www.htmlyse.com - Home

Test DNS, SSL/TLS, HTTP and HTML

Test results for howsmyssl.com

Scanned on: Fri Apr 29 07:56:21 2022 GMT. Tested in 700 seconds

DNS Report

DNSSEC                 not offered
Zone transfer (AXFR)   not allowed (OK)
CAA Record             not offered
SPF Record             not offered
DMARC Record           not offered
MTA-STS                not offered
TLSRPT Record          not offered

Raw DNS Records

Name TTL Type Data
howsmyssl.com 21600 SOA ns-cloud-b1.googledomains.com cloud-dns-hostmaster @ google.com 45 21600 3600 259200 300
howsmyssl.com 21600 NS ns-cloud-b1.googledomains.com
howsmyssl.com 21600 NS ns-cloud-b2.googledomains.com
howsmyssl.com 21600 NS ns-cloud-b3.googledomains.com
howsmyssl.com 21600 NS ns-cloud-b4.googledomains.com
mta-sts.howsmyssl.com 900 A 34.71.45.200
www.howsmyssl.com 900 A 34.71.45.200
www.howsmyssl.com 3600 CNAME howsmyssl.com

SSL/TLS Report

 A record via            supplied IP "34.71.45.200"
 rDNS (34.71.45.200):    200.45.71.34.bc.googleusercontent.com.
 Service detected:       HTTP


 SSL/TLS protocols 
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 TLS 1.3    not offered -- downgraded
 NPN/SPDY   https (advertised)
 ALPN/HTTP2 not offered

 SSL/TLS server implementation bugs 

 No bugs found.

 Cipher categories 

 NULL ciphers (no encryption)                  not offered (OK) -- NULL:eNULL
 Anonymous NULL Ciphers (no authentication)    not offered (OK) -- aNULL:ADH
 Export ciphers (w/o ADH+NULL)                 not offered (OK) -- EXPORT:!ADH:!NULL
 LOW: 64 Bit + DES encryption (w/o export)     not offered (OK) -- LOW:DES:!ADH:!EXP:!NULL
 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    offered (NOT ok) -- MEDIUM:!aNULL:!AES:!CAMELLIA:!ARIA:!CHACHA20:!3DES
 Triple DES Ciphers (Medium)                   not offered (OK) -- 3DES:!aNULL:!ADH
 High encryption (AES+Camellia, no AEAD)       offered (OK) -- HIGH:!NULL:!aNULL:!DES:!3DES:!AESGCM:!CHACHA20:!AESGCM:!CamelliaGCM:!AESCCM8:!AESCCM
 Strong encryption (AEAD ciphers)              offered (OK) -- AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM


 Robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 

 PFS is offered (OK)          ECDHE-ECDSA-AES256-GCM-SHA384 
                              ECDHE-ECDSA-AES256-SHA 
                              ECDHE-ECDSA-CHACHA20-POLY1305 
                              ECDHE-ECDSA-AES128-GCM-SHA256 
                              ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA 
 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 


 Server preferences 

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.2
 Negotiated cipher            ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Cipher order
    TLSv1:     ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-AES128-SHA 
               ECDHE-ECDSA-AES256-SHA 
    TLSv1.1:   ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-AES128-SHA 
               ECDHE-ECDSA-AES256-SHA 
    TLSv1.2:   ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 
               ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-RC4-SHA 
               ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES128-SHA256 
               ECDHE-ECDSA-AES256-SHA 


 Server defaults (Server Hello) 

 TLS extensions (standard)    "next protocol/#13172" "session ticket/#35"
                              "renegotiation info/#65281"
 Session Ticket RFC 5077 hint (no lifetime advertised)
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: no
 TLS clock skew               Random values, no fingerprinting possible 
 Signature Algorithm          SHA256 with RSA
 Server key size              EC 256 bits
 Server key usage             Digital Signature
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial / Fingerprints        0301424392AF55EE9FF3222525EE6ED3CCA3 / SHA1 1B018B0FFAAFA8924352E9972429B3A7C3F9AF34
                              SHA256 AF87063D122C3AD88E4A19242C77B90A120F6B81CA89C487958CDDD3199967BF
 Common Name (CN)             www.howsmyssl.com
 subjectAltName (SAN)         howsmyssl.com howsmytls.com www.howsmyssl.com
                              www.howsmytls.com 
 Issuer                       R3 (Let's Encrypt from US)
 Trust (hostname)             Ok via SAN (same w/o SNI)
 Chain of trust               NOT ok (expired)
 EV cert (experimental)       no 
 Certificate Validity (UTC)   66 >= 60 days (2022-04-06 03:09 --> 2022-07-05 03:09)
 # of certificates provided   3
 Certificate Revocation List  --
 OCSP URI                     http://r3.o.lencr.org
 OCSP stapling                not offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    not offered
 Certificate Transparency     yes (certificate extension)


