www.htmlyse.com - Home

Test DNS, SSL/TLS, HTTP and HTML

Test results for checktls.com

Scanned on: Sun Nov 25 02:20:58 2018 GMT. Tested in 488 seconds

DNS Report

DNSSEC                 not offered
Zone transfer (AXFR)   not allowed (OK)
CAA Record             offered (OK)
SPF Record             offered (OK)
DMARC Record           offered (OK)
MTA-STS                not offered
TLSRPT Record          not offered

Raw DNS Records

Name TTL Type Data
checktls.com 1800 SOA ns1.digitalocean.com hostmaster @ checktls.com 1539966028 10800 3600 604800 1800
checktls.com 3600 NS ns1.digitalocean.com, IPv4: 173.245.58.51
checktls.com 3600 NS ns2.digitalocean.com, IPv4: 173.245.59.41
checktls.com 3600 NS ns3.digitalocean.com, IPv4: 198.41.222.173
checktls.com 3596 A 159.89.187.50
checktls.com 3600 AAAA 2604:a880:800:a1:0:0:2b2:f001
checktls.com 3600 CAA 0 issue godaddy.com
checktls.com 3600 CAA 0 issuewild godaddy.com
checktls.com 3600 MX 20 mail6.checktls.com
checktls.com 3600 TXT google-site-verification=AsgP5ibWfjEqqi7dy_fN_DWPtzfYcwn0ETAW96ICc04
checktls.com 3600 TXT v=spf1 a mx -all
_dmarc.checktls.com 3600 TXT v=DMARC1; p=none
www.checktls.com 3600 A 159.89.187.50
www.checktls.com 3600 AAAA 2604:a880:800:a1:0:0:2b2:f001
www.checktls.com 3600 CNAME checktls.com

SSL/TLS Report

 Further IP addresses:   2604:a880:800:a1::2b2:f001 
 A record via            supplied IP "159.89.187.50"
 rDNS (159.89.187.50):   www6.checktls.com.
 Service detected:       HTTP


 SSL/TLS protocols 
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 TLS 1.3    not offered -- downgraded
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 SSL/TLS server implementation bugs 

 No bugs found.

 Cipher categories 

 NULL ciphers (no encryption)                  not offered (OK) -- NULL:eNULL
 Anonymous NULL Ciphers (no authentication)    not offered (OK) -- aNULL:ADH
 Export ciphers (w/o ADH+NULL)                 not offered (OK) -- EXPORT:!ADH:!NULL
 LOW: 64 Bit + DES encryption (w/o export)     not offered (OK) -- LOW:DES:!ADH:!EXP:!NULL
 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    offered (NOT ok) -- MEDIUM:!aNULL:!AES:!CAMELLIA:!ARIA:!CHACHA20:!3DES
 Triple DES Ciphers (Medium)                   offered -- 3DES:!aNULL:!ADH
 High encryption (AES+Camellia, no AEAD)       offered (OK) -- HIGH:!NULL:!aNULL:!DES:!3DES:!AESGCM:!CHACHA20:!AESGCM:!CamelliaGCM:!AESCCM8:!AESCCM
 Strong encryption (AEAD ciphers)              offered (OK) -- AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM


 Robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 

 PFS is offered (OK)          ECDHE-RSA-AES256-GCM-SHA384 
                              ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA 
                              DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 
                              DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA 
                              ECDHE-RSA-AES128-GCM-SHA256 
                              ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA 
                              DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 
                              DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA 
                              DHE-RSA-CAMELLIA128-SHA 
 Elliptic curves offered:     secp256k1 prime256v1 secp384r1 secp521r1 


 Server preferences 

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Cipher order
    TLSv1:     ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA 
               AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA 
               DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA 
               CAMELLIA128-SHA DHE-RSA-SEED-SHA SEED-SHA ECDHE-RSA-DES-CBC3-SHA 
               EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA IDEA-CBC-SHA 
    TLSv1.1:   ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA 
               AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA 
               DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA 
               CAMELLIA128-SHA DHE-RSA-SEED-SHA SEED-SHA ECDHE-RSA-DES-CBC3-SHA 
               EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA IDEA-CBC-SHA 
    TLSv1.2:   ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 
               ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 
               DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA 
               AES256-GCM-SHA384 AES256-SHA256 AES256-SHA CAMELLIA256-SHA 
               ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 
               ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 
               DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA 
               AES128-GCM-SHA256 AES128-SHA256 AES128-SHA CAMELLIA128-SHA 
               DHE-RSA-SEED-SHA SEED-SHA ECDHE-RSA-DES-CBC3-SHA 
               EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA IDEA-CBC-SHA 


 Server defaults (Server Hello) 

 TLS extensions (standard)    "renegotiation info/#65281"
                              "EC point formats/#11" "heartbeat/#15"
 Session Ticket RFC 5077 hint (no lifetime advertised)
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: yes
 TLS clock skew               Random values, no fingerprinting possible 
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial / Fingerprints        C9FA145EB499E5D4 / SHA1 DF0BF9B74D7F3C3F38AA1721C1CFDCC4798B1B37
                              SHA256 6DACDF012B052B8B5E10F23E4D18E11E74413948F3BF317F7049FA8AA89B51E3
 Common Name (CN)             *.checktls.com
 subjectAltName (SAN)         *.checktls.com checktls.com 
 Issuer                       Go Daddy Secure Certificate Authority - G2 (GoDaddy.com, Inc. from US)
 Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               Ok   
 EV cert (experimental)       no 
 Certificate Validity (UTC)   376 >= 60 days (2016-10-07 14:58 --> 2019-12-06 18:42)
 # of certificates provided   4
 Certificate Revocation List  http://crl.godaddy.com/gdig2s1-318.crl
 OCSP URI                     http://ocsp.godaddy.com/
 OCSP stapling                not offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    available - please check for match with "Issuer" above
                              issue=godaddy.com, issuewild=godaddy.com
 Certificate Transparency     --


 HTTP header response @ "/" 

 HTTP Status Code             301 Moved Permanently, redirecting to "https://www.checktls.com/"
 HTTP clock skew              +3 sec from localtime
 Strict Transport Security    not offered
 Public Key Pinning           --
 Server banner                Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3
 Application banner           --
 Cookie(s)                    (none issued at "/") -- maybe better try target URL of 30x
 Security headers             --
 Reverse Proxy banner         --


