Verified Commit 66531bca authored by Elger Jonker's avatar Elger Jonker Committed by Johan Bloemberg

TLS scanner progress, scanning all except revocation, drown and (wip) cert chain

parent bd09251c
......@@ -736,8 +736,8 @@ DetermineRatings.rate_organization(o)
"F": 1000,
"D": 400,
"I": 200,
"C": 200,
"B": 100,
"C": 100,
"B": 50,
"A-": 0,
"A": 0,
"A+": 0,
......
......@@ -8,7 +8,6 @@ from django.core.management.base import BaseCommand
from failmap_admin.map.determineratings import DetermineRatings
from failmap_admin.scanners.models import Endpoint
from failmap_admin.organizations.models import Organization, Url
from failmap_admin.scanners.scanner_dns import ScannerDns
from failmap_admin.scanners.state_manager import StateManager
from failmap_admin.scanners.scanner_security_headers import scan_all_urls_celery, scan_headers
......@@ -19,9 +18,30 @@ class Command(BaseCommand):
help = 'Development command'
def handle(self, *args, **options):
Command.develop_celery()
Command.test_sslscan_real()
# Command.test_determine_grade()
# Command.develop_sslscan()
# Command.develop_celery()
# Command.develop_celery_advanced()
Command.develop_celery_test_async_tasks()
# Command.develop_celery_test_async_tasks()
@staticmethod
def develop_sslscan():
from failmap_admin.scanners.scanner_tls import scan_url
url = Url.objects.all().filter(url='www.ibdgemeenten.nl').get()
scan_url(url)
url = Url.objects.all().filter(url='www.amersfoort.nl').get()
scan_url(url)
@staticmethod
def test_determine_grade():
from failmap_admin.scanners.scanner_tls import test_determine_grade
test_determine_grade()
@staticmethod
def test_sslscan_real():
from failmap_admin.scanners.scanner_tls import test_real
test_real('johnkr.com', 443)
@staticmethod
def develop_celery_test_async_tasks():
......
import logging
from django.core.exceptions import ObjectDoesNotExist
from django.core.management.base import BaseCommand
from failmap_admin.organizations.models import Organization, Url
from failmap_admin.scanners.scanner_tls import test_real
logger = logging.getLogger(__package__)
class Command(BaseCommand):
help = 'Scan websites for TLS and grade them.'
def add_arguments(self, parser):
parser.add_argument(
'--url', '-u',
nargs=1,
)
parser.add_argument(
'--port', '-p',
nargs=1,
)
def handle(self, *args, **options):
if options['url']:
if not options['port']:
options['port'] = [443]
logger.debug('%s:%s' % (options['url'][0], options['port'][0]))
test_real(options['url'][0], options['port'][0])
<?xml version="1.0" encoding="UTF-8"?>
<document title="SSLScan Results" version="1.11.10-static" web="http://github.com/rbsec/sslscan">
<ssltest host="example.com" sniname="example.com" port="443">
<renegotiation supported="1" secure="1" />
<compression supported="0" />
<heartbleed sslversion="TLSv1.2" vulnerable="0" />
<heartbleed sslversion="TLSv1.1" vulnerable="0" />
<heartbleed sslversion="TLSv1.0" vulnerable="0" />
<cipher status="preferred" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-GCM-SHA384" id="0xC030" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-GCM-SHA256" id="0xC02F" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-SHA384" id="0xC028" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-SHA256" id="0xC027" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="AES256-GCM-SHA384" id="0x9D" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="AES128-GCM-SHA256" id="0x9C" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="AES256-SHA256" id="0x3D" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="AES128-SHA256" id="0x3C" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="AES256-SHA" id="0x35" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="preferred" sslversion="TLSv1.1" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.1" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.1" bits="256" cipher="AES256-SHA" id="0x35" />
