, [2604:1380:45f2:6901::2]:443

TLS Test Results from March 18 2024 12:00:31 UTC. Scan took 101 seconds.


Finding Severity Result
TLS 1.2 OK offered
TLS 1.3 OK offered with final
Perfect Forward Secrecy OK offered
Common Name (CN) OK
Subject Alternative Name (SAN) INFO
CA Issuers INFO R3 (Let's Encrypt from US)
Valid Not After OK 2024-04-21 13:19


Version Status
SSL v2 not offered
SSL v3 not offered
TLS 1.0 not offered
TLS 1.1 not offered
TLS 1.2 offered
TLS 1.3 offered with final
ALPN / HTTP2 http/1.1

Cipher Categories

Category Status
NULL ciphers (no encryption) not offered
Anonymous NULL Ciphers (no authentication) not offered
Export ciphers (excluding ADH+NULL) not offered
LOW: 64 Bit + DES, RC[2,4] (excluding export) not offered
Triple DES Ciphers / IDEA not offered
Obsolete CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) offered

Perfect Forward Secrecy

Category Status
Perfect Forward Secrecy offered
PFS Ciphers
  • prime256v1
  • secp384r1
  • secp521r1

Server Preferences

Category Finding
Cipher Order server
Protocol Negotiated Default protocol TLS1.3
Cipher Negotiated TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
Cipher Order TLS v1.2 ECDHE-RSA-AES128-GCM-SHA256

Server Defaults

Category Finding
TLS Extensions
  • renegotiation info/#65281
  • server name/#0
  • EC point formats/#11
  • supported versions/#43
  • key share/#51
  • supported_groups/#10
  • max fragment length/#1
  • application layer protocol negotiation/#16
  • extended master secret/#23
TLS Session Ticket no -- no lifetime advertised
SSL Session-ID Support yes
Session Resumption Ticket not supported
Session Resumption ID not supported
TLS Timestamp random
Number of Certificates 1


Category Finding
Signature Algorithm SHA256 with RSA
Key Size RSA 2048 bits
Key Usage
  • Digital Signature
  • Key Encipherment
Extended Key Usage
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Serial Number 030E5F37217F55FCA2576947E38D6576D05D
SHA1 Fingerprint 5EF41B8DB08C63C4DB78F2EFC8F2CBC6FC006653
SHA256 Fingerprint 240422B5CDC1AAD346D07887E4650F40C6202AF3FA8583BCDD693C3BA8D4BFBD
X.509 Certificate Download gitlab.freedesktop.org_443_5EF41B8D.pem
Common Name (CN)
Common Name w/o SNI Kubernetes Ingress Controller Fake Certificate
Subject Alternative Name (SAN)
CA Issuers R3 (Let's Encrypt from US)
Certificate Trust Ok via SAN (SNI mandatory)
Chain Of Trust passed.
Extended-Validation Policies no
ETS (prev. "eTLS") not present
Expiration Status 34 >= 30 days
Valid Not Before 2024-01-22 13:19
Valid Not After 2024-04-21 13:19
Validity Period No finding
Certificate Count Server 3
Certs List Ordering Problem no
Leaked Key (pwnedkeys) not in database
CRL Distribution Points
  • --
OCSP Revoked
OCSP Stapling not offered
OCSP Must Staple Extension --
DNS CAA Record
Certificate Transparency yes (certificate extension)

HTTP response

Category Finding
HTTP Status Code 302 Found ('/')
HTTP Clock Skew 0 seconds from localtime
HSTS Expiration Time 182 days (=15724800 seconds) > 15552000 seconds
HSTS Subdomains includes subdomains
HSTS Preload domain is NOT marked for preloading
Server Banner
Banner Application
Cookie Count
Reverse Proxy Banner


Category Finding
Heartbleed not vulnerable, no heartbeat extension
CCS not vulnerable
Ticketbleed no session ticket extension
ROBOT not vulnerable, no RSA key transport cipher
Secure Renegotiation supported
Secure Client Renegotiation not vulnerable
CRIME TLS not vulnerable
BREACH not vulnerable, no HTTP compression - only supplied '/' tested
POODLE SSL not vulnerable, no SSLv3
Fallback SCSV no protocol below TLS 1.2 offered
SWEET32 not vulnerable
FREAK not vulnerable
DROWN not vulnerable on this host and port
DROWN Hint Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see
LOGJAM not vulnerable, no DH EXPORT ciphers,
LOGJAM Common Primes no DH key with <= TLS 1.2
BEAST not vulnerable, no SSL3 or TLS1
LUCKY13 not vulnerable
RC4 not vulnerable


Name Key Exchange Encryption Key Length IANA ID

Client Simulation

Category Connection via
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 5.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 7.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 8.1 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 9.0 TLSv1.3 TLS_AES_256_GCM_SHA384
Android X TLSv1.3 TLS_AES_256_GCM_SHA384
Chrome 74 Windows 10 TLSv1.3 TLS_AES_256_GCM_SHA384
Chrome 79 Windows 10 TLSv1.3 TLS_AES_256_GCM_SHA384
Firefox 66 Windows 8.1/10 TLSv1.3 TLS_AES_256_GCM_SHA384
Firefox 71 Windows 10 TLSv1.3 TLS_AES_256_GCM_SHA384
IE 6 Windows XP No connection
IE 8 Windows 7 No connection
IE 8 Windows XP No connection
IE 11 Windows 7 No connection
IE 11 Windows 8.1 No connection
IE 11 Windows Phone 8.1 No connection
IE 11 Windows 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Edge 15 Windows 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Edge 17 Windows 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Opera 66 Windows 10 TLSv1.3 TLS_AES_256_GCM_SHA384
Safari 9 IOS9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Safari 9 OSX 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Safari 10 OSX 10.12 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Safari 12.1 iOS 12.2 TLSv1.3 TLS_AES_256_GCM_SHA384
Safari 13.0 OSX 10.14.6 TLSv1.3 TLS_AES_256_GCM_SHA384
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384
OpenSSL 1.02e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 1.10l (Debian) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 1.11d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384
Thunderbird 68.3 TLSv1.3 TLS_AES_256_GCM_SHA384