 SSL/TLS vulnerabilities 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), timed out
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session ticket extension
 ROBOT                                     not vulnerable (OK)
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    VULNERABLE, uses 64 bit block ciphers
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=6DACDF012B052B8B5E10F23E4D18E11E74413948F3BF317F7049FA8AA89B51E3
                                           could help you to find out
 LOGJAM (CVE-2015-4000), experimental      Common prime with 2048 bits detected: 
                                           RFC3526/Oakley Group 14,
                                           but no DH EXPORT ciphers
 BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES256-SHA
                                                 DHE-RSA-AES256-SHA
                                                 DHE-RSA-CAMELLIA256-SHA
                                                 AES256-SHA CAMELLIA256-SHA
                                                 ECDHE-RSA-AES128-SHA
                                                 DHE-RSA-AES128-SHA
                                                 DHE-RSA-CAMELLIA128-SHA
                                                 AES128-SHA CAMELLIA128-SHA
                                                 DHE-RSA-SEED-SHA SEED-SHA
                                                 ECDHE-RSA-DES-CBC3-SHA
                                                 EDH-RSA-DES-CBC3-SHA
                                                 DES-CBC3-SHA IDEA-CBC-SHA 
                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Tested 364 ciphers, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
 xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
 x9f     DHE-RSA-AES256-GCM-SHA384         DH 2048    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
 x6b     DHE-RSA-AES256-SHA256             DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                
 x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              
 x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    
 x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
 xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 
 x9e     DHE-RSA-AES128-GCM-SHA256         DH 2048    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                
 x67     DHE-RSA-AES128-SHA256             DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                
 x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   
 x9a     DHE-RSA-SEED-SHA                  DH 2048    SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              
 x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    
 x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256                    
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       
 x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA                          
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
 x07     IDEA-CBC-SHA                      RSA        IDEA        128      TLS_RSA_WITH_IDEA_CBC_SHA                          
 xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH 256   3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                
 x16     EDH-RSA-DES-CBC3-SHA              DH 2048    3DES        168      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                  
 x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      


 Ciphers per protocol, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
TLS 1.3  
TLS 1.2  
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
 xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384              
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
 x9f     DHE-RSA-AES256-GCM-SHA384         DH 2048    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
 x6b     DHE-RSA-AES256-SHA256             DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256                
 x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              
 x9d     AES256-GCM-SHA384                 RSA        AESGCM      256      TLS_RSA_WITH_AES_256_GCM_SHA384                    
 x3d     AES256-SHA256                     RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA256                    
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
 xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256              
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 
 x9e     DHE-RSA-AES128-GCM-SHA256         DH 2048    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                
 x67     DHE-RSA-AES128-SHA256             DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256                
 x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   
 x9a     DHE-RSA-SEED-SHA                  DH 2048    SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              
 x9c     AES128-GCM-SHA256                 RSA        AESGCM      128      TLS_RSA_WITH_AES_128_GCM_SHA256                    
 x3c     AES128-SHA256                     RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA256                    
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       
 x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA                          
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
 x07     IDEA-CBC-SHA                      RSA        IDEA        128      TLS_RSA_WITH_IDEA_CBC_SHA                          
 xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH 256   3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                
 x16     EDH-RSA-DES-CBC3-SHA              DH 2048    3DES        168      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                  
 x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      
TLS 1.1  
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
 x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 
 x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   
 x9a     DHE-RSA-SEED-SHA                  DH 2048    SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       
 x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA                          
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
 x07     IDEA-CBC-SHA                      RSA        IDEA        128      TLS_RSA_WITH_IDEA_CBC_SHA                          
 xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH 256   3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                
 x16     EDH-RSA-DES-CBC3-SHA              DH 2048    3DES        168      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                  
 x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      
TLS 1  
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES         256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA                 
 x39     DHE-RSA-AES256-SHA                DH 2048    AES         256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA                   
 x88     DHE-RSA-CAMELLIA256-SHA           DH 2048    Camellia    256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA              
 x35     AES256-SHA                        RSA        AES         256      TLS_RSA_WITH_AES_256_CBC_SHA                       
 x84     CAMELLIA256-SHA                   RSA        Camellia    256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                  
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES         128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                 
 x33     DHE-RSA-AES128-SHA                DH 2048    AES         128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA                   
 x9a     DHE-RSA-SEED-SHA                  DH 2048    SEED        128      TLS_DHE_RSA_WITH_SEED_CBC_SHA                      
 x45     DHE-RSA-CAMELLIA128-SHA           DH 2048    Camellia    128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA              
 x2f     AES128-SHA                        RSA        AES         128      TLS_RSA_WITH_AES_128_CBC_SHA                       
 x96     SEED-SHA                          RSA        SEED        128      TLS_RSA_WITH_SEED_CBC_SHA                          
 x41     CAMELLIA128-SHA                   RSA        Camellia    128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA                  
 x07     IDEA-CBC-SHA                      RSA        IDEA        128      TLS_RSA_WITH_IDEA_CBC_SHA                          
 xc012   ECDHE-RSA-DES-CBC3-SHA            ECDH 256   3DES        168      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA                
 x16     EDH-RSA-DES-CBC3-SHA              DH 2048    3DES        168      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA                  
 x0a     DES-CBC3-SHA                      RSA        3DES        168      TLS_RSA_WITH_3DES_EDE_CBC_SHA                      
SSLv3  
SSLv2  

