Choose a standard

These results have been calculated using the following standard:

Export

D
is the overall score for
clientondersteuningplus.nl

Crypto on this site is broken and is likely not to provide enough security.

Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.

Machines Scanned

D
clientondersteuningplus.nl 185.37.70.68 2022-09-29 01:35:59 UTC
You must be logged in to monitor hosts.
-
localhost.clientondersteuningplus.nl 127.0.0.1 excluded
You must be logged in to monitor hosts.
-
pop.clientondersteuningplus.nl 5.157.84.75 2022-09-29 01:35:59 UTC
You must be logged in to monitor hosts.
down arrow

Crypto Services Discovered

Below we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading. To see the full details of the cryptography offered by a service, click on "show details".

clientondersteuningplus.nl

IP address 185.37.70.68
Last scan 2022-09-29 01:35:59 UTC
TLS FTP (port 21)
Rules applicable 17
D
A
A!
B
C
D
F
13 2 1 0 1 0
TLS HTTP (port 443)
Rules applicable 17
D
A
A!
B
C
D
F
12 2 1 1 1 0
TLS SMTP (port 465)
Rules applicable 17
D
A
A!
B
C
D
F
12 2 1 1 1 0
TLS SMTP (port 587)
Rules applicable 17
D
A
A!
B
C
D
F
12 2 1 1 1 0

TLS (port 21 – FTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Server
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xe27b2cd5c91f4abc877173aa6c5a968ae793003c2a16af4cdd7b30433409c3eabb6d8192a40cf75465d8db33de04ea22c8251f20d67fc699fc50306a887636d8e2142cde39f5b128da68a0d285c823759b8dd5c4bf7f09ed9af5e5b0ab03cd8ddfc8fe2434a28f7e7af188ef9ce3f89a457c335f99aa9234690c66461df17181ecb075fa51b9c8e713f8fbf68984191fd4f78f26d6aaacb37a6f82d3850359a4583bab20edf23923d8edafd54565d87d7be524ec743e0b412124c53d9b6ad26db1f8e390e0e0dc8a8c8642ebfee31e306c67dd7e39ef3ef12f9f3489834671029f59eeb2362231c392129a1c176c351f680ad6f9f79dd940d724b47dcaae9b63
  • Generator: 0x2
Certificate start date 2022-09-25 07:19:56 UTC
Certificate expiration date 2022-12-24 07:19:55 UTC
Certificate serial number 341805982373311042085963512550290363325480
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=server097.yourhosting.nl
Certificate SANs
  • server097.yourhosting.nl
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

B
Warnings
R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger SSL 3.0, SSL 2.0, TLS 1.0, TLS 1.1 not among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R6: Always enable perfect forward secrecy (PFS)
Trigger The server only supports cipher suites that provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R9: Prefer AES or ChaCha20
Trigger The server only encrypts bulk data with AES or ChaCha20.
Context

Recommendation R9 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server only authenticates bulk data with GCM or CCM (not CCM-8).
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server only hashes data with SHA-2.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Server order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2022-12-24 07:19:55 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

TLS (port 443 – HTTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Server
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xe27b2cd5c91f4abc877173aa6c5a968ae793003c2a16af4cdd7b30433409c3eabb6d8192a40cf75465d8db33de04ea22c8251f20d67fc699fc50306a887636d8e2142cde39f5b128da68a0d285c823759b8dd5c4bf7f09ed9af5e5b0ab03cd8ddfc8fe2434a28f7e7af188ef9ce3f89a457c335f99aa9234690c66461df17181ecb075fa51b9c8e713f8fbf68984191fd4f78f26d6aaacb37a6f82d3850359a4583bab20edf23923d8edafd54565d87d7be524ec743e0b412124c53d9b6ad26db1f8e390e0e0dc8a8c8642ebfee31e306c67dd7e39ef3ef12f9f3489834671029f59eeb2362231c392129a1c176c351f680ad6f9f79dd940d724b47dcaae9b63
  • Generator: 0x2
Certificate start date 2022-08-17 09:19:39 UTC
Certificate expiration date 2022-11-15 09:19:38 UTC
Certificate serial number 391538175643328381921106527045337086788635
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=clientondersteuningplus.nl
Certificate SANs
  • clientondersteuningplus.nl
  • www.clientondersteuningplus.nl
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context

