From 610be9cf1762b50565eb3ca561f1a93e63fe044e Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Wed, 20 May 2015 18:02:01 -0400 Subject: [PATCH] record current TLS settings from my box --- tests/tls.py | 107 +++++++++++ tests/tls_results.txt | 411 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 518 insertions(+) create mode 100644 tests/tls.py create mode 100644 tests/tls_results.txt diff --git a/tests/tls.py b/tests/tls.py new file mode 100644 index 00000000..7eb7ee88 --- /dev/null +++ b/tests/tls.py @@ -0,0 +1,107 @@ +#!/usr/bin/python3 + +# Runs SSLyze on the TLS endpoints of a box and outputs +# the results so we can inspect the settings and compare +# against a known good version in tls_results.txt. +# +# Make sure you have SSLyze available: +# wget https://github.com/nabla-c0d3/sslyze/releases/download/release-0.11/sslyze-0_11-linux64.zip +# unzip sslyze-0_11-linux64.zip +# +# Then run: +# +# python3 tls.py yourservername +# +# If you are on a residential network that blocks outbound +# port 25 connections, then you can proxy the connections +# through some other host you can ssh into (maybe the box +# itself?): +# +# python3 --proxy user@ssh_host yourservername +# +# (This will launch "ssh -N -L10023:yourservername:testport user@ssh_host" +# to create a tunnel.) + +import sys, subprocess, re, time + +###################################################################### + +# PARSE COMMAND LINE + +proxy = None +args = list(sys.argv[1:]) +while len(args) > 0: + if args[0] == "--proxy": + args.pop(0) + proxy = args.pop(0) + break + +if len(args) == 0: + print("Usage: python3 tls.py [--proxy ssh_host] hostname") + sys.exit(0) + +host = args[0] + +###################################################################### + +SSLYZE = "sslyze-0_11-linux64/sslyze/sslyze.py" + +common_opts = ["--sslv2", "--sslv3", "--tlsv1", "--tlsv1_1", "--tlsv1_2", "--reneg", "--resum", + "--hide_rejected_ciphers", "--compression", "--heartbleed"] + +###################################################################### + +def sslyze(opts, port): + # Print header. + header = ("PORT %d" % port) + print(header) + print("-" * (len(header))) + + connection_string = host + ":" + str(port) + + # Proxy via SSH. + proxy_proc = None + if proxy: + connection_string = "localhost:10023" + proxy_proc = subprocess.Popen(["ssh", "-N", "-L10023:%s:%d" % (host, port), proxy]) + time.sleep(3) + + try: + # Execute SSLyze. + out = subprocess.check_output([SSLYZE] + common_opts + opts + [connection_string]) + out = out.decode("utf8") + + # Trim output to make better for storing in git. + if "SCAN RESULTS FOR" not in out: + # Failed. Just output the error. + out = re.sub("[\w\W]*CHECKING HOST\(S\) AVAILABILITY\n\s*-+\n", "", out) # chop off header that shows the host we queried + out = re.sub("[\w\W]*SCAN RESULTS FOR.*\n\s*-+\n", "", out) # chop off header that shows the host we queried + out = re.sub("SCAN COMPLETED IN .*", "", out) + out = out.rstrip(" \n-") + "\n" + + # Print. + print(out) + finally: + if proxy_proc: + proxy_proc.terminate() + try: + proxy_proc.wait(5) + except TimeoutExpired: + proxy_proc.kill() + +# Run SSLyze on various ports. + +# SMTP +sslyze(["--starttls=smtp"], 25) + +# SMTP Submission +sslyze(["--starttls=smtp"], 587) + +# HTTPS +sslyze(["--http_get", "--chrome_sha1", "--hsts"], 443) + +# IMAP +sslyze([], 993) + +# POP3 +sslyze([], 995) diff --git a/tests/tls_results.txt b/tests/tls_results.txt new file mode 100644 index 00000000..65976bf0 --- /dev/null +++ b/tests/tls_results.txt @@ -0,0 +1,411 @@ +PORT 25 +------- + + * Deflate Compression: + OK - Compression disabled + + * Session Renegotiation: + Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations + Secure Renegotiation: OK - Supported + + * OpenSSL Heartbleed: + OK - Not vulnerable to Heartbleed + + * Session Resumption: + With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts). + With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned. + + * SSLV2 Cipher Suites: + Server rejected all cipher suites. + + * TLSV1_2 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA256 DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-GCM-SHA384 DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA256 - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + AES256-GCM-SHA384 - 256 bits 250 2.0.0 Ok + ECDHE-RSA-RC4-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-GCM-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA256 DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-GCM-SHA256 DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + RC4-SHA - 128 bits 250 2.0.0 Ok + RC4-MD5 - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA256 - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + AES128-GCM-SHA256 - 128 bits 250 2.0.0 Ok + ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits 250 2.0.0 Ok + EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits 250 2.0.0 Ok + DES-CBC3-SHA - 112 bits 250 2.0.0 Ok + + * TLSV1_1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + ECDHE-RSA-RC4-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + RC4-SHA - 128 bits 250 2.0.0 Ok + RC4-MD5 - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits 250 2.0.0 Ok + EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits 250 2.0.0 Ok + DES-CBC3-SHA - 112 bits 250 2.0.0 Ok + + * SSLV3 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + ECDHE-RSA-RC4-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + RC4-SHA - 128 bits 250 2.0.0 Ok + RC4-MD5 - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits 250 2.0.0 Ok + EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits 250 2.0.0 Ok + DES-CBC3-SHA - 112 bits 250 2.0.0 Ok + + * TLSV1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + ECDHE-RSA-RC4-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + RC4-SHA - 128 bits 250 2.0.0 Ok + RC4-MD5 - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits 250 2.0.0 Ok + EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits 250 2.0.0 Ok + DES-CBC3-SHA - 112 bits 250 2.0.0 Ok + +PORT 587 +-------- + + * Deflate Compression: + OK - Compression disabled + + * Session Renegotiation: + Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations + Secure Renegotiation: OK - Supported + + * OpenSSL Heartbleed: + OK - Not vulnerable to Heartbleed + + * Session Resumption: + With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts). + With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned. + + * SSLV2 Cipher Suites: + Server rejected all cipher suites. + + * TLSV1_2 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA256 DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-GCM-SHA384 DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA256 - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + AES256-GCM-SHA384 - 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-GCM-SHA256 ECDH-256 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA256 DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-GCM-SHA256 DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA256 - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + AES128-GCM-SHA256 - 128 bits 250 2.0.0 Ok + + * TLSV1_1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + + * SSLV3 Cipher Suites: + Server rejected all cipher suites. + + * TLSV1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + Accepted: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + DHE-RSA-AES256-SHA DH-2048 bits 256 bits 250 2.0.0 Ok + CAMELLIA256-SHA - 256 bits 250 2.0.0 Ok + AES256-SHA - 256 bits 250 2.0.0 Ok + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits 250 2.0.0 Ok + DHE-RSA-SEED-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + DHE-RSA-AES128-SHA DH-2048 bits 128 bits 250 2.0.0 Ok + SEED-SHA - 128 bits 250 2.0.0 Ok + CAMELLIA128-SHA - 128 bits 250 2.0.0 Ok + AES128-SHA - 128 bits 250 2.0.0 Ok + +PORT 443 +-------- + + * Deflate Compression: + OK - Compression disabled + + * Session Renegotiation: + Client-initiated Renegotiations: OK - Rejected + Secure Renegotiation: OK - Supported + + * HTTP Strict Transport Security: + OK - HSTS header received: max-age=31536000 + + * OpenSSL Heartbleed: + OK - Not vulnerable to Heartbleed + + * Session Resumption: + With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts). + With TLS Session Tickets: OK - Supported + + * Google Chrome SHA-1 Deprecation Status: + OK - Leaf certificate expires before 2016. + + * SSLV2 Cipher Suites: + Server rejected all cipher suites. + + * TLSV1_2 Cipher Suites: + Preferred: + ECDHE-RSA-AES128-GCM-SHA256 ECDH-256 bits 128 bits HTTP 200 OK + Accepted: + ECDHE-RSA-AES256-SHA384 ECDH-256 bits 256 bits HTTP 200 OK + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits HTTP 200 OK + ECDHE-RSA-AES256-GCM-SHA384 ECDH-256 bits 256 bits HTTP 200 OK + DHE-RSA-AES256-SHA256 DH-2048 bits 256 bits HTTP 200 OK + DHE-RSA-AES256-SHA DH-2048 bits 256 bits HTTP 200 OK + DHE-RSA-AES256-GCM-SHA384 DH-2048 bits 256 bits HTTP 200 OK + ECDHE-RSA-AES128-SHA256 ECDH-256 bits 128 bits HTTP 200 OK + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK + ECDHE-RSA-AES128-GCM-SHA256 ECDH-256 bits 128 bits HTTP 200 OK + DHE-RSA-AES128-SHA256 DH-2048 bits 128 bits HTTP 200 OK + DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK + DHE-RSA-AES128-GCM-SHA256 DH-2048 bits 128 bits HTTP 200 OK + DES-CBC3-SHA - 112 bits HTTP 