smtp.freedom.nl, 116.202.127.71:465

TLS Test Results from December 15 2021 20:13:36 UTC. Scan took 229 seconds.

Summary

Finding	Severity	Result
Service	DEBUG	Couldn't determine service, skipping all HTTP checks
OCSP Revoked	WARN
TLS 1.2	OK	offered
TLS 1.3	OK	offered with final
Perfect Forward Secrecy	OK	offered
Common Name (CN)	OK	*.freedom.nl
Subject Alternative Name (SAN)	INFO	*.freedom.nl freedom.nl
CA Issuers	INFO	R3 (Let's Encrypt from US)
Valid Not After	OK	2022-03-10 10:48

Protocols

Version	Status
SSL v2	not offered
SSL v3	not offered
TLS 1.0	offered (deprecated)
TLS 1.1	offered (deprecated)
TLS 1.2	offered
TLS 1.3	offered with final
ALPN / HTTP2	not offered

How do you like TestTLS?

Seriously? All five?!

I’m flattered, thanks a lot! Your hair looks beautiful!

While we're both riding this wave of joy, would you to give @testtls_com a shoutout on Twitter?

Not too bad, but not perfect.

Thanks a lot, I’m glad that you liked this website!

If you like, follow @testtls_com on Twitter to hear about new features as they are added.

Honest feedback, much appreciated!

So you think that this site could be better, understood.

Would you tell us what’s missing? Reach out either via @testtls_com or e-mail.

Almost 2.5 stars. Oh, boy!

So you think this website is shit, I get it.

Note to self: do not encourage users who rated below 3 stars to comment at @testtls_com.

Ouch, that hurts.

Father? Is that you? What can I do so that you will finally be proud of me?

Let me guess... you would have chosen zero stars if it were available, right? Let it all out via e-mail.

Cipher Categories

Category	Status
NULL ciphers (no encryption)	not offered
Anonymous NULL Ciphers (no authentication)	not offered
Export ciphers (excluding ADH+NULL)	not offered
LOW: 64 Bit + DES, RC[2,4] (excluding export)	not offered
Triple DES Ciphers / IDEA	not offered
Obsolete CBC ciphers (AES, ARIA etc.)	offered
Strong encryption (AEAD ciphers)	offered

Perfect Forward Secrecy

Category	Status
Perfect Forward Secrecy	offered
PFS Ciphers	DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA DHE-RSA-CAMELLIA256-SHA256 DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-CAMELLIA128-SHA256 ECDHE-RSA-CAMELLIA256-SHA384
PFS ECDHE Curves	prime256v1 secp384r1 secp521r1

Server Preferences

Category	Finding
Cipher Order	server
Protocol Negotiated	Default protocol TLS1.3
Cipher Negotiated	TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
Cipher Order TLS v1.0	ECDHE-RSA-AES256-SHA
Cipher Order TLS v1.1	ECDHE-RSA-AES256-SHA
Cipher Order TLS v1.2	ECDHE-RSA-AES256-GCM-SHA384

Server Defaults

Category	Finding
TLS Extensions	renegotiation info/#65281 EC point formats/#11 session ticket/#35 supported versions/#43 key share/#51 supported_groups/#10 max fragment length/#1 encrypt-then-mac/#22 extended master secret/#23
TLS Session Ticket	valid for 7200 seconds only (<daily)
SSL Session-ID Support	yes
Session Resumption Ticket	supported
Session Resumption ID	supported
TLS Timestamp	random
Number of Certificates	1

Certificate

Category	Finding
Signature Algorithm	SHA256 with RSA
Key Size	RSA 4096 bits
Key Usage	Digital Signature Key Encipherment
Extended Key Usage	TLS Web Server Authentication TLS Web Client Authentication
Serial Number	038792D6555168BE8D4AB7F1E82962B318A1
SHA1 Fingerprint	68F0D2CE5973F98735FE33EC86EB48E7DDF05DCB
SHA256 Fingerprint	47CD7FCCFAD68D3A834B9592FEDF2472F2902C2095D7C59CC99BE702333A5DB6
X.509 Certificate	Download smtp.freedom.nl_465_68F0D2CE.pem
Common Name (CN)	*.freedom.nl
Common Name w/o SNI	*.freedom.nl
Subject Alternative Name (SAN)	*.freedom.nl freedom.nl
CA Issuers	R3 (Let's Encrypt from US)
Certificate Trust	Ok via SAN wildcard (same w/o SNI)
Chain Of Trust	passed.
Extended-Validation Policies	no
ETS (prev. "eTLS")	not present
Expiration Status	84 >= 30 days
Valid Not Before	2021-12-10 10:48
Valid Not After	2022-03-10 10:48
Validity Period	No finding
Certificate Count Server	3
Certs List Ordering Problem	no
Leaked Key (pwnedkeys)	not in database
CRL Distribution Points	--
OCSP Revoked
OCSP URL	http://r3.o.lencr.org
OCSP Stapling	not offered
OCSP Must Staple Extension	--
DNS CAA Record	iodef=mailto:security@freedomnet.nl issue=comodo.com issue=globalsign.com issue=letsencrypt.org issuewild=letsencrypt.org
Certificate Transparency	yes (certificate extension)