 HTTP header response @ "/" 

 HTTP Status Code             301 Moved Permanently, redirecting to "https://www.howsmyssl.com/"
 HTTP clock skew              +86 sec from localtime
 Strict Transport Security    7304 days=631138519 s, includeSubDomains, preload
 Public Key Pinning           --
 Server banner                (no "Server" line in header, interesting!)
 Application banner           --
 Cookie(s)                    (none issued at "/") -- maybe better try target URL of 30x
 Security headers             --
 Reverse Proxy banner         --


 SSL/TLS vulnerabilities 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
 BEAST (CVE-2011-3389)                     TLS1: ECDHE-ECDSA-AES128-SHA
                                                 ECDHE-ECDSA-AES256-SHA 
                                           VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)
 LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
 RC4 (CVE-2013-2566, CVE-2015-2808)        VULNERABLE (NOT ok): ECDHE-ECDSA-RC4-SHA 


 Tested 364 ciphers, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 256   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            
 xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               
 xc007   ECDHE-ECDSA-RC4-SHA               ECDH 256   RC4         128      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA                   


 Ciphers per protocol, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
TLS 1.3  
TLS 1.2  
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 256   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 256   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            
 xc023   ECDHE-ECDSA-AES128-SHA256         ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               
 xc007   ECDHE-ECDSA-RC4-SHA               ECDH 256   RC4         128      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA                   
TLS 1.1  
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 256   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               
 xc007   ECDHE-ECDSA-RC4-SHA               ECDH 256   RC4         128      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA                   
TLS 1  
 xc00a   ECDHE-ECDSA-AES256-SHA            ECDH 256   AES         256      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               
 xc009   ECDHE-ECDSA-AES128-SHA            ECDH 256   AES         128      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               
 xc007   ECDHE-ECDSA-RC4-SHA               ECDH 256   RC4         128      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA                   
SSLv3  
SSLv2  

 Client simulations 

 Android 2.3.7                No connection
 Android 4.0.4                TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Android 4.1.1                TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Android 4.2.2                TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Android 4.3                  TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Android 4.4.2                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 5.0.0                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 6.0                  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Chrome 27 Win 7              TLSv1.1 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Chrome 28 Win 7              TLSv1.1 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Chrome 29 Win 7              TLSv1.1 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Chrome 30 Win 7              TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Chrome 31 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 32 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 33 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 34 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 35 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 36 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 37 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 39 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 40 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 42 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 43 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 45 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 47 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 48 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 49 Win 7              TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 256 bit ECDH (P-256)
 Chrome 49 XP SP3             No connection
 Chrome 50 Win 7              TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Chrome 51 Win 7              TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Chrome 57 Win 7              TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Chrome 65 Win 7              TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Chrome 69 Win 7              TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Chrome 70 Win 10             TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Firefox 10.0.12 ESR Win 7    TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Firefox 17.0.7 ESR Win 7     TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Firefox 21 Fedora 19         No connection
 Firefox 21 Win 7             TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Firefox 22 Win 7             TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Firefox 24.2.0 ESR Win 7     TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Firefox 24 Win 7             TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Firefox 26 Win 8             TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Firefox 27 Win 8             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 29 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 30 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31.3.0 ESR Win 7     TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 32 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 34 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 35 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 37 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 39 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 41 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 42 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 44 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 45 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 46 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 47 Win 7             TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 256 bit ECDH (P-256)
 Firefox 49 Win 7             TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 256 bit ECDH (P-256)
 Firefox 49 XP SP3            TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 256 bit ECDH (P-256)
 Firefox 53 Win 7             TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Firefox 59 Win 7             TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Firefox 62 Win 7             TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 IE 6 XP                      No connection
 IE 7 Vista                   TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
 IE 8-10 Win 7                TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
 IE 8 Win 7                   TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
 IE 8 XP                      No connection
 IE 9 Win 7                   TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
 IE 10 Win Phone 8.0          TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
 IE 11 Win 7                  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 8.1                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1          TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1 Update   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 10                 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 10 Preview         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 12 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 13 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Opera 12.15 Win 7            No connection
 Opera 15 Win 7               TLSv1.1 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Opera 16 Win 7               TLSv1.1 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Opera 17 Win 7               TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 5.1.9 OS X 10.6.8     TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 5 iOS 5.1.1           TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 6.0.4 OS X 10.8.4     TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 6 iOS 6.0.1           TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 7 iOS 7.1             TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 7 OS X 10.9           TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 8 iOS 8.0 Beta        TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 8 iOS 8.4             TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 8 OS X 10.10          TLSv1.2 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Safari 9 iOS 9               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 10 iOS 10             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Tor 17.0.9 Win 7             TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Apple ATS 9 iOS 9            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Baidu Jan 2015               TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 BingBot Dec 2013             TLSv1.0 ECDHE-ECDSA-AES128-SHA, 256 bit ECDH (P-256)
 BingPreview Dec 2013         No connection
 BingPreview Jun 2014         No connection
 BingPreview Jan 2015         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Googlebot Oct 2013           TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Googlebot Jun 2014           TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Googlebot Feb 2015           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Googlebot Feb 2018           TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Yahoo Slurp Oct 2013         TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Yahoo Slurp Jun 2014         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Yahoo Slurp Jan 2015         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 YandexBot 3.0                No connection
 YandexBot May 2014           No connection
 YandexBot Sep 2014           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 YandexBot Jan 2015           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 6u45                    No connection
 Java 7u25                    TLSv1.0 ECDHE-ECDSA-RC4-SHA, 256 bit ECDH (P-256)
 Java 8b132                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u111                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u161                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u31                    TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 0.9.8y               No connection
 OpenSSL 1.0.1h               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)