 Client simulations 

 Android 2.3.7                TLSv1.0 DHE-RSA-AES128-SHA, 2048 bit DH
 Android 4.0.4                TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.1.1                TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.2.2                TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.3                  TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 4.4.2                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Android 5.0.0                TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 6.0                  TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 27 Win 7              TLSv1.1 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 28 Win 7              TLSv1.1 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 29 Win 7              TLSv1.1 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 30 Win 7              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 31 Win 7              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 32 Win 7              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 33 Win 7              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 34 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 35 Win 7              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 36 Win 7              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 37 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 39 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 40 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 42 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 43 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 45 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 47 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 48 OS X               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 49 Win 7              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 49 XP SP3             TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 50 Win 7              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Chrome 51 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 57 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 65 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 69 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Chrome 70 Win 10             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 10.0.12 ESR Win 7    TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 17.0.7 ESR Win 7     TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 21 Fedora 19         TLSv1.0 DHE-RSA-AES256-SHA, 2048 bit DH
 Firefox 21 Win 7             TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 22 Win 7             TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 24.2.0 ESR Win 7     TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 24 Win 7             TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 26 Win 8             TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 27 Win 8             TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 29 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 30 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 31.3.0 ESR Win 7     TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 31 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 32 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 34 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 35 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 37 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 39 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 41 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 42 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 44 OS X              TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 45 Win 7             TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 46 Win 7             TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 47 Win 7             TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Firefox 49 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 49 XP SP3            TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 53 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 59 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 62 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 IE 6 XP                      No connection
 IE 7 Vista                   TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 8-10 Win 7                TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 8 Win 7                   TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 8 XP                      TLSv1.0 DES-CBC3-SHA
 IE 9 Win 7                   TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 10 Win Phone 8.0          TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win 7                  TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 8.1                TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1          TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1 Update   TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 10                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 10 Preview         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 12 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Opera 12.15 Win 7            TLSv1.0 DHE-RSA-AES256-SHA, 2048 bit DH
 Opera 15 Win 7               TLSv1.1 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Opera 16 Win 7               TLSv1.1 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Opera 17 Win 7               TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 5.1.9 OS X 10.6.8     TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 5 iOS 5.1.1           TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 6.0.4 OS X 10.8.4     TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Safari 6 iOS 6.0.1           TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 7 iOS 7.1             TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 7 OS X 10.9           TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 8 iOS 8.0 Beta        TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 8 iOS 8.4             TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 8 OS X 10.10          TLSv1.2 ECDHE-RSA-AES256-SHA384, 256 bit ECDH (P-256)
 Safari 9 iOS 9               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 10 iOS 10             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Tor 17.0.9 Win 7             TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Apple ATS 9 iOS 9            TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Baidu Jan 2015               TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 BingBot Dec 2013             TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 BingPreview Dec 2013         TLSv1.0 DHE-RSA-AES256-SHA, 2048 bit DH
 BingPreview Jun 2014         TLSv1.0 DHE-RSA-AES256-SHA, 2048 bit DH
 BingPreview Jan 2015         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Googlebot Oct 2013           TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Googlebot Jun 2014           TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Googlebot Feb 2015           TLSv1.2 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Googlebot Feb 2018           TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Yahoo Slurp Oct 2013         TLSv1.0 ECDHE-RSA-AES256-SHA, 256 bit ECDH (P-256)
 Yahoo Slurp Jun 2014         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Yahoo Slurp Jan 2015         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 YandexBot 3.0                No connection
 YandexBot May 2014           TLSv1.0 DHE-RSA-AES256-SHA, 2048 bit DH
 YandexBot Sep 2014           TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 YandexBot Jan 2015           TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 6u45                    No connection
 Java 7u25                    TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
 Java 8b132                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u111                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u161                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 8u31                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 0.9.8y               TLSv1.0 DHE-RSA-AES256-SHA, 2048 bit DH
 OpenSSL 1.0.1h               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)


Security HTTP Headers

HTTP Strict Transport Security (HSTS)   not offered (NOT ok)
Content Security Policy (CSP)           not offered (NOT ok)
X-Frame-Options                         not offered (NOT ok)
X-XSS-Protection                        not offered
X-Content-Type-Options                  not offered
Expect-CT                               not offered
Referrer Policy                         not offered
Feature Policy                          not offered
Web Server Version Disclosure           offered (NOT ok)
Web Application Disclosure              not offered (OK)
HTTP Public Key Pins (HPKP)             not offered, deprecated

Connection Performance
Keep Alive Connection                   offered (OK)
Content Encoding (Compression)          offered (Gzip) OK, for static pages or if no secrets in the page

Raw HTTP Headers

HTTP/1.1 200 OK
Accept-Ranges bytes
Access-Control-Allow-Origin *
Cache-Control max-age=86400
Connection Keep-Alive
Content-Encoding gzip
Content-Length 10163
Content-Type text/html; charset=UTF-8
Date Sun, 25 Nov 2018 02:12:58 GMT
Expires Mon, 26 Nov 2018 02:12:58 GMT
Keep-Alive timeout=5, max=100
Last-Modified Wed, 26 Sep 2018 13:00:56 GMT
Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_perl/2.0.10 Perl/v5.16.3
Vary Accept-Encoding