Recommendation R10 (ANSSI recommendations for TLS)

B
Warnings
R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger SSL 3.0, SSL 2.0, TLS 1.0, TLS 1.1 not among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R6: Always enable perfect forward secrecy (PFS)
Trigger The server only supports cipher suites that provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R9: Prefer AES or ChaCha20
Trigger The server only encrypts bulk data with AES or ChaCha20.
Context

Recommendation R9 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server only hashes data with SHA-2.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Server order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2022-11-15 09:19:38 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

TLS (port 465 – SMTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xe27b2cd5c91f4abc877173aa6c5a968ae793003c2a16af4cdd7b30433409c3eabb6d8192a40cf75465d8db33de04ea22c8251f20d67fc699fc50306a887636d8e2142cde39f5b128da68a0d285c823759b8dd5c4bf7f09ed9af5e5b0ab03cd8ddfc8fe2434a28f7e7af188ef9ce3f89a457c335f99aa9234690c66461df17181ecb075fa51b9c8e713f8fbf68984191fd4f78f26d6aaacb37a6f82d3850359a4583bab20edf23923d8edafd54565d87d7be524ec743e0b412124c53d9b6ad26db1f8e390e0e0dc8a8c8642ebfee31e306c67dd7e39ef3ef12f9f3489834671029f59eeb2362231c392129a1c176c351f680ad6f9f79dd940d724b47dcaae9b63
  • Generator: 0x2
Certificate start date 2022-09-25 07:19:56 UTC
Certificate expiration date 2022-12-24 07:19:55 UTC
Certificate serial number 341805982373311042085963512550290363325480
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=server097.yourhosting.nl
Certificate SANs
  • server097.yourhosting.nl
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R13: Prefer server order of cipher suites
Trigger Client order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

B
Warnings
R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger SSL 3.0, SSL 2.0, TLS 1.0, TLS 1.1 not among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R6: Always enable perfect forward secrecy (PFS)
Trigger The server only supports cipher suites that provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R9: Prefer AES or ChaCha20
Trigger The server only encrypts bulk data with AES or ChaCha20.
Context

Recommendation R9 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server only authenticates bulk data with GCM or CCM (not CCM-8).
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server only hashes data with SHA-2.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2022-12-24 07:19:55 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

TLS (port 587 – SMTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xe27b2cd5c91f4abc877173aa6c5a968ae793003c2a16af4cdd7b30433409c3eabb6d8192a40cf75465d8db33de04ea22c8251f20d67fc699fc50306a887636d8e2142cde39f5b128da68a0d285c823759b8dd5c4bf7f09ed9af5e5b0ab03cd8ddfc8fe2434a28f7e7af188ef9ce3f89a457c335f99aa9234690c66461df17181ecb075fa51b9c8e713f8fbf68984191fd4f78f26d6aaacb37a6f82d3850359a4583bab20edf23923d8edafd54565d87d7be524ec743e0b412124c53d9b6ad26db1f8e390e0e0dc8a8c8642ebfee31e306c67dd7e39ef3ef12f9f3489834671029f59eeb2362231c392129a1c176c351f680ad6f9f79dd940d724b47dcaae9b63
  • Generator: 0x2
Certificate start date 2022-09-25 07:19:56 UTC
Certificate expiration date 2022-12-24 07:19:55 UTC
Certificate serial number 341805982373311042085963512550290363325480
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=server097.yourhosting.nl
Certificate SANs
  • server097.yourhosting.nl
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R13: Prefer server order of cipher suites
Trigger Client order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

B
Warnings
R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger SSL 3.0, SSL 2.0, TLS 1.0, TLS 1.1 not among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R6: Always enable perfect forward secrecy (PFS)
Trigger The server only supports cipher suites that provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R9: Prefer AES or ChaCha20
Trigger The server only encrypts bulk data with AES or ChaCha20.
Context

Recommendation R9 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server only authenticates bulk data with GCM or CCM (not CCM-8).
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server only hashes data with SHA-2.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2022-12-24 07:19:55 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

localhost.clientondersteuningplus.nl

IP address 127.0.0.1
Last scan excluded

This machine is excluded.

pop.clientondersteuningplus.nl

IP address 5.157.84.75
Last scan 2022-09-29 01:35:59 UTC

No service that could be analyzed detected on this machine.