<cipher status="accepted" sslversion="TLSv1.1" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="preferred" sslversion="TLSv1.0" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.0" bits="256" cipher="AES256-SHA" id="0x35" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="AES128-SHA" id="0x2F" />
<certificate>
<certificate-blob>
-----BEGIN CERTIFICATE-----
MIIGODCCBSCgAwIBAgIQWeKDo7vOAUnw8q1aQtsW8TANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDExMDAwMDAwMFoX
DTE4MDExMDIzNTk1OVowga8xCzAJBgNVBAYTAlVTMR0wGwYDVQQIDBREaXN0cmlj
dCBPZiBDb2x1bWJpYTETMBEGA1UEBwwKV2FzaGluZ3RvbjEuMCwGA1UECgwlVGhl
IEV4ZWN1dGl2ZSBPZmZpY2Ugb2YgdGhlIFByZXNpZGVudDEhMB8GA1UECwwYT2Zm
aWNlIG9mIEFkbWluaXN0cmF0aW9uMRkwFwYDVQQDDBAqLndoaXRlaG91c2UuZ292
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFnx9/V3YsAEiHsRa38r
OMTRqpx8babtReNMCo6vgbLV1A3cJjuT8zoWp/YiTseRewj44LfzZ7PDU32CG6QI
H66i3LgyD4dTCXu7EiIeEhX+9LTCOhoKyqz+vzYp4oxs8sIKE+ZEOkYkqslk4Amp
3xOtaYwANgwU5sZ4dUUssQB0tUebmdcYPuoxGqbfT9ZH7chWa7yyGHSOBpzRUe5X
gXRP68Dd5K/fmLUJ7XyWVXVsnzsdN/f1MIcV+dMknLeppajuz3Rz65yOCI72wEn9
phgNbX+mNymlDzqIO9NyTOuPwOTdQxeTPy+xW2JGJsD3CRe1fvYzPdunNl323RQo
8QIDAQABo4ICfjCCAnowKwYDVR0RBCQwIoIQKi53aGl0ZWhvdXNlLmdvdoIOd2hp
dGVob3VzZS5nb3YwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwYQYDVR0gBFow
WDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9j
cHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwKwYDVR0f
BCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy
9Xr0QxjvMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NzLnN5
bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcnQw
ggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVc
iI09EcTNtuy+zAAAAVmJICVhAAAEAwBIMEYCIQD67hK1d5VD+Dt+uzR/vN5rkUfc
+R/JX4q/qBDk9zqG0wIhAIRvQAnoARtBeY20wVdJ5D5g/yJ+x7B5jcFz647linZS
AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFZiSAqQwAABAMA
RzBFAiBfBNr9ca8wyPWmQ7ZUmVtzTUPpIe/A08gcbBrI+39cxwIhAKmAdnZbb0cC
ip6hJ0GjJe8vIxN7uSRSEmVGsEV3xUKBMA0GCSqGSIb3DQEBCwUAA4IBAQBmQj+p
s2uqyfbHdIAWzrjX3t+fh2AJueIu0kzXsTw7VOr8/26BHBq+KraH10T7zk86zjxd
C9z/e8dhxj7cbJEP1jammjw33W7Zv/6M8CzXCW0nruW6sxe64hIGZTGY0AgnKseD
XTI+++l9c+N6lll/2oCoTdX+6ZmcYfKeHMUnxKPSiQceYh/wH1y/P2IFMtp5TPt3
cMzEm/eUKDyA4ZbEmxnOPT4KB26Ht4b39+bTjtsZBS4d/xB+/tLKDZi2Mh8psKHR
jE7LhjjZfDXqk7echSVtdltWlWH6QARajADlvw50kAa20/yKes1DSLs2G60Fp8dV
bTOCnjyETJs/bGFE
-----END CERTIFICATE-----
</certificate-blob>
<version>2</version>
<serial>59:e2:83:a3:bb:ce:01:49:f0:f2:ad:5a:42:db:16:f1</serial>
<signature-algorithm>sha256WithRSAEncryption</signature-algorithm>
<issuer><![CDATA[/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4]]></issuer>
<not-valid-before>Jan 10 00:00:00 2017 GMT</not-valid-before>
<not-valid-after>Jan 10 23:59:59 2018 GMT</not-valid-after>
<subject><![CDATA[/C=US/ST=District Of Columbia/L=Washington/O=The Executive Office of the President/OU=Office of Administration/CN=*.whitehouse.gov]]></subject>
<pk-algorithm>rsaEncryption</pk-algorithm>
<pk error="false" type="RSA" bits="2048">
Public-Key: (2048 bit)
Modulus:
00:bc:59:f1:f7:f5:77:62:c0:04:88:7b:11:6b:7f:
2b:38:c4:d1:aa:9c:7c:6d:a6:ed:45:e3:4c:0a:8e:
af:81:b2:d5:d4:0d:dc:26:3b:93:f3:3a:16:a7:f6:
22:4e:c7:91:7b:08:f8:e0:b7:f3:67:b3:c3:53:7d:
82:1b:a4:08:1f:ae:a2:dc:b8:32:0f:87:53:09:7b:
bb:12:22:1e:12:15:fe:f4:b4:c2:3a:1a:0a:ca:ac:
fe:bf:36:29:e2:8c:6c:f2:c2:0a:13:e6:44:3a:46:
24:aa:c9:64:e0:09:a9:df:13:ad:69:8c:00:36:0c:
14:e6:c6:78:75:45:2c:b1:00:74:b5:47:9b:99:d7:
18:3e:ea:31:1a:a6:df:4f:d6:47:ed:c8:56:6b:bc:
b2:18:74:8e:06:9c:d1:51:ee:57:81:74:4f:eb:c0:
dd:e4:af:df:98:b5:09:ed:7c:96:55:75:6c:9f:3b:
1d:37:f7:f5:30:87:15:f9:d3:24:9c:b7:a9:a5:a8:
ee:cf:74:73:eb:9c:8e:08:8e:f6:c0:49:fd:a6:18:
