jabber.tcpreset.net, 94.130.76.71:5222

TLS Test Results from August 09 2024 10:06:34 UTC. Scan took 42 seconds.

Summary

Finding Severity Result
OCSP Revoked WARN
TLS 1.2 OK offered
TLS 1.3 OK offered with final
Perfect Forward Secrecy OK offered
Common Name (CN) OK jabber.tcpreset.net
Subject Alternative Name (SAN) INFO
  • jabber.tcpreset.net
CA Issuers INFO R11 (Let's Encrypt from US)
Valid Not After OK 2024-10-18 16:08

Protocols

Version Status
SSL v2 not offered
SSL v3 not offered
TLS 1.0 not offered
TLS 1.1 not offered
TLS 1.2 offered
TLS 1.3 offered with final

Cipher Categories

Category Status
NULL ciphers (no encryption) not offered
Anonymous NULL Ciphers (no authentication) not offered
Export ciphers (excluding ADH+NULL) not offered
LOW: 64 Bit + DES, RC[2,4] (excluding export) not offered
Triple DES Ciphers / IDEA not offered
Obsolete CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) offered

Perfect Forward Secrecy

Category Status
Perfect Forward Secrecy offered
PFS Ciphers
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
PFS ECDHE Curves
  • prime256v1
  • secp384r1
  • secp521r1

Server Preferences

Category Finding
Cipher Order server
Protocol Negotiated Default protocol TLS1.3
Cipher Negotiated TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
Cipher Order TLS v1.2 ECDHE-RSA-AES256-GCM-SHA384

Server Defaults

Category Finding
TLS Extensions
  • renegotiation info/#65281
  • server name/#0
  • EC point formats/#11
  • supported versions/#43
  • key share/#51
  • supported_groups/#10
  • max fragment length/#1
  • extended master secret/#23
TLS Session Ticket no -- no lifetime advertised
SSL Session-ID Support yes
Session Resumption Ticket not supported
Session Resumption ID not supported
TLS Timestamp random
Number of Certificates 1

Certificate

Category Finding
Signature Algorithm SHA256 with RSA
Key Size RSA 4096 bits
Key Usage
  • Digital Signature
  • Key Encipherment
Extended Key Usage
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Serial Number 03225E890EDE1DD5BFB3FE4F7CADD16ABB1A
SHA1 Fingerprint 519DA53A18C6BFA0AC8B59183EE64834D7C54D15
SHA256 Fingerprint BB46A31200E7E9FC1DA3CF1E443B1835C5756F8AFAF21912145DC66022CDB9A5
X.509 Certificate Download jabber.tcpreset.net_5222_519DA53A.pem
Common Name (CN) jabber.tcpreset.net
Common Name w/o SNI jabber.tcpreset.net
Subject Alternative Name (SAN)
  • jabber.tcpreset.net
CA Issuers R11 (Let's Encrypt from US)
Certificate Trust Ok via SAN (same w/o SNI)
Chain Of Trust passed.
Extended-Validation Policies no
ETS (prev. "eTLS") not present
Expiration Status 70 >= 30 days
Valid Not Before 2024-07-20 16:08
Valid Not After 2024-10-18 16:08
Validity Period No finding
Certificate Count Server 2
Certs List Ordering Problem no
Leaked Key (pwnedkeys) not in database
CRL Distribution Points
  • --
OCSP Revoked
OCSP URL http://r11.o.lencr.org
OCSP Stapling not offered
OCSP Must Staple Extension --
DNS CAA Record
  • --
Certificate Transparency yes (certificate extension)

Vulnerabilities

Category Finding
Heartbleed not vulnerable, no heartbeat extension
CCS not vulnerable
ROBOT not vulnerable, no RSA key transport cipher
Secure Renegotiation supported
Secure Client Renegotiation not vulnerable
CRIME TLS not vulnerable (not using HTTP anyway)
POODLE SSL not vulnerable, no SSLv3
Fallback SCSV no protocol below TLS 1.2 offered
SWEET32 not vulnerable
FREAK not vulnerable
DROWN not vulnerable on this host and port
DROWN Hint Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see censys.io
LOGJAM not vulnerable, no DH EXPORT ciphers,
LOGJAM Common Primes no DH key with <= TLS 1.2
BEAST not vulnerable, no SSL3 or TLS1
LUCKY13 not vulnerable
RC4 not vulnerable

Ciphers

Name Key Exchange Encryption Key Length IANA ID
ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 xc030
ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 xc02f

Client Simulation

Category Connection via
Android 8.1 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Android 9.0 TLSv1.3 TLS_AES_256_GCM_SHA384
Android X TLSv1.3 TLS_AES_256_GCM_SHA384
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384
OpenSSL 1.02e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
OpenSSL 1.10l (Debian) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
OpenSSL 1.11d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384