Further IP addresses: 2a02:750:7::817
A record via supplied IP "79.99.1.121"
rDNS (79.99.1.121): smtp.goto10.se.
Service detected: HTTP
SSL/TLS protocols
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 offered
TLS 1.2 offered (OK)
TLS 1.3 not offered -- downgraded
NPN/SPDY h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1 (offered)
SSL/TLS server implementation bugs
No bugs found.
Cipher categories
NULL ciphers (no encryption) not offered (OK) -- NULL:eNULL
Anonymous NULL Ciphers (no authentication) not offered (OK) -- aNULL:ADH
Export ciphers (w/o ADH+NULL) not offered (OK) -- EXPORT:!ADH:!NULL
LOW: 64 Bit + DES encryption (w/o export) not offered (OK) -- LOW:DES:!ADH:!EXP:!NULL
Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) not offered (OK) -- MEDIUM:!aNULL:!AES:!CAMELLIA:!ARIA:!CHACHA20:!3DES
Triple DES Ciphers (Medium) not offered (OK) -- 3DES:!aNULL:!ADH
High encryption (AES+Camellia, no AEAD) offered (OK) -- HIGH:!NULL:!aNULL:!DES:!3DES:!AESGCM:!CHACHA20:!AESGCM:!CamelliaGCM:!AESCCM8:!AESCCM
Strong encryption (AEAD ciphers) offered (OK) -- AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM
Robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
Elliptic curves offered: secp384r1
Server preferences
Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Cipher order
TLSv1.1: ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA
TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA
Server defaults (Server Hello)
TLS extensions (standard) "server name/#0" "renegotiation info/#65281"
"EC point formats/#11" "status request/#5"
"heartbeat/#15" "next protocol/#13172"
"application layer protocol negotiation/#16"
Session Ticket RFC 5077 hint (no lifetime advertised)
SSL Session ID support yes
Session Resumption Tickets: yes, ID: yes
TLS clock skew Random values, no fingerprinting possible
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial / Fingerprints 0447D9AFDB5C1D95A6B94C822F739724796D / SHA1 3FBBC28ABEFC6E16766AA6EFBE1C81953658D7C3
SHA256 E405A4BB7378F8C22689AFE0B593EF112CB5CD22F464698C609AFA3AE940658D
Common Name (CN) zonemaster.iis.se (CN in response to request w/o SNI: arkiv.internetmuseum.se)
subjectAltName (SAN) zonemaster.iis.se
Issuer Let's Encrypt Authority X3 (Let's Encrypt from US)
Trust (hostname) Ok via SAN and CN (SNI mandatory)
Chain of trust Ok
EV cert (experimental) no
Certificate Validity (UTC) 55 >= 30 days (2020-08-01 06:47 --> 2020-10-30 06:47)
# of certificates provided 2
Certificate Revocation List --
OCSP URI http://ocsp.int-x3.letsencrypt.org
OCSP stapling offered
OCSP must staple extension --
DNS CAA RR (experimental) available - please check for match with "Issuer" above
issue=amazon.com, issue=digicert.com,
issue=letsencrypt.org, issue=sectigo.com
Certificate Transparency yes (certificate extension)
HTTP header response @ "/"
HTTP Status Code 200 OK
HTTP clock skew +64 sec from localtime
Strict Transport Security 730 days=63072000 s, includeSubDomains
Public Key Pinning --
Server banner nginx/1.10.3 (Ubuntu)
Application banner --
Cookie(s) 1 issued: 1/1 secure, NOT HttpOnly
Security headers X-Frame-Options SAMEORIGIN
X-XSS-Protection 1; mode=block
Reverse Proxy banner X-Cache: EXPIRED
SSL/TLS vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), timed out
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
Can be ignored for static pages or if no secrets in the page
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=E405A4BB7378F8C22689AFE0B593EF112CB5CD22F464698C609AFA3AE940658D
could help you to find out
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no common primes detected
BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK)
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Tested 364 ciphers, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 384 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 384 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc014 ECDHE-RSA-AES256-SHA ECDH 384 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 384 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Ciphers per protocol, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
TLS 1.3
TLS 1.2
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 384 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 384 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
xc014 ECDHE-RSA-AES256-SHA ECDH 384 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x9f DHE-RSA-AES256-GCM-SHA384 DH 2048 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
x6b DHE-RSA-AES256-SHA256 DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 384 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
x9e DHE-RSA-AES128-GCM-SHA256 DH 2048 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS 1.1
xc014 ECDHE-RSA-AES256-SHA ECDH 384 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x39 DHE-RSA-AES256-SHA DH 2048 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS 1
SSLv3
SSLv2
Client simulations
Android 2.3.7 No connection
Android 4.0.4 No connection
Android 4.1.1 No connection
Android 4.2.2 No connection
Android 4.3 No connection
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Android 7.0 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Chrome 27 Win 7 TLSv1.1 ECDHE-RSA-AES256-SHA, 384 bit ECDH (P-384)
Chrome 28 Win 7 TLSv1.1 ECDHE-RSA-AES256-SHA, 384 bit ECDH (P-384)
Chrome 29 Win 7 TLSv1.1 ECDHE-RSA-AES256-SHA, 384 bit ECDH (P-384)
Chrome 30 Win 7 TLSv1.2 ECDHE-RSA-AES256-SHA, 384 bit ECDH (P-384)