0d:6d:7f:a6:37:29:a5:0f:3a:88:3b:d3:72:4c:eb:
8f:c0:e4:dd:43:17:93:3f:2f:b1:5b:62:46:26:c0:
f7:09:17:b5:7e:f6:33:3d:db:a7:36:5d:f6:dd:14:
28:f1
Exponent: 65537 (0x10001)
</pk>
<X509v3-Extensions>
<extension name="X509v3 Subject Alternative Name"><![CDATA[DNS:*.whitehouse.gov, DNS:whitehouse.gov]]></extension>
<extension name="X509v3 Basic Constraints"><![CDATA[CA:FALSE]]></extension>
<extension name="X509v3 Key Usage" level="critical"><![CDATA[Digital Signature, Key Encipherment]]></extension>
<extension name="X509v3 Certificate Policies"><![CDATA[Policy: 2.23.140.1.2.2
CPS: https://d.symcb.com/cps
User Notice:
Explicit Text: https://d.symcb.com/rpa
]]></extension>
<extension name="X509v3 CRL Distribution Points"><![CDATA[
Full Name:
URI:http://ss.symcb.com/ss.crl
]]></extension>
<extension name="X509v3 Extended Key Usage"><![CDATA[TLS Web Server Authentication, TLS Web Client Authentication]]></extension>
<extension name="X509v3 Authority Key Identifier"><![CDATA[keyid:5F:60:CF:61:90:55:DF:84:43:14:8A:60:2A:B2:F5:7A:F4:43:18:EF
]]></extension>
<extension name="Authority Information Access"><![CDATA[OCSP - URI:http://ss.symcd.com
CA Issuers - URI:http://ss.symcb.com/ss.crt
]]></extension>
<extension name="CT Precertificate SCTs"><![CDATA[Signed Certificate Timestamp:
Version : v1(0)
Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E:
2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC
Timestamp : Jan 10 16:05:02.433 2017 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:FA:EE:12:B5:77:95:43:F8:3B:7E:BB:
34:7F:BC:DE:6B:91:47:DC:F9:1F:C9:5F:8A:BF:A8:10:
E4:F7:3A:86:D3:02:21:00:84:6F:40:09:E8:01:1B:41:
79:8D:B4:C1:57:49:E4:3E:60:FF:22:7E:C7:B0:79:8D:
C1:73:EB:8E:E5:8A:76:52
Signed Certificate Timestamp:
Version : v1(0)
Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
Timestamp : Jan 10 16:05:03.683 2017 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:5F:04:DA:FD:71:AF:30:C8:F5:A6:43:B6:
54:99:5B:73:4D:43:E9:21:EF:C0:D3:C8:1C:6C:1A:C8:
FB:7F:5C:C7:02:21:00:A9:80:76:76:5B:6F:47:02:8A:
9E:A1:27:41:A3:25:EF:2F:23:13:7B:B9:24:52:12:65:
46:B0:45:77:C5:42:81]]></extension>
</X509v3-Extensions>
</certificate>
<certificate>
<signature-algorithm>sha256WithRSAEncryption</signature-algorithm>
<pk error="false" type="RSA" bits="2048" />
<subject><![CDATA[*.example.com]]></subject>
<altnames><![CDATA[DNS:*.example.com, DNS:example.com]]></altnames>
<issuer><![CDATA[Symantec Class 3 Secure Server CA - G4]]></issuer>
<self-signed>false</self-signed>
<not-valid-before>Jan 10 00:00:00 2017 GMT</not-valid-before>
<not-valid-after>Jan 10 23:59:59 2018 GMT</not-valid-after>
<expired>false</expired>
</certificate>
</ssltest>
</document>
<?xml version="1.0" encoding="UTF-8"?>
<document title="SSLScan Results" version="1.11.10-static" web="http://github.com/rbsec/sslscan">
<ssltest host="example.com" sniname="example.com" port="443">
<renegotiation supported="1" secure="1" />
<compression supported="0" />
<heartbleed sslversion="TLSv1.2" vulnerable="0" />
<heartbleed sslversion="TLSv1.1" vulnerable="0" />
<heartbleed sslversion="TLSv1.0" vulnerable="0" />
<cipher status="preferred" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-GCM-SHA384" id="0xC030" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-SHA384" id="0xC028" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-GCM-SHA256" id="0xC02F" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-SHA256" id="0xC027" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="preferred" sslversion="TLSv1.1" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.1" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.1" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="preferred" sslversion="TLSv1.0" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="AES128-SHA" id="0x2F" />