Security HTTP Headers

HTTP Strict Transport Security (HSTS)   offered (OK)
Content Security Policy (CSP)           not offered (NOT ok)
X-Frame-Options                         not offered (NOT ok)
X-XSS-Protection                        not offered
X-Content-Type-Options                  not offered
Expect-CT                               not offered
Referrer Policy                         not offered
Feature Policy                          not offered
Web Server Version Disclosure           not offered (OK)
Web Application Disclosure              not offered (OK)
HTTP Public Key Pins (HPKP)             not offered, deprecated

Connection Performance
Keep Alive Connection                   not offered
Content Encoding (Compression)          not offered

Raw HTTP Headers

HTTP/1.1 200 OK
Access-Control-Allow-Origin *
Connection close
Content-Length 15978
Content-Type text/html;charset=utf-8
Date Fri, 29 Apr 2022 07:51:12 GMT
Strict-Transport-Security max-age=631138519; includeSubdomains; preload

Cleaned HTML

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>How's My SSL?</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<script>
<![CDATA[
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-46659537-1', 'howsmyssl.com');
ga('send', 'pageview');

]]>
</script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous" />
<script src="https://code.jquery.com/jquery-2.2.4.min.js" integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<style type="text/css">
/*<![CDATA[*/
body {
padding-top: 60px;
padding-bottom: 40px;
}

