLV2 Cipher Suites: - Server rejected all cipher suites. - * Session Resumption: With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts). With TLS Session Tickets: NOT SUPPORTED - TLS ticket assigned but not accepted. + * SSLV2 Cipher Suites: + Server rejected all cipher suites. + * TLSV1_2 Cipher Suites: Preferred: ECDHE-RSA-AES128-GCM-SHA256 ECDH-384 bits 128 bits @@ -395,9 +368,6 @@ _nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected rec AES128-SHA256 - 128 bits AES128-SHA - 128 bits AES128-GCM-SHA256 - 128 bits - ECDHE-RSA-DES-CBC3-SHA ECDH-384 bits 112 bits - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits - DES-CBC3-SHA - 112 bits * TLSV1_1 Cipher Suites: Preferred: @@ -409,9 +379,9 @@ _nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected rec ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits DHE-RSA-AES128-SHA DH-2048 bits 128 bits AES128-SHA - 128 bits - ECDHE-RSA-DES-CBC3-SHA ECDH-384 bits 112 bits - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits - DES-CBC3-SHA - 112 bits + + * SSLV3 Cipher Suites: + Server rejected all cipher suites. * TLSV1 Cipher Suites: Preferred: @@ -422,15 +392,9 @@ _nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected rec AES256-SHA - 256 bits ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits DHE-RSA-AES128-SHA DH-2048 bits 128 bits - AES128-SHA - 128 bits - ECDHE-RSA-DES-CBC3-SHA ECDH-384 bits 112 bits - EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits - DES-CBC3-SHA - 112 bits + AES128-SHA - 128 bits - * SSLV3 Cipher Suites: - Server rejected all cipher suites. - - Should Not Offer: AES128-GCM-SHA256, AES128-SHA, AES128-SHA256, AES256-GCM-SHA384, AES256-SHA, AES256-SHA256, DES-CBC3-SHA, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA, DHE-RSA-AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA - Could Also Offer: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384 - Supported Clients: BingPreview/Jan 2015, OpenSSL/1.0.2, YandexBot/Jan 2015, OpenSSL/1.0.1l, Yahoo Slurp/Jan 2015, Android/4.4.2, Safari/7/iOS 7.1, Safari/8/iOS 8.1.2, Safari/6/iOS 6.0.1, Safari/7/OS X 10.9, Safari/8/OS X 10.10, IE/11/Win 7, IE/11/Win 8.1, IE Mobile/11/Win Phone 8.1, Java/8u31, Android/5.0.0, Googlebot/Feb 2015, Firefox/31.3.0 ESR/Win 7, Chrome/42/OS X, Baidu/Jan 2015, Android/4.1.1, Android/4.3, Android/4.0.4, Android/4.2.2, Safari/5.1.9/OS X 10.6.8, Safari/6.0.4/OS X 10.8.4, Firefox/37/OS X, OpenSSL/0.9.8y, Java/7u25, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, Java/6u45, Android/2.3.7, IE/8/XP + Should Not Offer: AES128-GCM-SHA256, AES128-SHA, AES128-SHA256, AES256-GCM-SHA384, AES256-SHA, AES256-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA, DHE-RSA-AES256-SHA256, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA + Could Also Offer: ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES256-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305 + Supported Clients: Yahoo Slurp/Jan 2015, OpenSSL/1.0.2, YandexBot/Jan 2015, BingPreview/Jan 2015, OpenSSL/1.0.1l, Android/4.4.2, Safari/6/iOS 6.0.1, Safari/8/OS X 10.10, Safari/7/OS X 10.9, Safari/7/iOS 7.1, IE/11/Win 8.1, Safari/8/iOS 8.1.2, IE Mobile/11/Win Phone 8.1, IE/11/Win 7, Android/5.0.0, Chrome/42/OS X, Java/8u31, Googlebot/Feb 2015, Firefox/31.3.0 ESR/Win 7, Firefox/37/OS X, Android/4.3, Android/4.2.2, Baidu/Jan 2015, Safari/5.1.9/OS X 10.6.8, Android/4.0.4, Android/4.1.1, Safari/6.0.4/OS X 10.8.4, IE Mobile/10/Win Phone 8.0, IE/8-10/Win 7, IE/7/Vista, OpenSSL/0.9.8y, Java/7u25, Android/2.3.7, Java/6u45