<certificate>
<certificate-blob>
-----BEGIN CERTIFICATE-----
MIIG3zCCBcegAwIBAgIQD+3c+ckem9j17iY+HvovoDANBgkqhkiG9w0BAQsFADBH
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX
R2VvVHJ1c3QgRVYgU1NMIENBIC0gRzQwHhcNMTYwNzE1MDAwMDAwWhcNMTgwOTEz
MjM1OTU5WjCB0zETMBEGCysGAQQBgjc8AgEDEwJJVDEaMBgGCysGAQQBgjc8AgEC
EwlGcm9zaW5vbmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRIwEAYD
VQQFEwlGUi0xMjYyMzMxCzAJBgNVBAYTAklUMRIwEAYDVQQIDAlGcm9zaW5vbmUx
EjAQBgNVBAcMCUZyb3Npbm9uZTETMBEGA1UECgwKU2Vld2ViIFNybDELMAkGA1UE
CwwCSVQxFjAUBgNVBAMMDXd3dy5zZWV3ZWIuaXQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1RQluNi/JaJVBZ1mkjLZJe2y9Q8cWDMMLGEyOR9WSaKpp
k/Ybx+uEON+bdz+JVJ9KEh80luCDAQEH1+bjC1BV5FBLRDqyCkyrofI8icTmZGnA
39HdoZ16wBbWFpMI9bSTkg9uNmGansgZLtBSTGO6n0vl9TeNs/53ss3jZLtQu1qF
5T+KM1z+km+hf/UnvGkzXlEX4vcpefKl1kyzNUlmIxjpIImmoEg31iVrvJlaZghC
hhQO7a4wnVCHAI4MahIiXYkcALL9U0cqEjVTCyzN3OwXC4hX+WFtMsd+57nM+z2W
LSluZDSe4CtLdevUulwsHHvbjjxV+XsU73i/KPOxAgMBAAGjggM4MIIDNDAjBgNV
HREEHDAagg13d3cuc2Vld2ViLml0gglzZWV3ZWIuaXQwCQYDVR0TBAIwADAOBgNV
HQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2dtLnN5bWNiLmNv
bS9nbS5jcmwwgakGA1UdIASBoTCBnjCBkgYJKwYBBAHwIgEGMIGEMD8GCCsGAQUF
BwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRv
cnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29t
L3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMAcGBWeBDAEBMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTez1xQt64CHxUXqhboDbUo
nWpa8zBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbS5zeW1j
ZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbS5zeW1jYi5jb20vZ20uY3J0MIIB
fgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVc
iI09EcTNtuy+zAAAAVXuLWhLAAAEAwBHMEUCICRQ4dGOQWKuj8FoPWKJwONoiqSr
/7acDUZb16wijPUhAiEA0dgfALeyetx2h5/u1IYO7Au9VQwxOMKWkM+FOC+DxokA
dgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVXuLWiHAAAEAwBH
MEUCIQCbKYD2Y5MoZu2aoQMLi1fIfv49PEz0+u5nuqmFf4X6owIgCulL8OUIXr5u
TRqHBoFUD6Q7T+lH9ohuuntilmKpF00AdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PU
RNEKZ6y7T0/7xAAAAVXuLWh8AAAEAwBHMEUCICxaUBNpsdqzX1vSwVHEdvCqPVT/
ycCkD3xtG7UNgX7lAiEAjFvu0gJmAPxYMB0MjNdssoBrnz6Mjj7jhgW8oQK3THow
DQYJKoZIhvcNAQELBQADggEBAF0vvxylZmHcYiAn4/lii5A5r3IwZpv5ec5PH+pS
dd6MeoO7tAphtve+CDhK8ycyMx0prWAp2SIy5iloUtpCggdZgJkvZN/CVolp4P72
zS9Cm1/kT6LHyvPyWx6ozJQc+f3r/iV3eMsky5aTZGdD3JWogA7dkIL+A6CStFcS
DNgmWWk/5o4uAmegXCr/g4N36Wz0Ggj4Kf8ild8Sdpl56vKwqosGGr+iGdECJnV3
YX6PyS4jmHrudmikz+N9LGt4ucuBRK438gSsJRX0OEmxFTyxYnQKgRJiWXA12Qto
LDJsUWYFSkK+QZG1cEXBu632FFMrIaSwHqwJeAoqEoPHPmM=
-----END CERTIFICATE-----
</certificate-blob>
<version>2</version>
<serial>0f:ed:dc:f9:c9:1e:9b:d8:f5:ee:26:3e:1e:fa:2f:a0</serial>
<signature-algorithm>sha256WithRSAEncryption</signature-algorithm>
<issuer><![CDATA[/C=US/O=GeoTrust Inc./CN=GeoTrust EV SSL CA - G4]]></issuer>
<not-valid-before>Jul 15 00:00:00 2016 GMT</not-valid-before>
<not-valid-after>Sep 13 23:59:59 2018 GMT</not-valid-after>
<subject><![CDATA[/jurisdictionC=IT/jurisdictionST=Frosinone/businessCategory=Private Organization/serialNumber=FR-126233/C=IT/ST=Frosinone/L=Frosinone/O=Seeweb Srl/OU=IT/CN=www.seeweb.it]]></subject>
<pk-algorithm>rsaEncryption</pk-algorithm>
<pk error="false" type="RSA" bits="2048">
Public-Key: (2048 bit)
Modulus:
00:b5:45:09:6e:36:2f:c9:68:95:41:67:59:a4:8c:
b6:49:7b:6c:bd:43:c7:16:0c:c3:0b:18:4c:8e:47:
d5:92:68:aa:69:93:f6:1b:c7:eb:84:38:df:9b:77:
3f:89:54:9f:4a:12:1f:34:96:e0:83:01:01:07:d7:
e6:e3:0b:50:55:e4:50:4b:44:3a:b2:0a:4c:ab:a1:
f2:3c:89:c4:e6:64:69:c0:df:d1:dd:a1:9d:7a:c0:
16:d6:16:93:08:f5:b4:93:92:0f:6e:36:61:9a:9e:
c8:19:2e:d0:52:4c:63:ba:9f:4b:e5:f5:37:8d:b3:
fe:77:b2:cd:e3:64:bb:50:bb:5a:85:e5:3f:8a:33:
5c:fe:92:6f:a1:7f:f5:27:bc:69:33:5e:51:17:e2:
f7:29:79:f2:a5:d6:4c:b3:35:49:66:23:18:e9:20:
89:a6:a0:48:37:d6:25:6b:bc:99:5a:66:08:42:86:
14:0e:ed:ae:30:9d:50:87:00:8e:0c:6a:12:22:5d:
89:1c:00:b2:fd:53:47:2a:12:35:53:0b:2c:cd:dc:
ec:17:0b:88:57:f9:61:6d:32:c7:7e:e7:b9:cc:fb:
3d:96:2d:29:6e:64:34:9e:e0:2b:4b:75:eb:d4:ba:
5c:2c:1c:7b:db:8e:3c:55:f9:7b:14:ef:78:bf:28:
f3:b1
Exponent: 65537 (0x10001)
</pk>
<X509v3-Extensions>
<extension name="X509v3 Subject Alternative Name"><![CDATA[DNS:www.seeweb.it, DNS:seeweb.it]]></extension>
<extension name="X509v3 Basic Constraints"><![CDATA[CA:FALSE]]></extension>
<extension name="X509v3 Key Usage" level="critical"><![CDATA[Digital Signature, Key Encipherment]]></extension>
<extension name="X509v3 CRL Distribution Points"><![CDATA[
Full Name:
URI:http://gm.symcb.com/gm.crl
]]></extension>
<extension name="X509v3 Certificate Policies"><![CDATA[Policy: 1.3.6.1.4.1.14370.1.6
CPS: https://www.geotrust.com/resources/repository/legal
User Notice:
Explicit Text: https://www.geotrust.com/resources/repository/legal
Policy: 2.23.140.1.1
]]></extension>
<extension name="X509v3 Extended Key Usage"><![CDATA[TLS Web Server Authentication, TLS Web Client Authentication]]></extension>
<extension name="X509v3 Authority Key Identifier"><![CDATA[keyid:DE:CF:5C:50:B7:AE:02:1F:15:17:AA:16:E8:0D:B5:28:9D:6A:5A:F3
]]></extension>
<extension name="Authority Information Access"><![CDATA[OCSP - URI:http://gm.symcd.com
CA Issuers - URI:http://gm.symcb.com/gm.crt
]]></extension>
<extension name="CT Precertificate SCTs"><![CDATA[Signed Certificate Timestamp:
Version : v1(0)
Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E:
2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC
Timestamp : Jul 15 10:50:01.163 2016 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:24:50:E1:D1:8E:41:62:AE:8F:C1:68:3D:
62:89:C0:E3:68:8A:A4:AB:FF:B6:9C:0D:46:5B:D7:AC:
22:8C:F5:21:02:21:00:D1:D8:1F:00:B7:B2:7A:DC:76:
87:9F:EE:D4:86:0E:EC:0B:BD:55:0C:31:38:C2:96:90:
CF:85:38:2F:83:C6:89
Signed Certificate Timestamp:
Version : v1(0)
Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
Timestamp : Jul 15 10:50:01.223 2016 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:9B:29:80:F6:63:93:28:66:ED:9A:A1:
03:0B:8B:57:C8:7E:FE:3D:3C:4C:F4:FA:EE:67:BA:A9:
85:7F:85:FA:A3:02:20:0A:E9:4B:F0:E5:08:5E:BE:6E:
4D:1A:87:06:81:54:0F:A4:3B:4F:E9:47:F6:88:6E:BA:
7B:62:96:62:A9:17:4D
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC:
71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4
Timestamp : Jul 15 10:50:01.212 2016 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:2C:5A:50:13:69:B1:DA:B3:5F:5B:D2:C1:
51:C4:76:F0:AA:3D:54:FF:C9:C0:A4:0F:7C:6D:1B:B5:
0D:81:7E:E5:02:21:00:8C:5B:EE:D2:02:66:00:FC:58:
30:1D:0C:8C:D7:6C:B2:80:6B:9F:3E:8C:8E:3E:E3:86:
05:BC:A1:02:B7:4C:7A]]></extension>
</X509v3-Extensions>
</certificate>
<certificate>
<signature-algorithm>sha256WithRSAEncryption</signature-algorithm>
<pk error="false" type="RSA" bits="2048" />
<subject><![CDATA[example.com]]></subject>
<altnames><![CDATA[DNS:example.com, DNS:example.com]]></altnames>
<issuer><![CDATA[GeoTrust EV SSL CA - G4]]></issuer>
<self-signed>false</self-signed>
<not-valid-before>Jul 15 00:00:00 2016 GMT</not-valid-before>
<not-valid-after>Sep 13 23:59:59 2018 GMT</not-valid-after>
<expired>false</expired>
</certificate>
</ssltest>
</document>
<?xml version="1.0" encoding="UTF-8"?>
<document title="SSLScan Results" version="1.11.10-static" web="http://github.com/rbsec/sslscan">
<ssltest host="example.com" sniname="example.com" port="443">
<renegotiation supported="0" secure="0" />
<compression supported="0" />
<heartbleed sslversion="TLSv1.2" vulnerable="0" />
<heartbleed sslversion="TLSv1.1" vulnerable="0" />
<heartbleed sslversion="TLSv1.0" vulnerable="0" />