Cleaned HTML

<!DOCTYPE html>
<html lang="en-US">
<head>
<title>Secure Email</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="Description" content="Secure Email Test, Tools, Monitor, Compliance, and Verification" />
<meta name="Keywords" content="secure email test tls 1.3" />
<link rel="stylesheet" href="/css/main.css" />
<link rel="stylesheet" href="/css/font-awesome-all.min.css" />
<script>
<![CDATA[
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-23499208-1', 'auto');
ga('send', 'pageview');
]]>
</script>
<script src="/js/jquery-3.1.1.js" type="text/javascript"></script>
<script src="/js/main.js" type="text/javascript"></script>
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32" />
<link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16" />
<link rel="manifest" href="/manifest.json" />
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5" />
<meta name="theme-color" content="#ffffff" />
<style type="text/css">
/*<![CDATA[*/
span.c4 {text-decoration: underline}
span.c3 {color:#00CC33}
button.c2 {font-style: italic}
a.c1 {font-style: italic}
/*]]>*/
</style>
</head>
<body>
<div id="top">
<div>
<div id="logo"><a href="/index.html" title="home"><img src="/images/checktlslogo96x56.png" alt="CheckTLS" /></a></div>
<div id="nonlogo">
<div id="headinglogin">
<div id="heading">
<p>// <a href="#" title="home">home</a></p>
</div>
<div id="login">
<form method="post" action="/Login"><button class="button" type="submit" title="Login/Logout">Login</button></form>
</div>
</div>
<div id="menu">
<ul>
<li id="menu-empty" class="dropdown"><a href="#" class="dropbtn"></a></li>
<li id="menu-email" class="dropdown">|<a href="#" onclick="titleMenu(this);" class="dropbtn">email</a>
<div class="dropdown-content hidden"><a href="/TestReceiver">test <span class="boldtofrom">To:</span></a> <a href="/TestSender">test <span class="boldtofrom">From:</span></a> <a href="/TestReceiver?ASSURETLS">test Mandatory <span class="boldtofrom">To:</span></a> <a href="/TestSender?ASSURETLS">test Mandatory <span class="boldtofrom">From:</span></a> <a href="/BatchEdit">edit saved tests</a> <a href="/BatchUpload">upload saved test</a> <a href="/Monitor">monitor</a> <a href="/solveemailproblems.html">solve email problems</a> <a href="/compliance.html">email compliance</a></div>
</li>
<li id="menu-cloud" class="dropdown">|<a href="#" onclick="titleMenu(this);" class="dropbtn">cloud</a>
<div class="dropdown-content hidden"><a href="/TestService">protocol analyzer</a> <a href="/WatchConnect">packet sniffer</a> <a href="/Embed">embed</a> <a href="/ShowCert">decode ssl cert</a> <a href="/GenCert">free ssl csr + cert</a> <a href="/ShowCSR">decode CSR</a> <a href="/showcas.html">show our CA list</a> <a href="/showciphers.html">show our Ciphers list</a></div>
</li>
<li id="menu-help" class="dropdown">|<a href="#" onclick="titleMenu(this);" class="dropbtn">help</a>
<div class="dropdown-content hidden"><a href="/ContactUs">contact us</a> <a href="/aboutus.html">about us</a> <a href="/terms.html">terms of use</a> <a href="/privacy.html">privacy policy</a> <a href="/aboutapi.html">API</a> <a href="/aboutbatch.html">saving tests (Batch)</a> <a href="/aboutmonitor.html">monitoring</a> <a href="/aboutmandatorytls.html">Mandatory TLS</a> <a href="/SiteMap">site map</a> </div>
</li>
<li id="menu-subscription" class="dropdown">|<a href="#" onclick="titleMenu(this);" class="dropbtn">subscription</a>
<div class="dropdown-content hidden"><a href="/Login">login</a> <a href="/aboutsubscription.html">about</a> <a href="/SubscriptionSignUp">signup</a> <a href="/SubscriptionQuote">get Quote</a> <a href="/SubscriptionSignUp?BUYNOW">one year</a> </div>
</li>
<li id="menu-faq" class="dropdown">|<a href="/faq" class="dropbtn">faq</a></li>
<li id="menu-contactusbutton" class="dropdown">|<a href="/ContactUs" class="dropbtn fa fa-address-card c1" title="Contact Us"></a></li>
<li id="menu-searchbutton" class="dropdown">|<a onclick="open_search();return(false);" class="dropbtn fa fa-search c1" title="Search CheckTLS"></a></li>
<li id="menu-translatebutton" class="dropdown">|<a onclick="open_translate();return(false);" class="dropbtn fa fa-globe c1" title="Translate CheckTLS"></a> |</li>
<li id="menu-translateform" class="dropdown">
<div id="google_translate_element"></div>
<button class="button fa fa-close c2" name="cancel_translate" onclick="close_translate();return(false);" title="Cancel Translate"></button></li>
<li id="menu-searchform" class="dropdown">
<form action="/searchresults.html"><input type="text" name="q" autofocus="autofocus" /> <button class="button fa fa-search c2" title="Search"></button> <button class="button fa fa-close c2" onclick="close_search();return(false);" title="Cancel"></button></form>
</li>
</ul>
</div>
</div>
</div>
<p></p>
</div>
<div id="middle">
<link rel="stylesheet" href="/css/index.css" />
<div id="content">
<h2 class="center">Secure Email</h2>
<div id="indextop">
<ul>
<li><a href="#test">Test</a></li>
<li><a href="/solveemailproblems.html">Debug</a></li>
<li><a href="/compliance.html">Compliance</a></li>
<li><a href="/aboutapi.html">CheckTLS API</a></li>
<li><a href="/testsender.html">SPF, DKIM, DMARC</a></li>
<li><a href="#HowTo">How To Use CheckTLS <span class="c3">(new)</span></a></li>
<li><a href="#LowerCosts">Lower Your Support Costs <span class="c3">(new)</span></a></li>
<li><a href="#TLSv1_3">We Use and Test TLS 1.3 <span class="c3">(new)</span></a></li>
</ul>
<img src="/images/secure-email.png" alt="Internet email" /></div>
<div class="clear"></div>
<h4 class="center">The Red Arrow</h4>
<div class="auto-multi-column">
<p>Email has three parts: your end, their end, and the Internet in the middle. You control your end, they control their end, but that middle part is "cloudy" (pardon the pun).</p>
<p>Both you and they know that "cloudy" part needs to be secure, but many places ignore the problem because they think it's too hard and/or they don't know how to get started.</p>
<h5>Internet Email Security May Be Easier Than You Think</h5>
<p>Most email systems can encrypt email in compliance with US NIST, HIPAA, HITECH, PCI DSS, Sarbanes-Oxley, GLBA, SB1386, SEC 17a-4, NASD3010, FRCP, FINRA, etc.</p>
<p></p>
<form class="nowrap" id="tryit" action="/TestReceiver" method="post" name="tryit"><button class="button" type="submit">Check Yours</button> <input name="LEVEL" type="hidden" value="Detail" /> <input name="EMAIL" id="EMAIL" type="text" placeholder="enter your domain or your email" required="required" /></form>
<br />
(You may need to <a href="https://en.wikipedia.org/wiki/Whitelist" target="_blank">whitelist</a> CheckTLS.com: <strong>we do not keep or use your address</strong>, see our <a href="/privacy.html">privacy policy</a>)
<p></p>
<p><strong>If your <em>Confidence Factor</em>℠ was 90 or better</strong>, your email has the necessary strong encryption required by these security standards. We can make sure you are using it correctly: see <a href="#HowTo">How To Use CheckTLS</a>.</p>
<p><strong>If your <em>Confidence Factor</em>℠ was less than 90</strong>, you're in the right place. We can help you get there. See <a href="/solveemailproblems.html">Solve Secure Email Problems</a> for more information.</p>
<h5>Email Security <strong>Compliance</strong> May Be Easy Too</h5>
