Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • 20170511211122ESSKxpxOd 2G8C510ADX FLFb6FGTbU7VBgmBwrGtG2TZs

    Enviado por

    Lop Mang
    28 visualizações5 páginas
    just a file

    Título original

    20170511211122ESSKxpxOd+2G8C510ADX+FLFb6FGTbU7VBgmBwrGtG2TZs

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    just a file

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    28 visualizações5 páginas

    20170511211122ESSKxpxOd 2G8C510ADX FLFb6FGTbU7VBgmBwrGtG2TZs

    Enviado por

    Lop Mang
    just a file

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 5

    Home Projects Qualys.

    com Contact

    Youarehere:Home>Projects>SSLServerTest>fayte.com

    SSLReport:fayte.com(52.36.204.59)
    Assessedon:Fri,12May201705:20:25UTC|Hide|Clearcache ScanAnother

    Summary

    OverallRating

    Certificate

    C ProtocolSupport

    KeyExchange

    CipherStrength

    0 20 40 60 80 100

    Visitourdocumentationpageformoreinformation,configurationguides,andbooks.Knownissuesaredocumentedhere.

    ThisserverisvulnerabletothePOODLEattack.Ifpossible,disableSSL3tomitigate.GradecappedtoC.MOREINFO

    ThisserveracceptsRC4cipher,butonlywitholderprotocols.GradecappedtoB.MOREINFO

    TheserverdoesnotsupportForwardSecrecywiththereferencebrowsers.MOREINFO

    Certificate#1:RSA2048bits(SHA256withRSA)

    ServerKeyandCertificate#1

    fayte.com
    Subject FingerprintSHA256:9e73c1b60f2196517a1a1ef4d23ed1fa4aa59116809c318072eef09ec6a8f4e4
    PinSHA256:VHk5Zwqm3fmOMHvqOlh4xqDSWWDz4FeDnek5vkQlLp8=

    Commonnames fayte.com

    Alternativenames fayte.comwww.fayte.com

    Validfrom Fri,14Apr201700:00:00UTC

    Validuntil Wed,06Jun201823:59:59UTC(expiresin1year)

    Key RSA2048bits(e65537)

    Weakkey(Debian) No

    COMODORSADomainValidationSecureServerCA
    Issuer
    AIA:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt

    Signaturealgorithm SHA256withRSA

    ExtendedValidation No

    CertificateTransparency No

    OCSPMustStaple No

    CRL,OCSP
    Revocationinformation CRL:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl

    OCSP:http://ocsp.comodoca.com

    Revocationstatus Good(notrevoked)

    DNSCAA No(moreinfo)

    Trusted Yes

    AdditionalCertificates(ifsupplied)
    Certificatesprovided 3(4295bytes)

    Chainissues None

    #2

    COMODORSADomainValidationSecureServerCA
    Subject FingerprintSHA256:02ab57e4e67a0cb48dd2ff34830e8ac40f4476fb08ca6be3f5cd846f646840f0

    PinSHA256:klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=

    Validuntil Sun,11Feb202923:59:59UTC(expiresin11yearsand8months)

    Key RSA2048bits(e65537)

    Issuer COMODORSACertificationAuthority

    Signaturealgorithm SHA384withRSA

    #3

    COMODORSACertificationAuthority
    Subject FingerprintSHA256:4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da

    PinSHA256:grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=

    Validuntil Sat,30May202010:48:38UTC(expiresin3years)

    Key RSA4096bits(e65537)

    Issuer AddTrustExternalCARoot

    Signaturealgorithm SHA384withRSA

    CertificationPaths

    Clickheretoexpand

    Configuration

    Protocols

    TLS1.2 Yes

    TLS1.1 Yes

    TLS1.0 Yes

    SSL3INSECURE Yes

    SSL2 No

    CipherSuites

    #TLS1.2(serverhasnopreference)

    TLS_RSA_WITH_3DES_EDE_CBC_SHA(0xa)WEAK 112

    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA(0x16)DH2048bitsFSWEAK 112

    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(0xc012)ECDHsecp256r1(eq.3072bitsRSA)FSWEAK 112

    TLS_RSA_WITH_AES_128_CBC_SHA(0x2f) 128

    TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x33)DH2048bitsFS 128

    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA(0x41) 128

    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(0x45)DH2048bitsFS 128

    TLS_RSA_WITH_SEED_CBC_SHA(0x96) 128

    TLS_DHE_RSA_WITH_SEED_CBC_SHA(0x9a)DH2048bitsFS 128

    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013)ECDHsecp256r1(eq.3072bitsRSA)FS 128