<cipher status="preferred" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-GCM-SHA256" id="0xC02F" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-SHA256" id="0xC027" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-GCM-SHA384" id="0xC030" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-SHA384" id="0xC028" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="AES128-GCM-SHA256" id="0x9C" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="AES128-SHA256" id="0x3C" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="AES256-GCM-SHA384" id="0x9D" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="AES256-SHA256" id="0x3D" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="AES256-SHA" id="0x35" />
<cipher status="accepted" sslversion="TLSv1.2" bits="112" cipher="DES-CBC3-SHA" id="0xA" />
<cipher status="preferred" sslversion="TLSv1.1" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.1" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.1" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="accepted" sslversion="TLSv1.1" bits="256" cipher="AES256-SHA" id="0x35" />
<cipher status="accepted" sslversion="TLSv1.1" bits="112" cipher="DES-CBC3-SHA" id="0xA" />
<certificate>
<signature-algorithm>sha256WithRSAEncryption</signature-algorithm>
<pk error="false" type="RSA" bits="2048" />
<subject><![CDATA[*.example.com]]></subject>
<altnames><![CDATA[DNS:*.example.com, DNS:example.com]]></altnames>
<issuer><![CDATA[DigiCert SHA2 High Assurance Server CA]]></issuer>
<self-signed>false</self-signed>
<not-valid-before>Jul 4 00:00:00 2017 GMT</not-valid-before>
<not-valid-after>Jul 14 12:00:00 2020 GMT</not-valid-after>
<expired>false</expired>
</certificate>
</ssltest>
</document>
<?xml version="1.0" encoding="UTF-8"?>
<document title="SSLScan Results" version="1.11.10-static" web="http://github.com/rbsec/sslscan">
<ssltest host="my.eir.ie" sniname="my.eir.ie" port="443">
<renegotiation supported="1" secure="1" />
<compression supported="0" />
<heartbleed sslversion="TLSv1.2" vulnerable="0" />
<heartbleed sslversion="TLSv1.1" vulnerable="0" />
<heartbleed sslversion="TLSv1.0" vulnerable="0" />
<cipher status="preferred" sslversion="TLSv1.2" bits="128" cipher="RC4-MD5" id="0x4" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="RC4-SHA" id="0x5" />
<cipher status="accepted" sslversion="TLSv1.2" bits="112" cipher="DES-CBC3-SHA" id="0xA" />
<cipher status="accepted" sslversion="TLSv1.2" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="accepted" sslversion="TLSv1.2" bits="256" cipher="AES256-SHA" id="0x35" />
<cipher status="preferred" sslversion="TLSv1.1" bits="128" cipher="RC4-MD5" id="0x4" />
<cipher status="accepted" sslversion="TLSv1.1" bits="128" cipher="RC4-SHA" id="0x5" />
<cipher status="accepted" sslversion="TLSv1.1" bits="112" cipher="DES-CBC3-SHA" id="0xA" />
<cipher status="accepted" sslversion="TLSv1.1" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="accepted" sslversion="TLSv1.1" bits="256" cipher="AES256-SHA" id="0x35" />
<cipher status="preferred" sslversion="TLSv1.0" bits="128" cipher="RC4-MD5" id="0x4" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="RC4-SHA" id="0x5" />
<cipher status="accepted" sslversion="TLSv1.0" bits="112" cipher="DES-CBC3-SHA" id="0xA" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="accepted" sslversion="TLSv1.0" bits="256" cipher="AES256-SHA" id="0x35" />
<certificate>
<certificate-blob>
-----BEGIN CERTIFICATE-----
MIIGIDCCBQigAwIBAgIQItAPFlgv7gCNfGu0fEAwxjANBgkqhkiG9w0BAQsFADBD
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0
aGF3dGUgU0hBMjU2IFNTTCBDQTAeFw0xNzA4MDkwMDAwMDBaFw0xOTA4MDkyMzU5
NTlaMF4xCzAJBgNVBAYTAklFMRIwEAYDVQQIDAlDbyBEdWJsaW4xDzANBgNVBAcM
BkR1YmxpbjEXMBUGA1UECgwORWlyY29tIExpbWl0ZWQxETAPBgNVBAMMCCouZWly
LmllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxERDTvbI0HUYcQ0k