<p>As long as your existing email uses strong enough encryption to communicate Protected Information over the Internet, it meets your security compliance requirements. So once you know your email <strong>can</strong> do the required strong encryption, you just have to <strong>make sure</strong> it does.</p>
<h5>Verified TLS℠</h5>
<p><a href="/compliance.html#verifiedtls">Verified TLS℠</a> makes sure your email uses and continues to use encryption. <strong>Verified TLS℠ makes your existing email <a href="/compliance.html">security compliant</a></strong>.</p>
<h5>Required or Not, Secure Email is Important</h5>
<p>Even if your organization is not required to comply with one of the listed rules and regulations, you certainly communicate information you do not want just anyone to see. Use Verified TLS℠ to make sure your email is protected.</p>
<h5>Yes, There is More</h5>
<p>The test above scores how well your email system receives email. How well does it send email? How about where you send sensitive information: your customers and vendors. How well do they receive your emails?</p>
<p>See <a href="/compliance.html">Secure Email Compliance</a> for more information.</p>
<p>And, back to the Red Arrow, we realize that <strong>your part</strong>, your green arrow above, has data encryption at rest, data retention, data protection, data destruction, and other ramifications. We just make Secure Email Internet Transport easy. We are the Red Arrow.</p>
</div>
<a class="anchor" name="TLSv1_3" id="TLSv1_3"></a>
<h4 class="center">TLS 1.3</h4>
<div class="auto-multi-column">
<p><strong>CheckTLS email works with TLS 1.3, as do most of our tests.</strong></p>
<p>Test TLS 1.3 on our email to see how it works. Compare the results with tests on your site.</p>
<p>The <a href="http://ietf.org/blog/tls13/" target="_blank">IETF</a> released <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3" target="_blank">TLS 1.3</a> in August, 2018. This new release is a big deal (see <a href="https://kinsta.com/blog/tls-1-3/" target="_blank">this overview at Kinsta</a>).</p>
<p><a href="https://en.wikipedia.org/wiki/Transport_Layer_Security" target="_blank">Transport Layer Security (TLS)</a> is the most important piece of email transport security, so this new version is very important to us and to our clients. We cover email broadly and deeply, so this new version affects much of our tests and tools. We are continuing to add TLS 1.3 probes, discovery, and reporting to our site. We welcome feedback, suggestions, and reports for what parts of our site could benefit from adding or enhancing TLS 1.3 support. <a href="/ContactUs">Contact Us</a></p>
</div>
<a class="anchor" name="HowTo" id="HowTo"></a>
<h4 class="center">How To Use CheckTLS</h4>
<div class="auto-multi-column">
<p>CheckTLS tests email systems:</p>
<ul>
<li>superficial to thorough</li>
<li>one time to continuous</li>
<li>minimal to complete</li>
<li>overview to precise detail</li>
</ul>
<p></p>
<p>Our site is free for non-commercial use. Commercial users have access to more features, faster results, stored tests, and automatic testing.</p>
<h5>We Suggest You Approach CheckTLS in This Order:</h5>
<div id="InOrder">(click <strong>⊞</strong> below to expand each item) <a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Check How You Get Messages from a Good Email System</a> &nbsp; <a href="/testreceiver.html">(more...)</a> <a href="/TestReceiver">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Trivial</strong><br />
CheckTLS starts to send an email to you, but we stop before actually sending anything. We watch and analyze everything that happens during the email transfer.</p>
<p>We score the email address (our <a href="/testreceiver.html#ConfidenceFactor"><em>Confidence Factor</em>℠</a>) and let you choose how much of the analysis you want to see.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Check How You Put Messages into a Good Email System</a> &nbsp; <a href="/testsender.html">(more...)</a> <a href="/TestSender">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Easy</strong><br />
Tell CheckTLS to watch for an email from you. When you send it, we watch it come in and analize everything that happens during the mail transfer.</p>
<p>We reply to your email telling you if your TLS is working and showing you details about your email security settings (SSL version, cipher, encryption, certificate, SPF, DKIM, DMARC).</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Show Protocols, Ciphers, and Vulnerabilities of an Email System</a> &nbsp; <a href="https://github.com/drwetter/testssl.sh#intro" target="_blank">(more...)</a> <a href="/TestReceiver?LEVEL=SSLPROBE">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Moderate</strong><br />
Probes for details using <a href="https://github.com/drwetter/testssl.sh" target="_blank">testssl.sh</a>. This test exercises the target server so takes a while and generates noticable traffic.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Check Your Email End-To-End, Both Send and Receive at Once</a> &nbsp; <a href="/aboutbatch.html#Thru">(more...)</a> <a href="https://www.checktls.com/BatchUpload?CUSTOMERCODE=mycode;CUSTOMERPASS=mypass;BATCHID=new;RUNNOW=Y;XML=%3CBatchTest%20TestType=%22thru%22%3E%3CTarget%3ECheckTLS-Reply@yourdomain%3C/Target%3E%3CDelivery%3E%3CTo%3Eyou@yourdomain%3C/To%3E%3CFormat%3Etext%3C/Format%3E%3C/Delivery%3E%3C/BatchTest%3E" target="_blank">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Moderate</strong><br />
This requires a corporate subscription to CheckTLS.</p>
<p>You make a forwarder in your email system that receives email from us and returns it to us. When you run a <a href="/aboutbatch.html#Thru">Thru BatchTest</a>, we watch and analyze both how your system receives email and how it sends email.</p>
<p>See <strong>Store Tests on CheckTLS</strong> below for a better way.</p>
The (run) link above will fail but does this:
<pre class="LinedPaper"><code>https://www.checktls.com/BatchUpload?
CUSTOMERCODE=mycode;
CUSTOMERPASS=mypass;
BATCHID=new;
RUNNOW=Y;
XML=
&lt;BatchTest TestType="thru"&gt;
&lt;Target&gt;CheckTLS-Reply@yourdomain&lt;/Target&gt;
&lt;Delivery&gt;
&lt;To&gt;you@yourdomain&lt;/To&gt;
&lt;Format&gt;text&lt;/Format&gt;
&lt;/Delivery&gt;
&lt;/BatchTest&gt;
</code></pre></div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Check Many Emails at Once</a> &nbsp; <a href="/aboutbatch.html">(more...)</a> <a href="/BatchEdit">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Easy</strong><br />
This requires a subscription to CheckTLS.</p>
<p>Fill in the New Batch (<a href="/BatchEdit?ACTION=EnterNewBatch"><span class="menuchoice">//email/edit saved tests:new</span></a>) screen as shown below, click Save, then click Run.</p>
<img class="boxshadow screenshot" src="/images/batchedit-new.png" alt="New Batch" /></div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Check If You Force Someone Else to Encrypt Messages to You</a> &nbsp; <a href="/aboutmandatorytls.html">(more...)</a> <a href="/TestReceiver?ASSURETLS">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Trivial</strong><br />
CheckTLS tries to trick your email system into accepting an email without TLS.</p>
<p>If your system is correctly configured to force the use of TLS, we will fail. We then try to send an email with TLS.</p>
<p>We watch and analyze everything that happens during the email transfers.</p>