.hero-unit-okay {
color: #1B9E77;
}

.hero-unit-improvable {
color: #7570B3;
}

.hero-unit-bad {
color: #D95F02;
}

@media screen and (max-width: 480px) {
.hero-unit h1 { font-size: 35px; }
}

.okay {
background-color: #1B9E77;
font-size: 1em;
}

.improvable {
background-color: #7570B3;
font-size: 1em;
}

.bad {
background-color: #D95F02;
font-size: 1em;
}

footer {
margin-bottom: 500px;
}

.container .credit {
margin: 20px 0;
}
/*]]>*/
</style>
</head>
<body>
<div class="navbar navbar-default navbar-fixed-top container-fluid">
<div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span></button> <a class="navbar-brand" href="/">How's My SSL?</a></div>
<div id="navbar" class="collapse navbar-collapse">
<ul class="nav navbar-nav">
<li class="active"><a href="/">Home</a></li>
<li><a href="/s/about.html">About</a></li>
<li><a href="/s/api.html">API</a></li>
</ul>
</div>
</div>
<div class="container-fluid">
<div class="row col-sm-offset-1 col-sm-9">
<div class="jumbotron">
<h1>Your SSL client is</h1>
<h1><span class="hero-unit-bad">Bad</span>.</h1>
<p>Check out the sections below for information about the SSL/TLS client you used to render this page.</p>
<p><small>Yeah, we <a href="/s/about.html#tls-vs-ssl">really mean "TLS"</a>, not "SSL".</small></p>
</div>
<div class="row">
<div class="col-sm-4">
<h2>Version</h2>
<p><span class="label okay">Good</span> Your client is using TLS 1.3, the most modern version of the encryption protocol. It gives you access to the fastest, most secure encryption possible on the web.</p>
<p><a href="/s/about.html/#version">Learn More</a></p>
</div>
<div class="col-sm-4">
<h2>Ephemeral Key Support</h2>
<p><span class="label okay">Good</span> Ephemeral keys are used in some of the cipher suites your client supports. This means your client may be used to provide <a href="https://en.wikipedia.org/wiki/Forward_secrecy">forward secrecy</a> if the server supports it. This greatly increases your protection against snoopers, including global passive adversaries who scoop up large amounts of encrypted traffic and store them until their attacks (or their computers) improve.</p>
<p><a href="/s/about.html/#ephemeral-key-support">Learn More</a></p>
</div>
<div class="col-sm-4">
<h2>Session Ticket Support</h2>
<p><span class="label okay">Good</span> Session tickets are supported in your client. Services you use will be able to scale out their TLS connections more easily with this feature.</p>
<p><a href="/s/about.html/#session-ticket-support">Learn More</a></p>
</div>
</div>
<div class="row">
<div class="col-sm-4">
<h2>TLS Compression</h2>
<p><span class="label okay">Good</span> Your TLS client does not attempt to compress the settings that encrypt your connection, avoiding information leaks from the <a href="https://en.wikipedia.org/wiki/CRIME_%28security_exploit%29">CRIME attack</a>.</p>
<p><a href="/s/about.html/#tls-compression">Learn More</a></p>
</div>
<div class="col-sm-4">
<h2>BEAST Vulnerability</h2>
<p><span class="label okay">Good</span> Your client is not vulnerable to the <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack">BEAST attack</a> because it's using a TLS protocol newer than TLS 1.0. The BEAST attack is only possible against clients using TLS 1.0 or earlier using <a href="https://en.wikipedia.org/wiki/Cipher_block_chaining#Cipher-block_chaining_.28CBC.29">Cipher-Block Chaining</a> cipher suites that do not implement the 1/n-1 record splitting mitigation.</p>
<p><a href="/s/about.html/#beast-vulnerability">Learn More</a></p>
</div>
<div class="col-sm-4">
<h2>Insecure Cipher Suites</h2>
<p><span class="label bad">Bad</span> Your client supports cipher suites that are known to be insecure:</p>
<ul>
<li>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.</li>
<li>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.</li>
<li>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.</li>
<li>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: This cipher suite uses RC4 which has insecure biases in its output.</li>
<li>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: This cipher suite uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order.</li>
<li>TLS_ECDHE_RSA_WITH_RC4_128_SHA: This cipher suite uses RC4 which has insecure biases in its output.</li>
<li>TLS_RSA_WITH_RC4_128_SHA: This cipher suite uses RC4 which has insecure biases in its output.</li>
</ul>
<p><a href="/s/about.html/#insecure-cipher-suites">Learn More</a></p>
</div>
</div>
<div class="row col-sm-4">
<h2>Given Cipher Suites</h2>
<p>The cipher suites your client said it supports, in the order it sent them, are:</p>
<ul>
<li>TLS_AES_256_GCM_SHA384</li>
<li>TLS_CHACHA20_POLY1305_SHA256</li>
<li>TLS_AES_128_GCM_SHA256</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</li>
<li>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</li>
<li>TLS_DHE_DSS_WITH_AES_256_GCM_SHA384</li>
<li>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</li>
<li>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</li>
<li>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</li>
<li>TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_256_CCM</li>
<li>TLS_DHE_RSA_WITH_AES_256_CCM_8</li>
<li>TLS_DHE_RSA_WITH_AES_256_CCM</li>
<li>TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384</li>
<li>TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384</li>
<li>TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384</li>
<li>TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</li>
