jabber.tcpreset.net, 94.130.76.71:5222
TLS Test Results from August 09 2024 10:06:34 UTC. Scan took 42 seconds.
Summary
Finding | Severity | Result |
---|---|---|
OCSP Revoked | WARN | |
TLS 1.2 | OK | offered |
TLS 1.3 | OK | offered with final |
Perfect Forward Secrecy | OK | offered |
Common Name (CN) | OK | jabber.tcpreset.net |
Subject Alternative Name (SAN) | INFO |
|
CA Issuers | INFO | R11 (Let's Encrypt from US) |
Valid Not After | OK | 2024-10-18 16:08 |
Protocols
Version | Status |
---|---|
SSL v2 | not offered |
SSL v3 | not offered |
TLS 1.0 | not offered |
TLS 1.1 | not offered |
TLS 1.2 | offered |
TLS 1.3 | offered with final |
Cipher Categories
Category | Status |
---|---|
NULL ciphers (no encryption) | not offered |
Anonymous NULL Ciphers (no authentication) | not offered |
Export ciphers (excluding ADH+NULL) | not offered |
LOW: 64 Bit + DES, RC[2,4] (excluding export) | not offered |
Triple DES Ciphers / IDEA | not offered |
Obsolete CBC ciphers (AES, ARIA etc.) | not offered |
Strong encryption (AEAD ciphers) | offered |
Perfect Forward Secrecy
Category | Status |
---|---|
Perfect Forward Secrecy | offered |
PFS Ciphers |
|
PFS ECDHE Curves |
|
Server Preferences
Category | Finding |
---|---|
Cipher Order | server |
Protocol Negotiated | Default protocol TLS1.3 |
Cipher Negotiated | TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519) |
Cipher Order TLS v1.2 | ECDHE-RSA-AES256-GCM-SHA384 |
Server Defaults
Category | Finding |
---|---|
TLS Extensions |
|
TLS Session Ticket | no -- no lifetime advertised |
SSL Session-ID Support | yes |
Session Resumption Ticket | not supported |
Session Resumption ID | not supported |
TLS Timestamp | random |
Number of Certificates | 1 |
Certificate
Category | Finding |
---|---|
Signature Algorithm | SHA256 with RSA |
Key Size | RSA 4096 bits |
Key Usage |
|
Extended Key Usage |
|
Serial Number | 03225E890EDE1DD5BFB3FE4F7CADD16ABB1A |
SHA1 Fingerprint | 519DA53A18C6BFA0AC8B59183EE64834D7C54D15 |
SHA256 Fingerprint | BB46A31200E7E9FC1DA3CF1E443B1835C5756F8AFAF21912145DC66022CDB9A5 |
X.509 Certificate | Download jabber.tcpreset.net_5222_519DA53A.pem |
Common Name (CN) | jabber.tcpreset.net |
Common Name w/o SNI | jabber.tcpreset.net |
Subject Alternative Name (SAN) |
|
CA Issuers | R11 (Let's Encrypt from US) |
Certificate Trust | Ok via SAN (same w/o SNI) |
Chain Of Trust | passed. |
Extended-Validation Policies | no |
ETS (prev. "eTLS") | not present |
Expiration Status | 70 >= 30 days |
Valid Not Before | 2024-07-20 16:08 |
Valid Not After | 2024-10-18 16:08 |
Validity Period | No finding |
Certificate Count Server | 2 |
Certs List Ordering Problem | no |
Leaked Key (pwnedkeys) | not in database |
CRL Distribution Points |
|
OCSP Revoked | |
OCSP URL | http://r11.o.lencr.org |
OCSP Stapling | not offered |
OCSP Must Staple Extension | -- |
DNS CAA Record |
|
Certificate Transparency | yes (certificate extension) |
Vulnerabilities
Category | Finding |
---|---|
Heartbleed | not vulnerable, no heartbeat extension |
CCS | not vulnerable |
ROBOT | not vulnerable, no RSA key transport cipher |
Secure Renegotiation | supported |
Secure Client Renegotiation | not vulnerable |
CRIME TLS | not vulnerable (not using HTTP anyway) |
POODLE SSL | not vulnerable, no SSLv3 |
Fallback SCSV | no protocol below TLS 1.2 offered |
SWEET32 | not vulnerable |
FREAK | not vulnerable |
DROWN | not vulnerable on this host and port |
DROWN Hint | Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see censys.io |
LOGJAM | not vulnerable, no DH EXPORT ciphers, |
LOGJAM Common Primes | no DH key with <= TLS 1.2 |
BEAST | not vulnerable, no SSL3 or TLS1 |
LUCKY13 | not vulnerable |
RC4 | not vulnerable |
Ciphers
Name | Key Exchange | Encryption | Key Length | IANA ID |
---|---|---|---|---|
ECDHE-RSA-AES256-GCM-SHA384 | ECDH 256 | AESGCM | 256 | xc030 |
ECDHE-RSA-AES128-GCM-SHA256 | ECDH 256 | AESGCM | 128 | xc02f |
Client Simulation
Category | Connection via |
---|---|
Android 8.1 | TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 |
Android 9.0 | TLSv1.3 TLS_AES_256_GCM_SHA384 |
Android X | TLSv1.3 TLS_AES_256_GCM_SHA384 |
Java 6u45 | No connection |
Java 7u25 | No connection |
Java 8u161 | TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 |
Java 11.0.2 (OpenJDK) | TLSv1.3 TLS_AES_256_GCM_SHA384 |
Java 12.0.1 (OpenJDK) | TLSv1.3 TLS_AES_256_GCM_SHA384 |
OpenSSL 1.02e | TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 |
OpenSSL 1.10l (Debian) | TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 |
OpenSSL 1.11d (Debian) | TLSv1.3 TLS_AES_256_GCM_SHA384 |