<p>We give you an <em>Assuredness Factor</em>℠ of 100 if your system forced us to use TLS.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Check If You Force Message Encryption to Someone Else</a> &nbsp; <a href="/aboutmandatorytls.html">(more...)</a> <a href="/TestSender?ASSURETLS">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Easy</strong><br />
Tell CheckTLS to watch for an email from you. When you send it, we try to trick your email system into sending it without TLS.</p>
<p>If your system is correctly configured to force the use of TLS, we will fail.</p>
<p>We reply to your email telling you if you forced us to use TLS or not.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Test a Protected (Private) Email System</a> &nbsp; <a href="/testreceiver.html#FULL">(more...)</a> <a href="/TestReceiver?FULL">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Easy</strong><br />
CheckTLS can test email systems that:</p>
<ul>
<li>require authorization (i.e. userid and password or a client certificate),</li>
<li>do not have DNS MX (i.e. public Internet listings)</li>
<li>use non-standard ports (i.e. 465, 587)</li>
<li>require client certificates</li>
</ul>
<p></p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Store Tests on CheckTLS</a> &nbsp; <a href="/aboutbatch.html">(more...)</a> <a href="/BatchEdit">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Moderate</strong><br />
Corporate Subscribers can store any number of CheckTLS tests on our site. Stored tests can be run on-demand or on a schedule.</p>
<p>Store lists of addresses you want to test all at once, or schedule an end-to-end test of your email once a day. Several advanced features of our tests are only available via stored tests.</p>
<p>We can help you setup your first stored tests.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Monitor an Email Address or Email System</a> &nbsp; <a href="/aboutmonitor.html">(more...)</a> <a href="/Monitor">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Moderate</strong><br />
The results of stored tests can be accessed with our Monitor webservice.</p>
<p>This lets you include our tests into your site monitoring tools like Nagios, PTRG, or OpenView.</p>
<p>Monitor also shows if a failure is really in your email or in our site. Not that our site ever fails.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Meet Email Compliance Using Only CheckTLS</a> &nbsp; <a href="/compliance.html#verifiedtls">(more...)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Moderate</strong><br />
If you regularly verify that your email meets the current minimum requirements for HIPAA or PCI, you may satisfy your compliance requirements without any additional hardware or effort.</p>
<p>Use CheckTLS tests to verify your email meets your requirements. Store the tests on our site. Schedule them to run regularly.</p>
<p>File proof of your testing.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Put CheckTLS to Work for You</a> &nbsp; <a href="/aboutapi.html">(more...)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Hard</strong><br />
Many or our tests are available as webservices. These are just specially constructed URLs.</p>
<p>They let your computer(s) tell our site to run a test for you and return the results in computer-speak.</p>
<p>For example: add an email test to your new vendor on-boarding process.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Put CheckTLS on your WebSite or Intranet</a> &nbsp; <a href="/aboutembed.html">(more...)</a> <a href="/Embed">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Hard</strong><br />
Put a button on your web site that runs a CheckTLS test as if it were part of your site.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Work with Certificates</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Easy</strong><br /></p>
<ul>
<li><a href="/GenCert">Make an SSL certificate</a></li>
<li><a href="/ShowCert">Read any SSL certificate</a></li>
<li><a href="/GenCSR">Read any SSL certificate signing request (CSR)</a></li>
<li><a href="/showcas.html">Show the Certificate Authorities (CAs) we trust</a></li>
<li><a href="/showciphers.html">Show the Ciphers we know about</a></li>
</ul>
<p></p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Sniff Packets on the Internet</a> &nbsp; <a href="/watchconnect.html">(more...)</a> <a href="/WatchConnect">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Hard</strong><br />
This requires a corporate subscription to CheckTLS.</p>
<p>No, CheckTLS cannot sniff any packet on the Internet. But by inserting WatchConnect into an Internet connection, it can sniff your particular packets.</p>
<p>Change your client to connect to WatchConnect instead of your server. Instruct WatchConnect to answer and forward everything to your server.</p>
<p>WatchConnect can then capture everything coming both ways and show it to you.</p>
</div>
<a class="section-show-hide" onclick="fToggle_content(this)" title="click to open/close"><span>⊞</span> Test Any Internet Service</a> &nbsp; <a href="/testservice.html">(more...)</a> <a href="/TestService">(run)</a>
<div class="boxshadow hidden">
<p><strong>Degree of Difficulty: Hard</strong><br />
This requires a corporate subscription to CheckTLS.</p>
<p>Techs use telnet to test various services that listen to Internet ports.</p>
<p>The CheckTLS Protocol Analyzer (TestService, aka ScriptTelnet) executes stored telnet-like scripts. By scripting telnet, it is very easy to repeat a test, so you can make changes and try them over and over.</p>
</div>
</div>
</div>
<a class="anchor" name="LowerCosts" id="LowerCosts"></a>
<h4 class="center">OutSource Email Support to Us</h4>
<div class="auto-multi-column">
<p>We create a custom CheckTLS site that implements your security requirements. Your trading partners then work with <strong>us</strong> to meet <strong>your</strong> requirements.</p>
<p>We show them why their email does not meet your requirements, and we let them see the changes they make on their systems in real-time. All without bothering you.</p>
<p>Once they meet your requirements on the custom site, they and you know their email will work with your email and meet your email requirements.</p>
<p>Once you approve a trading partner, we will monitor that they stay compliant with your requirements. And we send error alerts to both them and you, so they and you know about problems sooner.</p>
<p>As your email security requirements change in the future, you can use the monitoring database on our system to do "what if" analysis over your list of trading partners. By adding the new security requirements to your custom site on CheckTLS before you implement them in production, you can give the trading partners the time and tools they need to meet your new requirements. And you can send specific instructions to the ones that need to take action based on your "what if" analysis.</p>
<p><a href="/ContactUs">Contact Us</a> for more information about a custom CheckTLS site (e.g. <span class="c4">www.OurBank.CheckTLS.com</span>).</p>
</div>
<h4 class="center">CheckTLS Offers</h4>
<div class="auto-multi-column">
<p><a href="#CommercialServices"><strong>Commercial Services</strong></a> are a very low cost solution for HIPAA compliance or other security mandates. No devices, no on-line services — just add verification and audit to your existing email systems!</p>