    TLS_RSA_WITH_AES_128_CBC_SHA256(0x3c) 128

    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x67)DH2048bitsFS 128

    TLS_RSA_WITH_AES_128_GCM_SHA256(0x9c) 128

    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x9e)DH2048bitsFS 128

    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xc027)ECDHsecp256r1(eq.3072bitsRSA)FS 128

    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xc02f)ECDHsecp256r1(eq.3072bitsRSA)FS 128
    CipherSuites

    TLS_RSA_WITH_RC4_128_SHA(0x5)INSECURE 128

    TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xc011)ECDHsecp256r1(eq.3072bitsRSA)FSINSECURE 128

    TLS_RSA_WITH_AES_256_CBC_SHA(0x35) 256

    TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x39)DH2048bitsFS 256

    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA(0x84) 256

    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(0x88)DH2048bitsFS 256

    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xc014)ECDHsecp256r1(eq.3072bitsRSA)FS 256

    TLS_RSA_WITH_AES_256_CBC_SHA256(0x3d) 256

    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x6b)DH2048bitsFS 256

    TLS_RSA_WITH_AES_256_GCM_SHA384(0x9d) 256

    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x9f)DH2048bitsFS 256

    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xc028)ECDHsecp256r1(eq.3072bitsRSA)FS 256

    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xc030)ECDHsecp256r1(eq.3072bitsRSA)FS 256

    #TLS1.1(serverhasnopreference)

    #TLS1.0(serverhasnopreference)

    #SSL3(serverhasnopreference)

    HandshakeSimulation

    Android2.3.7NoSNI2 RSA2048(SHA256) TLS1.0 TLS_RSA_WITH_RC4_128_SHA NoFSRC4

    Android4.0.4 RSA2048(SHA256) TLS1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECDHsecp256r1 FS

    Android4.1.1 RSA2048(SHA256) TLS1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECDHsecp256r1 FS

    Android4.2.2 RSA2048(SHA256) TLS1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECDHsecp256r1 FS

    Android4.3 RSA2048(SHA256) TLS1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECDHsecp256r1 FS

    Android4.4.2 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Android5.0.0 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECDHsecp256r1 FS

    Android6.0 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    Android7.0 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    BaiduJan2015 RSA2048(SHA256) TLS1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECDHsecp256r1 FS

    BingPreviewJan2015 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Chrome49/XPSP3 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    Chrome51/Win7R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    Firefox31.3.0ESR/Win7 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    Firefox47/Win7R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    Firefox49/XPSP3 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    Firefox49/Win7R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    GooglebotFeb2015 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256ECDHsecp256r1 FS

    IE6/XPNoFS1 NoSNI2 RSA2048(SHA256) SSL3 TLS_RSA_WITH_RC4_128_SHA RC4

    IE7/Vista RSA2048(SHA256) TLS1.0 TLS_RSA_WITH_AES_128_CBC_SHA NoFS

    IE8/XPNoFS1 NoSNI2 RSA2048(SHA256) TLS1.0 TLS_RSA_WITH_RC4_128_SHA RC4

    IE810/Win7R RSA2048(SHA256) TLS1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECDHsecp256r1 FS

    IE11/Win7R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHsecp256r1 FS

    IE11/Win8.1R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHsecp256r1 FS

    IE10/WinPhone8.0 RSA2048(SHA256) TLS1.0 TLS_RSA_WITH_AES_128_CBC_SHA NoFS

    IE11/WinPhone8.1R RSA2048(SHA256) TLS1.2 TLS_RSA_WITH_AES_128_CBC_SHA256NoFS

    IE11/WinPhone8.1UpdateR RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHsecp256r1 FS

    IE11/Win10R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Edge13/Win10R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Edge13/WinPhone10R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Java6u45NoSNI2 RSA2048(SHA256) TLS1.0 TLS_RSA_WITH_RC4_128_SHA NoFSRC4


    HandshakeSimulation

    ClientabortsonSNIunrecognized_namewarning
    Java7u25
    RSA2048(SHA256)|TLS1.0|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA|ECDHsecp256r1

    ClientabortsonSNIunrecognized_namewarning
    Java8u31
    RSA2048(SHA256)|TLS1.2|TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256|ECDHsecp256r1

    OpenSSL0.9.8y RSA2048(SHA256) TLS1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHADH2048 FS

    OpenSSL1.0.1lR RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    OpenSSL1.0.2eR RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Safari5.1.9/OSX10.6.8 RSA2048(SHA256) TLS1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAECDHsecp256r1 FS

    Safari6/iOS6.0.1 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHsecp256r1 FS

    Safari6.0.4/OSX10.8.4R RSA2048(SHA256) TLS1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECDHsecp256r1 FS