Chrome 31 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 32 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 33 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 34 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 35 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 36 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 37 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 39 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 40 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 42 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 43 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 45 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 47 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 48 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 49 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 49 XP SP3 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 50 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Chrome 51 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Chrome 57 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Chrome 65 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Chrome 69 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Chrome 70 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Firefox 10.0.12 ESR Win 7 No connection
Firefox 17.0.7 ESR Win 7 No connection
Firefox 21 Fedora 19 No connection
Firefox 21 Win 7 No connection
Firefox 22 Win 7 No connection
Firefox 24.2.0 ESR Win 7 No connection
Firefox 24 Win 7 No connection
Firefox 26 Win 8 No connection
Firefox 27 Win 8 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 29 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 30 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 31.3.0 ESR Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 31 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 32 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 34 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 35 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 37 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 39 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 41 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 42 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 44 OS X TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 45 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 46 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 47 Win 7 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Firefox 49 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Firefox 49 XP SP3 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Firefox 53 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Firefox 59 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Firefox 62 Win 7 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
IE 6 XP No connection
IE 7 Vista No connection
IE 8-10 Win 7 No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 9 Win 7 No connection
IE 10 Win Phone 8.0 No connection
IE 11 Win 7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit DH
IE 11 Win 8.1 TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit DH
IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES256-SHA, 384 bit ECDH (P-384)
IE 11 Win Phone 8.1 Update TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit DH
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
IE 11 Win 10 Preview TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Edge 12 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Opera 12.15 Win 7 No connection
Opera 15 Win 7 TLSv1.1 ECDHE-RSA-AES256-SHA, 384 bit ECDH (P-384)
Opera 16 Win 7 TLSv1.1 ECDHE-RSA-AES256-SHA, 384 bit ECDH (P-384)
Opera 17 Win 7 TLSv1.2 ECDHE-RSA-AES256-SHA, 384 bit ECDH (P-384)
Safari 5.1.9 OS X 10.6.8 No connection
Safari 5 iOS 5.1.1 TLSv1.2 ECDHE-RSA-AES256-SHA384, 384 bit ECDH (P-384)
Safari 6.0.4 OS X 10.8.4 No connection
Safari 6 iOS 6.0.1 TLSv1.2 ECDHE-RSA-AES256-SHA384, 384 bit ECDH (P-384)
Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES256-SHA384, 384 bit ECDH (P-384)
Safari 7 OS X 10.9 TLSv1.2 ECDHE-RSA-AES256-SHA384, 384 bit ECDH (P-384)
Safari 8 iOS 8.0 Beta TLSv1.2 ECDHE-RSA-AES256-SHA384, 384 bit ECDH (P-384)
Safari 8 iOS 8.4 TLSv1.2 ECDHE-RSA-AES256-SHA384, 384 bit ECDH (P-384)
Safari 8 OS X 10.10 TLSv1.2 ECDHE-RSA-AES256-SHA384, 384 bit ECDH (P-384)
Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Safari 10 iOS 10 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Tor 17.0.9 Win 7 No connection
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Baidu Jan 2015 No connection
BingBot Dec 2013 No connection
BingPreview Dec 2013 No connection
BingPreview Jun 2014 No connection
BingPreview Jan 2015 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Googlebot Oct 2013 No connection
Googlebot Jun 2014 No connection
Googlebot Feb 2015 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Googlebot Feb 2018 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Yahoo Slurp Oct 2013 No connection
Yahoo Slurp Jun 2014 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Yahoo Slurp Jan 2015 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
YandexBot 3.0 No connection
YandexBot May 2014 No connection
YandexBot Sep 2014 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
YandexBot Jan 2015 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Java 6u45 No connection
Java 7u25 No connection
Java 8b132 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Java 8u111 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Java 8u161 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
Java 8u31 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384)
Java 9.0.4 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
OpenSSL 0.9.8y No connection
OpenSSL 1.0.1h TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)