TLS Test Results from January 21 2024 16:33:11 UTC. Scan took 43 seconds.


Finding Severity Result
TLS 1.2 OK offered
TLS 1.3 OK offered with final
Perfect Forward Secrecy OK offered
Common Name (CN) OK jabber.tcpreset.net
Subject Alternative Name (SAN) INFO
  • jabber.tcpreset.net
CA Issuers INFO R3 (Let's Encrypt from US)
Valid Not After OK 2024-04-14 23:47


Version Status
SSL v2 not offered
SSL v3 not offered
TLS 1.0 not offered
TLS 1.1 not offered
TLS 1.2 offered
TLS 1.3 offered with final

Cipher Categories

Category Status
NULL ciphers (no encryption) not offered
Anonymous NULL Ciphers (no authentication) not offered
Export ciphers (excluding ADH+NULL) not offered
LOW: 64 Bit + DES, RC[2,4] (excluding export) not offered
Triple DES Ciphers / IDEA not offered
Obsolete CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) offered

Perfect Forward Secrecy

Category Status
Perfect Forward Secrecy offered
PFS Ciphers
  • prime256v1
  • secp384r1
  • secp521r1

Server Preferences

Category Finding
Cipher Order server
Protocol Negotiated Default protocol TLS1.3
Cipher Negotiated TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
Cipher Order TLS v1.2 ECDHE-RSA-AES256-GCM-SHA384

Server Defaults

Category Finding
TLS Extensions
  • renegotiation info/#65281
  • server name/#0
  • EC point formats/#11
  • supported versions/#43
  • key share/#51
  • supported_groups/#10
  • max fragment length/#1
  • extended master secret/#23
TLS Session Ticket no -- no lifetime advertised
SSL Session-ID Support yes
Session Resumption Ticket not supported
Session Resumption ID not supported
TLS Timestamp random
Number of Certificates 1


Category Finding
Signature Algorithm SHA256 with RSA
Key Size RSA 4096 bits
Key Usage
  • Digital Signature
  • Key Encipherment
Extended Key Usage
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Serial Number 03137D003B1926925969CEDA9CF1741E3A3C
SHA1 Fingerprint 60E9B03CA14A3492408332EFAB3E92425A8686DD
SHA256 Fingerprint 98121E6CB1C30B86C43D3B4E0E8BDB05CB845AFE9086D20041DF9782FC45A736
X.509 Certificate Download jabber.tcpreset.net_5222_60E9B03C.pem
Common Name (CN) jabber.tcpreset.net
Common Name w/o SNI jabber.tcpreset.net
Subject Alternative Name (SAN)
  • jabber.tcpreset.net
CA Issuers R3 (Let's Encrypt from US)
Certificate Trust Ok via SAN (same w/o SNI)
Chain Of Trust passed.
Extended-Validation Policies no
ETS (prev. "eTLS") not present
Expiration Status 84 >= 30 days
Valid Not Before 2024-01-15 23:47
Valid Not After 2024-04-14 23:47
Validity Period No finding
Certificate Count Server 3
Certs List Ordering Problem no
Leaked Key (pwnedkeys) not in database
CRL Distribution Points
  • --
OCSP Revoked
OCSP URL http://r3.o.lencr.org
OCSP Stapling not offered
OCSP Must Staple Extension --
DNS CAA Record
  • --
Certificate Transparency yes (certificate extension)


Category Finding
Heartbleed not vulnerable, no heartbeat extension
CCS not vulnerable
ROBOT not vulnerable, no RSA key transport cipher
Secure Renegotiation supported
Secure Client Renegotiation not vulnerable
CRIME TLS not vulnerable (not using HTTP anyway)
POODLE SSL not vulnerable, no SSLv3
Fallback SCSV no protocol below TLS 1.2 offered
SWEET32 not vulnerable
FREAK not vulnerable
DROWN not vulnerable on this host and port
DROWN Hint Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see censys.io
LOGJAM not vulnerable, no DH EXPORT ciphers,
LOGJAM Common Primes no DH key with <= TLS 1.2
BEAST not vulnerable, no SSL3 or TLS1
LUCKY13 not vulnerable
RC4 not vulnerable


Name Key Exchange Encryption Key Length IANA ID

Client Simulation

Category Connection via
Android 8.1 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Android 9.0 TLSv1.3 TLS_AES_256_GCM_SHA384
Android X TLSv1.3 TLS_AES_256_GCM_SHA384
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384
OpenSSL 1.02e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
OpenSSL 1.10l (Debian) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
OpenSSL 1.11d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384