<p><strong>Email Tools</strong> are quick and easy tools to test email and email security, specifically TLS encryption.</p>
<p><strong>Cloud Tools</strong> are network "wire" tools that we have invented to work "in the cloud". Capture packets or analyze protocols out on the Internet.</p>
<p><strong><a href="/aboutapi.html">Web Service API</a></strong> lets you use CheckTLS in your own data processing.</p>
<p><strong><a href="/aboutembed.html">Embed API</a></strong> lets you put CheckTLS on your own intranet or public web site.</p>
<p>Much of our site is free for casual, non-commercial use.</p>
</div>
<a name="CommercialServices" id="CommercialServices"></a>
<h4 class="center">Commercial Services</h4>
<div class="auto-multi-column">
<h5>References</h5>
<p>We are part of the security policies and operations of some very large and prestigious financial institutions, health care systems, insurance companies, and law firms. Why? Two reasons: our tests work and we save them money!</p>
<h5>Secure Your Company Email</h5>
<p>You can use CheckTLS instead of expensive email appliances or on-line email services to meet internal security requirements, contractual security requirements, and government security requirements. One less moving part in your email chain and one less expense. <strong>Our tests are a very inexpensive answer to PHI (HIPAA/HITEST), PCI-DSS, PII, US NIST requirements.</strong></p>
<p>If you already have extra in-line or on-line email security, CheckTLS can verify they're working and monitor them to be sure they keep working. A few extra bucks a month to make sure all that sophisticated stuff is working.</p>
<h5>Protect Your Company from Your Business Partners</h5>
<p>Use CheckTLS to make sure your trading partners are secure enough to do business with you. As part of your new vendor and new customer process, verify that their email scores a <em>Confidence Factor</em>℠ of 90 or above on our <a href="/testreceiver.html">receiver</a> test.</p>
<h5>Broadly Applicable</h5>
<p>Whether you are a small shop that needs something simple and low cost, a medium business that needs to beef up security to meet increasing scrutiny by your trading partners, or an enterprise organization that wants some oversight of many security facets, CheckTLS can solve many of your security challenges faster, easier, and at significantly less cost.</p>
<h5>Noiseless</h5>
<p>Our tests are non-invasive, non-intrusive, and non-obtrusive. They require no changes to your or any other system. They cause no extra processing and should not trip any security alarms.</p>
<h5>Reliable</h5>
<p>Our tests are simple, open, and proven. For six years we have been doing over a million tests a year. We research all questionable results, and we welcome feedback and suggestions. You can turn up the detail and audit everything we do.</p>
<h5>Business Benefits</h5>
<ul>
<li>Email security at low cost, easy install, no risk</li>
<li>Safeguard "Protected" information: PHI, PCI, PII, etc.</li>
<li>Comply with HIPAA/HITECH, PCI-DSS, NIST</li>
<li>Monitor your email from the Internet</li>
<li>Add regular, independent verification to your Security Policy</li>
<li>No changes to your email: no devices or routing</li>
<li>Good first step into email security</li>
<li>Good next step no matter how advanced your security devices and services</li>
<li>Demonstrates effort and consideration of security</li>
<li>We can help with your security designs and documentation</li>
</ul>
<h5>Business Users Have Priority</h5>
<ul>
<li>Run tests faster and at a higher priority</li>
<li>Program multiple tests, save them, and run them on a schedule</li>
<li>Monitor CheckTLS <strong>and</strong> your email (fail-safe monitoring)</li>
<li>Add custom test and/or monitor icons on your desktop or your phone</li>
<li>Use the CheckTLS API to automate testing and interface with your IT</li>
<li>Receive unlimited support</li>
<li>Meet requirements for Protected Information (PHI, PCI, PII, NIST, etc.)</li>
<li>Assistance and sample language for HIPAA and other compliance</li>
</ul>
<p>Sleep better knowing someone else is watching over your email.</p>
</div>
<a name="test" id="test"></a>
<h4 class="center">Email and Cloud Tools</h4>
<div class="auto-multi-column">
<ul>
<li>See how you <a href="/testreceiver.html">receive email</a></li>
<li>See how you <a href="/testsender.html">send email</a></li>
<li>Audit our "score" of any address</li>
<li><a href="/aboutbatch.html">Watch</a> your email 24x7x365</li>
<li>Check that <a href="/aboutmandatorytls.html">Mandatory/Forced TLS</a> is working</li>
<li><a href="/GenCert">Create</a> or <a href="/ShowCert">show</a> SSL certificates</li>
<li><a href="/testservice.html">Analyze cloud services</a> besides email (HTTP/S, IMAP/S, POP/S, FTP/S, client/server)</li>
<li><a href="/watchconnect.html">Packet sniff Internet traffic</a> without access to the "wire"</li>
</ul>
</div>
</div>
<div id="index-menu">
<ul>
<li><a>email</a>
<ul>
<li><a href="/TestReceiver">test <span class="tooltiptext"></span>
<ul>
<li><span class="tooltiptext"></span></li>
test <span class="boldtofrom">From:</span></ul>
</a></li>
<li><a href="/TestReceiver?ASSURETLS">test Mandatory <span class="boldtofrom">To:</span></a></li>
<li><a href="/TestSender?ASSURETLS">test Mandatory <span class="boldtofrom">From:</span></a></li>
<li><a href="/BatchEdit">edit saved tests</a></li>
<li><a href="/BatchUpload">upload saved test</a></li>
<li><a href="/Monitor">monitor</a></li>
<li><a href="/solveemailproblems.html">solve email problems</a></li>
</ul>
</li>
<li><a>cloud</a>
<ul>
<li><a href="/TestService">protocol analyzer</a></li>
<li><a href="/WatchConnect">packet sniffer</a></li>
<li><a href="/Embed">embed</a></li>
<li><a href="/ShowCert">decode ssl cert</a></li>
<li><a href="/GenCert">free ssl csr + cert</a></li>
<li><a href="/ShowCSR">decode CSR</a></li>
<li><a href="/showcas.html">show our CA list</a></li>
<li><a href="/showciphers.html">show our Ciphers list</a></li>
</ul>
</li>
<li><a>help</a>
<ul>
<li><a href="/aboutbatch.html">saving tests</a></li>
<li><a href="/aboutmonitor.html">monitoring</a></li>
<li><a href="/aboutmandatorytls.html">Mandatory TLS</a></li>
<li><a href="/aboutus.html">about us</a></li>
<li><a href="/ContactUs">contact us</a></li>
<li><a href="/terms.html">terms of use</a></li>
<li><a href="/privacy.html">privacy policy</a></li>
<li><a href="/SiteMap">site map</a></li>
</ul>
</li>
<li><a>subscription</a>
<ul>
<li><a href="/Login">login</a></li>
<li><a href="/aboutsubscription.html">about</a></li>
<li><a href="/SubscriptionSignUp">signup</a></li>
<li><a href="/SubscriptionQuote">get Quote</a></li>
<li><a href="/SubscriptionSignUp?BUYNOW">one year</a></li>
</ul>
</li>
<li><a>faq</a></li>
</ul>
</div>
</div>
<div id="footer">
<p>Copyright © 2010-2018 SecurEmail, LLC. All Rights Reserved. Any use of this site is explicit agreement to <a href="/terms.html">Terms of Use</a> We welcome links to our site and any feedback: <a href="/ContactUs">Contact Us</a><br />
CheckTLS℠, ForceTLS℠, MonitorTLS℠, "Verified TLS"℠, and "Confidence Factor"℠ are Service Marks of SecurEmail, LLC.</p>
</div>
<script src="https://cse.google.com/cse.js?cx=007136676427385420238:hpkwvlq0s_q" type="text/javascript" async="async" defer="defer"></script>
<script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit" type="text/javascript" async="async" defer="defer"></script>
</body>
</html>