200 OK + + * TLSV1_1 Cipher Suites: + Preferred: + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK + Accepted: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits HTTP 200 OK + DHE-RSA-AES256-SHA DH-2048 bits 256 bits HTTP 200 OK + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK + DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK + DES-CBC3-SHA - 112 bits HTTP 200 OK + + * SSLV3 Cipher Suites: + Server rejected all cipher suites. + + * TLSV1 Cipher Suites: + Preferred: + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK + Accepted: + ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits HTTP 200 OK + DHE-RSA-AES256-SHA DH-2048 bits 256 bits HTTP 200 OK + ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits HTTP 200 OK + DHE-RSA-AES128-SHA DH-2048 bits 128 bits HTTP 200 OK + DES-CBC3-SHA - 112 bits HTTP 200 OK + +PORT 993 +-------- + + * Deflate Compression: + OK - Compression disabled + +Unhandled exception when processing --reneg: +_nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected record + + * OpenSSL Heartbleed: + OK - Not vulnerable to Heartbleed + + * SSLV2 Cipher Suites: + Server rejected all cipher suites. + + * Session Resumption: + With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts). + With TLS Session Tickets: NOT SUPPORTED - TLS ticket assigned but not accepted. + + * TLSV1_2 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + Accepted: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits + DHE-RSA-AES256-SHA DH-1024 bits 256 bits + CAMELLIA256-SHA - 256 bits + AES256-SHA - 256 bits + ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits + DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits + DHE-RSA-AES128-SHA DH-1024 bits 128 bits + CAMELLIA128-SHA - 128 bits + AES128-SHA - 128 bits + + * TLSV1_1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + Accepted: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits + DHE-RSA-AES256-SHA DH-1024 bits 256 bits + CAMELLIA256-SHA - 256 bits + AES256-SHA - 256 bits + ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits + DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits + DHE-RSA-AES128-SHA DH-1024 bits 128 bits + CAMELLIA128-SHA - 128 bits + AES128-SHA - 128 bits + + * SSLV3 Cipher Suites: + Server rejected all cipher suites. + + * TLSV1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + Accepted: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits + DHE-RSA-AES256-SHA DH-1024 bits 256 bits + CAMELLIA256-SHA - 256 bits + AES256-SHA - 256 bits + ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits + DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits + DHE-RSA-AES128-SHA DH-1024 bits 128 bits + CAMELLIA128-SHA - 128 bits + AES128-SHA - 128 bits + +PORT 995 +-------- + + * Deflate Compression: + OK - Compression disabled + +Unhandled exception when processing --reneg: +_nassl.OpenSSLError - error:140940F5:SSL routines:ssl3_read_bytes:unexpected record + + * OpenSSL Heartbleed: + OK - Not vulnerable to Heartbleed + + * SSLV2 Cipher Suites: + Server rejected all cipher suites. + + * Session Resumption: + With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts). + With TLS Session Tickets: NOT SUPPORTED - TLS ticket assigned but not accepted. + + * TLSV1_2 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + Accepted: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits + DHE-RSA-AES256-SHA DH-1024 bits 256 bits + CAMELLIA256-SHA - 256 bits + AES256-SHA - 256 bits + ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits + DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits + DHE-RSA-AES128-SHA DH-1024 bits 128 bits + CAMELLIA128-SHA - 128 bits + AES128-SHA - 128 bits + + * TLSV1_1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + Accepted: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits + DHE-RSA-AES256-SHA DH-1024 bits 256 bits + CAMELLIA256-SHA - 256 bits + AES256-SHA - 256 bits + ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits + DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits + DHE-RSA-AES128-SHA DH-1024 bits 128 bits + CAMELLIA128-SHA - 128 bits + AES128-SHA - 128 bits + + * SSLV3 Cipher Suites: + Server rejected all cipher suites. + + * TLSV1 Cipher Suites: + Preferred: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + Accepted: + ECDHE-RSA-AES256-SHA ECDH-384 bits 256 bits + DHE-RSA-CAMELLIA256-SHA DH-1024 bits 256 bits + DHE-RSA-AES256-SHA DH-1024 bits 256 bits + CAMELLIA256-SHA - 256 bits + AES256-SHA - 256 bits + ECDHE-RSA-AES128-SHA ECDH-384 bits 128 bits + DHE-RSA-CAMELLIA128-SHA DH-1024 bits 128 bits + DHE-RSA-AES128-SHA DH-1024 bits 128 bits + CAMELLIA128-SHA - 128 bits + AES128-SHA - 128 bits +