    Safari7/iOS7.1R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHsecp256r1 FS

    Safari7/OSX10.9R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHsecp256r1 FS

    Safari8/iOS8.4R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHsecp256r1 FS

    Safari8/OSX10.10R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384ECDHsecp256r1 FS

    Safari9/iOS9R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Safari9/OSX10.11R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Safari10/iOS10R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    Safari10/OSX10.12R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    AppleATS9/iOS9R RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    YahooSlurpJan2015 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    YandexBotJan2015 RSA2048(SHA256) TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384ECDHsecp256r1 FS

    (1)ClientsthatdonotsupportForwardSecrecy(FS)areexcludedwhendeterminingsupportforit.
    (2)NosupportforvirtualSSLhosting(SNI).ConnectstothedefaultsiteiftheserverusesSNI.
    (3)Onlyfirstconnectionattemptsimulated.Browserssometimesretrywithalowerprotocolversion.
    (R)Denotesareferencebrowserorclient,withwhichweexpectbettereffectivesecurity.
    (All)Weusedefaults,butsomeplatformsdonotusetheirbestprotocolsandfeatures(e.g.,Java6&7,olderIE).

    ProtocolDetails

    No,serverkeysandhostnamenotseenelsewherewithSSLv2
    (1)Forabetterunderstandingofthistest,pleasereadthislongerexplanation
    DROWN
    (2)KeyusagedatakindlyprovidedbytheCensysnetworksearchengineoriginalDROWNtesthere
    (3)Censysdataisonlyindicativeofpossiblekeyandcertificatereusepossiblyoutofdateandnotcomplete

    SecureRenegotiation Supported

    SecureClientInitiatedRenegotiation No

    InsecureClientInitiatedRenegotiation No

    BEASTattack Notmitigatedserverside(moreinfo)SSL3:0xa,TLS1.0:0xa

    POODLE(SSLv3) VulnerableINSECURE(moreinfo)SSL3:0xa

    POODLE(TLS) No(moreinfo)

    Downgradeattackprevention Yes,TLS_FALLBACK_SCSVsupported(moreinfo)

    SSL/TLScompression No

    RC4 YesINSECURE(moreinfo)

    Heartbeat(extension) Yes

    Heartbleed(vulnerability) No(moreinfo)

    Ticketbleed(vulnerability) No(moreinfo)

    OpenSSLCCSvuln.(CVE20140224) No(moreinfo)

    OpenSSLPaddingOraclevuln.
    No(moreinfo)
    (CVE20162107)

    ForwardSecrecy Withsomebrowsers(moreinfo)

    ALPN No

    NPN No

    Sessionresumption(caching) Yes

    Sessionresumption(tickets) Yes

    OCSPstapling No

    StrictTransportSecurity(HSTS) No
    ProtocolDetails

    HSTSPreloading Notin:ChromeEdgeFirefoxIE

    PublicKeyPinning(HPKP) No(moreinfo)

    PublicKeyPinningReportOnly No

    PublicKeyPinning(Static) No(moreinfo)

    Longhandshakeintolerance No

    TLSextensionintolerance No

    TLSversionintolerance No

    IncorrectSNIalerts fayte.com

    UsescommonDHprimes No

    DHpublicserverparam(Ys)reuse No

    ECDHpublicserverparamreuse No

    SupportedECNamedCurves secp256r1

    SSL2handshakecompatibility Yes

    HTTPRequests

    1 https://fayte.com/(HTTP/1.1200OK)

    Date Fri,12May201705:19:33GMT

    Server Apache/2.4.7(Ubuntu)

    XPoweredBy PHP/5.5.91ubuntu4.17

    PHPSESSID=smg7hc04pbjqnstj79mapem1b3expires=Fri,12May201708:19:33GMT
    SetCookie
    MaxAge=10800path=/

    1 Expires Thu,19Nov198108:52:00GMT

    CacheControl nostore,nocache,mustrevalidate,postcheck=0,precheck=0

    Pragma nocache

    Vary AcceptEncoding

    Connection close

    ContentType text/html

    Miscellaneous

    Testdate Fri,12May201705:19:15UTC

    Testduration 70.661seconds

    HTTPstatuscode 200

    HTTPserversignature Apache/2.4.7(Ubuntu)

    Serverhostname ec2523620459.uswest2.compute.amazonaws.com

    SSLReportv1.28.5

    Copyright20092017Qualys,Inc.AllRightsReserved. TermsandConditions

    Qualysistheleadingproviderofintegratedassetdiscovery,networksecurity,threatprotection,compliancemonitoringandwebapplicationsecuritysolutions.

    Você também pode gostar