Warnings Errors and Accessibility

line 234 column 7 - Warning: inserting implicit <p>
line 310 column 7 - Warning: inserting implicit <p>
line 469 column 9 - Warning: inserting implicit <p>
line 568 column 9 - Warning: inserting implicit <p>
line 782 column 46 - Warning: missing </span> before <li>
line 782 column 17 - Warning: missing </a> before <li>
line 783 column 13 - Warning: inserting implicit <ul>
line 783 column 17 - Warning: inserting implicit <span>
line 783 column 17 - Warning: missing </span> before <a>
line 783 column 17 - Warning: discarding unexpected <a>
line 783 column 81 - Warning: discarding unexpected </a>
line 783 column 13 - Warning: missing </ul> before </li>
line 782 column 17 - Warning: missing </a>

Accessibility Checks:

line 76 column 12 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 90 column 12 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 103 column 12 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 120 column 12 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 140 column 12 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 143 column 12 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 148 column 11 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 158 column 13 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 319 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 335 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 351 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 365 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 398 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 414 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 434 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 452 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 471 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 490 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 508 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 524 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 541 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 554 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 570 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 591 column 7 - Access: [9.3.1.3]: <script> not keyboard accessible (onClick).
line 205 column 50 - Access: [6.1.1.3]: style sheets require testing (style attribute).
line 206 column 60 - Access: [6.1.1.3]: style sheets require testing (style attribute).
line 207 column 56 - Access: [6.1.1.3]: style sheets require testing (style attribute).
line 22 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 22 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 22 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 22 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 22 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 22 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 30 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 30 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 30 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 30 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 30 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 30 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 31 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 31 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 31 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 31 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 31 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 31 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 47 column 40 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 47 column 40 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 58 column 15 - Access: [13.1.1.1]: link text not meaningful.
line 73 column 11 - Access: [13.1.1.2]: link text missing.
line 76 column 12 - Access: [13.1.1.1]: link text not meaningful.
line 78 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 79 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 90 column 12 - Access: [13.1.1.1]: link text not meaningful.
line 94 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 103 column 12 - Access: [13.1.1.1]: link text not meaningful.
line 110 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 123 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 125 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 134 column 12 - Access: [13.1.1.1]: link text not meaningful.
line 154 column 13 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 197 column 5 - Access: [3.5.1.1]: headers improperly nested.
line 200 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 201 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 209 column 7 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 210 column 5 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 228 column 11 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 228 column 11 - Access: [12.4.1.1]: associate labels explicitly with form controls.
line 229 column 11 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 232 column 26 - Access: [10.1.1.2]: new windows require warning (_blank).
line 276 column 5 - Access: [13.1.1.2]: link text missing.
line 287 column 5 - Access: [10.1.1.2]: new windows require warning (_blank).
line 287 column 5 - Access: [13.1.1.1]: link text not meaningful.
line 287 column 77 - Access: [10.1.1.2]: new windows require warning (_blank).
line 288 column 37 - Access: [10.1.1.2]: new windows require warning (_blank).
line 291 column 1 - Access: [10.1.1.2]: new windows require warning (_blank).
line 299 column 5 - Access: [13.1.1.2]: link text missing.
line 324 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 340 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 355 column 7 - Access: [10.1.1.2]: new windows require warning (_blank).
line 356 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 361 column 26 - Access: [10.1.1.2]: new windows require warning (_blank).
line 370 column 7 - Access: [10.1.1.2]: new windows require warning (_blank).
line 370 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 403 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 412 column 1 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 413 column 7 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 419 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 439 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 457 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 476 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 495 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 546 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 575 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 596 column 7 - Access: [13.1.1.1]: link text not meaningful.
line 627 column 5 - Access: [13.1.1.2]: link text missing.
line 651 column 93 - Access: [11.2.1.10]: replace deprecated html <u>.
line 679 column 5 - Access: [13.1.1.2]: link text missing.
line 758 column 5 - Access: [13.1.1.2]: link text missing.
line 766 column 13 - Access: [13.1.1.1]: link text not meaningful.
line 768 column 46 - Access: [13.1.1.1]: link text not meaningful.
line 780 column 9 - Access: [13.1.1.1]: link text not meaningful.
line 782 column 17 - Access: [13.1.1.1]: link text not meaningful.
line 783 column 13 - Access: [3.6.1.4]: list usage invalid <li>.
line 796 column 9 - Access: [13.1.1.1]: link text not meaningful.
line 800 column 17 - Access: [13.1.1.1]: link text not meaningful.
line 809 column 9 - Access: [13.1.1.1]: link text not meaningful.
line 825 column 17 - Access: [13.1.1.1]: link text not meaningful.
line 827 column 17 - Access: [13.1.1.1]: link text not meaningful.
line 835 column 9 - Access: [13.1.1.1]: link text not meaningful.
line 857 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 857 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 857 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 857 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 857 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 857 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 858 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 858 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 858 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 858 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 858 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 858 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 36 column 3 - Warning: <link> proprietary attribute "color"
Info: Document content looks like HTML5
<HTMLYSE> found 14 warnings and 0 errors!