BExtmZF4KKaYAFpWQyQ2DmlCovdsd4VSQr/pHsjkXjocM+dyAKwYpc+Oli9id+Tn
Bv+ZETMa709TAISvePhivGef5fcYVhEUPLUHTrdkY5vBX818b+sE9vULXrnUopk+
sv4/YlQ00GYaMWbWhJNymZivEpKRrfVC185/2C6Yv8XgHubqo839nkxVImiRkZi9
C6sMiFaIgzC+O5uM/L6E7mo1cIaDWgWHA2OlSPUyNG0B57xowN2Je2nrtTkH6lyF
9cGYKeCbtfUrsdk5jI6lTpZH34G2TWn8c7VhganBmw95h4wUu0z9tKed/JegAoSX
RtbOFwIDAQABo4IC8zCCAu8wGwYDVR0RBBQwEoIIKi5laXIuaWWCBmVpci5pZTAJ
BgNVHRMEAjAAMG4GA1UdIARnMGUwYwYGZ4EMAQICMFkwJgYIKwYBBQUHAgEWGmh0
dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMMIWh0dHBzOi8v
d3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0j
BBgwFoAUK5o1rgEYODDhcHoF4BF2o869kBQwKwYDVR0fBCQwIjAgoB6gHIYaaHR0
cDovL3RnLnN5bWNiLmNvbS90Zy5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3RnLnN5
bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3RnLnN5bWNiLmNvbS90Zy5jcnQw
ggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AN3rHSt6DU+mIIuBrYFocH4ujp0B
1VyIjT0RxM227L7MAAABXcer1aMAAAQDAEcwRQIhAMMFUYfR5/5ud8Ws0vHnhvPy
UAhFbaEjBSzfLcwjK8jZAiAtfYKSeNG9CYTAlMUZ2FfEMGy0SppD5fznqcON+PjR
ogB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABXcer1dwAAAQD
AEYwRAIgRlIwPzI988ZSogx2/1nJ/rpe9IvHzfTfWDlz8x87XnUCIA2M+3Fk1Uyw
oIshhNPvGY49dfLMiNywQ4esQujnl7yIAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+w
ctiDAMR7iXqo/csAAAFdx6vXoAAABAMARzBFAiEAzRqSuBAf82XO3fNhTPv4MNxx
IWAkWfw4R9CnRJheyLMCIDeDTPbm2nfNpXh3+3oaVjErusIEPIF+8G/84hkfUh0d
MA0GCSqGSIb3DQEBCwUAA4IBAQCGrfLzKq36CrnwtL62s3fiM6IYiu9KuRZI8AVW
9vWVMWU4qfzefYA3jVoJ67ieOfjf6eKX4eSmiYEeeffCsc6gYxhhToVCJpmrx4vM
SwzlMPE6bMt16uGEk4XU0ehyu0UQroWUyyMT0oEDn922UgUxSFRjZSpGLMU+4b6l
mEvJ8g2xGMjF0iEyc9gdWzJ+RQUsr9ZcxlpbCoYyNYEZIXLkx+p4HiGjme3lYnH4
l3aS+WK07ndD/gaBZBOkb54zM8thRkWBB7v4TA6oeZO612dmwtch5Vz5seA0Ut4C
XBLs6e+Fo/b8PtZrt76vnFuRLxsvlqxYr+SMrLSFMQQ7cN3l
-----END CERTIFICATE-----
</certificate-blob>
<version>2</version>
<serial>22:d0:0f:16:58:2f:ee:00:8d:7c:6b:b4:7c:40:30:c6</serial>
<signature-algorithm>sha256WithRSAEncryption</signature-algorithm>
<issuer><![CDATA[/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA]]></issuer>
<not-valid-before>Aug 9 00:00:00 2017 GMT</not-valid-before>
<not-valid-after>Aug 9 23:59:59 2019 GMT</not-valid-after>
<subject><![CDATA[/C=IE/ST=Co Dublin/L=Dublin/O=Eircom Limited/CN=*.eir.ie]]></subject>
<pk-algorithm>rsaEncryption</pk-algorithm>
<pk error="false" type="RSA" bits="2048">
Public-Key: (2048 bit)
Modulus:
00:c4:44:43:4e:f6:c8:d0:75:18:71:0d:24:04:4c:
6d:99:91:78:28:a6:98:00:5a:56:43:24:36:0e:69:
42:a2:f7:6c:77:85:52:42:bf:e9:1e:c8:e4:5e:3a:
1c:33:e7:72:00:ac:18:a5:cf:8e:96:2f:62:77:e4:
e7:06:ff:99:11:33:1a:ef:4f:53:00:84:af:78:f8:
62:bc:67:9f:e5:f7:18:56:11:14:3c:b5:07:4e:b7:
64:63:9b:c1:5f:cd:7c:6f:eb:04:f6:f5:0b:5e:b9:
d4:a2:99:3e:b2:fe:3f:62:54:34:d0:66:1a:31:66:
d6:84:93:72:99:98:af:12:92:91:ad:f5:42:d7:ce:
7f:d8:2e:98:bf:c5:e0:1e:e6:ea:a3:cd:fd:9e:4c:
55:22:68:91:91:98:bd:0b:ab:0c:88:56:88:83:30:
be:3b:9b:8c:fc:be:84:ee:6a:35:70:86:83:5a:05:
87:03:63:a5:48:f5:32:34:6d:01:e7:bc:68:c0:dd:
89:7b:69:eb:b5:39:07:ea:5c:85:f5:c1:98:29:e0:
9b:b5:f5:2b:b1:d9:39:8c:8e:a5:4e:96:47:df:81:
b6:4d:69:fc:73:b5:61:81:a9:c1:9b:0f:79:87:8c:
14:bb:4c:fd:b4:a7:9d:fc:97:a0:02:84:97:46:d6:
ce:17
Exponent: 65537 (0x10001)
</pk>
<X509v3-Extensions>
<extension name="X509v3 Subject Alternative Name"><![CDATA[DNS:*.eir.ie, DNS:eir.ie]]></extension>
<extension name="X509v3 Basic Constraints"><![CDATA[CA:FALSE]]></extension>
<extension name="X509v3 Certificate Policies"><![CDATA[Policy: 2.23.140.1.2.2
CPS: https://www.thawte.com/cps
User Notice:
Explicit Text: https://www.thawte.com/repository
]]></extension>
<extension name="X509v3 Key Usage" level="critical"><![CDATA[Digital Signature, Key Encipherment]]></extension>