Vulnerabilities

Category	Finding
Heartbleed	not vulnerable, no heartbeat extension
CCS	not vulnerable
Ticketbleed	not applicable, not HTTP
ROBOT	not vulnerable
Secure Renegotiation	supported
Secure Client Renegotiation	not vulnerable
CRIME TLS	not vulnerable (not using HTTP anyway)
POODLE SSL	not vulnerable, no SSLv3
Fallback SCSV	supported
SWEET32	not vulnerable
FREAK	not vulnerable
DROWN	not vulnerable on this host and port
DROWN Hint	Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see censys.io
LOGJAM Common Primes	RFC7919/ffdhe4096
LOGJAM	not vulnerable, no DH EXPORT ciphers,
BEAST CBC TLS1	ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA CAMELLIA128-SHA
BEAST	VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
LUCKY13	potentially vulnerable, uses TLS CBC ciphers
RC4	not vulnerable

Ciphers

Name	Key Exchange	Encryption	Key Length	IANA ID
ECDHE-RSA-AES256-GCM-SHA384	ECDH 256	AESGCM	256	xc030
ECDHE-RSA-AES256-SHA384	ECDH 256	AES	256	xc028
ECDHE-RSA-AES256-SHA	ECDH 256	AES	256	xc014
DHE-RSA-AES256-GCM-SHA384	DH 4096	AESGCM	256	x9f
DHE-RSA-AES256-SHA256	DH 4096	AES	256	x6b
DHE-RSA-AES256-SHA	DH 4096	AES	256	x39
ECDHE-RSA-CAMELLIA256-SHA384	ECDH 256	Camellia	256	xc077
DHE-RSA-CAMELLIA256-SHA256	DH 4096	Camellia	256	xc4
DHE-RSA-CAMELLIA256-SHA	DH 4096	Camellia	256	x88
AES256-GCM-SHA384	RSA	AESGCM	256	x9d
AES256-SHA256	RSA	AES	256	x3d
AES256-SHA	RSA	AES	256	x35
CAMELLIA256-SHA256	RSA	Camellia	256	xc0
ECDHE-RSA-AES128-GCM-SHA256	ECDH 256	AESGCM	128	xc02f
ECDHE-RSA-AES128-SHA256	ECDH 256	AES	128	xc027
ECDHE-RSA-AES128-SHA	ECDH 256	AES	128	xc013
DHE-RSA-AES128-GCM-SHA256	DH 4096	AESGCM	128	x9e
DHE-RSA-AES128-SHA256	DH 4096	AES	128	x67
DHE-RSA-AES128-SHA	DH 4096	AES	128	x33
ECDHE-RSA-CAMELLIA128-SHA256	ECDH 256	Camellia	128	xc076
DHE-RSA-CAMELLIA128-SHA256	DH 4096	Camellia	128	xbe
DHE-RSA-CAMELLIA128-SHA	DH 4096	Camellia	128	x45
AES128-GCM-SHA256	RSA	AESGCM	128	x9c
AES128-SHA256	RSA	AES	128	x3c
AES128-SHA	RSA	AES	128	x2f
CAMELLIA128-SHA256	RSA	Camellia	128	xba
CAMELLIA128-SHA	RSA	Camellia	128	x41

Client Simulation

Category	Connection via
Android 4.4.2	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Android 5.0	TLSv1.2 ECDHE-RSA-AES256-SHA
Android 6.0	TLSv1.2 ECDHE-RSA-AES256-SHA
Android 7.0	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Android 8.1	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Android 9.0	TLSv1.3 TLS_AES_256_GCM_SHA384
Android X	TLSv1.3 TLS_AES_256_GCM_SHA384
Chrome 74 Windows 10	TLSv1.3 TLS_AES_256_GCM_SHA384
Chrome 79 Windows 10	TLSv1.3 TLS_AES_256_GCM_SHA384
Firefox 66 Windows 8.1/10	TLSv1.3 TLS_AES_256_GCM_SHA384
Firefox 71 Windows 10	TLSv1.3 TLS_AES_256_GCM_SHA384
IE 6 Windows XP	No connection
IE 8 Windows 7	TLSv1.0 ECDHE-RSA-AES256-SHA
IE 8 Windows XP	No connection
IE 11 Windows 7	TLSv1.2 DHE-RSA-AES256-GCM-SHA384
IE 11 Windows 8.1	TLSv1.2 DHE-RSA-AES256-GCM-SHA384
IE 11 Windows Phone 8.1	TLSv1.2 ECDHE-RSA-AES256-SHA
IE 11 Windows 10	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Edge 15 Windows 10	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Edge 17 Windows 10	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Opera 66 Windows 10	TLSv1.3 TLS_AES_256_GCM_SHA384
Safari 9 IOS9	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Safari 9 OSX 10.11	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Safari 10 OSX 10.12	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Safari 12.1 iOS 12.2	TLSv1.3 TLS_AES_256_GCM_SHA384
Safari 13.0 OSX 10.14.6	TLSv1.3 TLS_AES_256_GCM_SHA384
Apple ATS 9 IOS9	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Java 6u45	No connection
Java 7u25	TLSv1.0 ECDHE-RSA-AES128-SHA
Java 8u161	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
Java 11.0.2 (OpenJDK)	TLSv1.3 TLS_AES_256_GCM_SHA384
Java 12.0.1 (OpenJDK)	TLSv1.3 TLS_AES_256_GCM_SHA384
OpenSSL 1.02e	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
OpenSSL 1.10l (Debian)	TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
OpenSSL 1.11d (Debian)	TLSv1.3 TLS_AES_256_GCM_SHA384
Thunderbird 68.3	TLSv1.3 TLS_AES_256_GCM_SHA384

About

Contact