<li>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</li>
<li>TLS_DHE_DSS_WITH_AES_128_GCM_SHA256</li>
<li>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_128_CCM</li>
<li>TLS_DHE_RSA_WITH_AES_128_CCM_8</li>
<li>TLS_DHE_RSA_WITH_AES_128_CCM</li>
<li>TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256</li>
<li>TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256</li>
<li>TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256</li>
<li>TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</li>
<li>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</li>
<li>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</li>
<li>TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</li>
<li>TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384</li>
<li>TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384</li>
<li>TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256</li>
<li>TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</li>
<li>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</li>
<li>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</li>
<li>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</li>
<li>TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256</li>
<li>TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256</li>
<li>TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256</li>
<li>TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</li>
<li>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</li>
<li>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</li>
<li>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</li>
<li>TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA</li>
<li>TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA</li>
<li>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</li>
<li>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</li>
<li>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</li>
<li>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</li>
<li>TLS_DHE_RSA_WITH_SEED_CBC_SHA</li>
<li>TLS_DHE_DSS_WITH_SEED_CBC_SHA</li>
<li>TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA</li>
<li>TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA</li>
<li>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</li>
<li>TLS_ECDHE_RSA_WITH_RC4_128_SHA</li>
<li>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</li>
<li>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</li>
<li>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</li>
<li>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</li>
<li>TLS_RSA_WITH_AES_256_GCM_SHA384</li>
<li>TLS_RSA_WITH_AES_256_CCM_8</li>
<li>TLS_RSA_WITH_AES_256_CCM</li>
<li>TLS_RSA_WITH_ARIA_256_GCM_SHA384</li>
<li>TLS_RSA_WITH_AES_128_GCM_SHA256</li>
<li>TLS_RSA_WITH_AES_128_CCM_8</li>
<li>TLS_RSA_WITH_AES_128_CCM</li>
<li>TLS_RSA_WITH_ARIA_128_GCM_SHA256</li>
<li>TLS_RSA_WITH_AES_256_CBC_SHA256</li>
<li>TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256</li>
<li>TLS_RSA_WITH_AES_128_CBC_SHA256</li>
<li>TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256</li>
<li>TLS_RSA_WITH_AES_256_CBC_SHA</li>
<li>TLS_RSA_WITH_CAMELLIA_256_CBC_SHA</li>
<li>TLS_RSA_WITH_AES_128_CBC_SHA</li>
<li>TLS_RSA_WITH_SEED_CBC_SHA</li>
<li>TLS_RSA_WITH_CAMELLIA_128_CBC_SHA</li>
<li>TLS_RSA_WITH_IDEA_CBC_SHA</li>
<li>TLS_RSA_WITH_RC4_128_SHA</li>
<li>TLS_RSA_WITH_3DES_EDE_CBC_SHA</li>
<li>TLS_EMPTY_RENEGOTIATION_INFO_SCSV</li>
</ul>
<p><a href="/s/about.html/#given-cipher-suites">Learn More</a></p>
</div>
</div>
<div class="row col-sm-offset-1 col-sm-12">
<h4>Want use the How's My SSL API on your site? <a href="https://subscriptions.howsmyssl.com">Purchase a subscription</a>!</h4>
</div>
<div class="row col-sm-offset-1 col-sm-12">Built by <a href="https://www.darkishgreen.com">Darkish Green</a>.</div>
</div>
</body>
</html>

Warnings Errors and Accessibility


Accessibility Checks:

line 2 column 1 - Access: [4.3.1.1]: language not identified.
line 9 column 5 - Access: [6.2.2.2]: text equivalents require updating (script).
line 9 column 5 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 9 column 5 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 9 column 5 - Access: [7.1.1.1]: remove flicker (script).
line 9 column 5 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 9 column 5 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 22 column 5 - Access: [6.2.2.2]: text equivalents require updating (script).
line 22 column 5 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 22 column 5 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 22 column 5 - Access: [7.1.1.1]: remove flicker (script).
line 22 column 5 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 22 column 5 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 27 column 5 - Access: [6.2.2.2]: text equivalents require updating (script).
line 27 column 5 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 27 column 5 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 27 column 5 - Access: [7.1.1.1]: remove flicker (script).
line 27 column 5 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 27 column 5 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 29 column 5 - Access: [6.1.1.2]: style sheets require testing (style element).
line 90 column 32 - Access: [13.1.1.1]: link text not meaningful.
line 91 column 17 - Access: [13.1.1.1]: link text not meaningful.
line 92 column 17 - Access: [13.1.1.1]: link text not meaningful.
Info: Document content looks like HTML5
No warnings or errors were found.