<extension name="X509v3 Authority Key Identifier"><![CDATA[keyid:2B:9A:35:AE:01:18:38:30:E1:70:7A:05:E0:11:76:A3:CE:BD:90:14
]]></extension>
<extension name="X509v3 CRL Distribution Points"><![CDATA[
Full Name:
URI:http://tg.symcb.com/tg.crl
]]></extension>
<extension name="X509v3 Extended Key Usage"><![CDATA[TLS Web Server Authentication, TLS Web Client Authentication]]></extension>
<extension name="Authority Information Access"><![CDATA[OCSP - URI:http://tg.symcd.com
CA Issuers - URI:http://tg.symcb.com/tg.crt
]]></extension>
<extension name="CT Precertificate SCTs"><![CDATA[Signed Certificate Timestamp:
Version : v1(0)
Log ID : DD:EB:1D:2B:7A:0D:4F:A6:20:8B:81:AD:81:68:70:7E:
2E:8E:9D:01:D5:5C:88:8D:3D:11:C4:CD:B6:EC:BE:CC
Timestamp : Aug 9 15:45:13.635 2017 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C3:05:51:87:D1:E7:FE:6E:77:C5:AC:
D2:F1:E7:86:F3:F2:50:08:45:6D:A1:23:05:2C:DF:2D:
CC:23:2B:C8:D9:02:20:2D:7D:82:92:78:D1:BD:09:84:
C0:94:C5:19:D8:57:C4:30:6C:B4:4A:9A:43:E5:FC:E7:
A9:C3:8D:F8:F8:D1:A2
Signed Certificate Timestamp:
Version : v1(0)
Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
Timestamp : Aug 9 15:45:13.692 2017 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:46:52:30:3F:32:3D:F3:C6:52:A2:0C:76:
FF:59:C9:FE:BA:5E:F4:8B:C7:CD:F4:DF:58:39:73:F3:
1F:3B:5E:75:02:20:0D:8C:FB:71:64:D5:4C:B0:A0:8B:
21:84:D3:EF:19:8E:3D:75:F2:CC:88:DC:B0:43:87:AC:
42:E8:E7:97:BC:88
Signed Certificate Timestamp:
Version : v1(0)
Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
Timestamp : Aug 9 15:45:14.144 2017 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:CD:1A:92:B8:10:1F:F3:65:CE:DD:F3:
61:4C:FB:F8:30:DC:71:21:60:24:59:FC:38:47:D0:A7:
44:98:5E:C8:B3:02:20:37:83:4C:F6:E6:DA:77:CD:A5:
78:77:FB:7A:1A:56:31:2B:BA:C2:04:3C:81:7E:F0:6F:
FC:E2:19:1F:52:1D:1D]]></extension>
</X509v3-Extensions>
</certificate>
<certificate>
<signature-algorithm>sha256WithRSAEncryption</signature-algorithm>
<pk error="false" type="RSA" bits="2048" />
<subject><![CDATA[*.eir.ie]]></subject>
<altnames><![CDATA[DNS:*.eir.ie, DNS:eir.ie]]></altnames>
<issuer><![CDATA[thawte SHA256 SSL CA]]></issuer>
<self-signed>false</self-signed>
<not-valid-before>Aug 9 00:00:00 2017 GMT</not-valid-before>
<not-valid-after>Aug 9 23:59:59 2019 GMT</not-valid-after>
<expired>false</expired>
</certificate>
</ssltest>
</document>
<?xml version="1.0" encoding="UTF-8"?>
<document title="SSLScan Results" version="1.11.10-static" web="http://github.com/rbsec/sslscan">
<ssltest host="mail.lakyadler.cz" sniname="mail.lakyadler.cz" port="443">
<renegotiation supported="1" secure="1" />
<compression supported="0" />
<heartbleed sslversion="TLSv1.2" vulnerable="0" />
<heartbleed sslversion="TLSv1.1" vulnerable="0" />
<heartbleed sslversion="TLSv1.0" vulnerable="0" />
<cipher status="preferred" sslversion="TLSv1.0" bits="256" cipher="ECDHE-RSA-AES256-SHA" id="0xC014" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="ECDHE-RSA-AES128-SHA" id="0xC013" curve="P-256" ecdhebits="256" />
<cipher status="accepted" sslversion="TLSv1.0" bits="256" cipher="DHE-RSA-AES256-SHA" id="0x39" dhebits="1024" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="DHE-RSA-AES128-SHA" id="0x33" dhebits="1024" />
<cipher status="accepted" sslversion="TLSv1.0" bits="256" cipher="AES256-SHA" id="0x35" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="AES128-SHA" id="0x2F" />
<cipher status="accepted" sslversion="TLSv1.0" bits="112" cipher="DES-CBC3-SHA" id="0xA" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="RC4-SHA" id="0x5" />
<cipher status="accepted" sslversion="TLSv1.0" bits="128" cipher="RC4-MD5" id="0x4" />
<cipher status="preferred" sslversion="SSLv3" bits="112" cipher="DES-CBC3-SHA" id="0xA" />
<cipher status="accepted" sslversion="SSLv3" bits="128" cipher="RC4-SHA" id="0x5" />