Crypto Service Audit by Cryptosense

Report for clientondersteuningplus.nl produced at 2024-04-23 05:30:25 UTC using the Cryptosense 2019 standard.

For more information on coverage, go to discovery.cryptosense.com/faq. If you have any suggestions for improving this report, please send us an email at discovery@cryptosense.com.

D
is the overall score for
clientondersteuningplus.nl

Crypto on this site is broken and is likely not to provide enough security.

Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.

Machines Scanned

D
clientondersteuningplus.nl 185.37.70.68 2024-04-22 08:14:42 UTC
-
 localhost.clientondersteuningplus.nl 127.0.0.1 excluded
-
 pop.clientondersteuningplus.nl 5.157.84.75 2024-04-22 08:14:42 UTC

Crypto Services Discovered

In the next pages, we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading and, if applicable, instructions on how to fix it.

clientondersteuningplus.nl

IP address 185.37.70.68
Last scan 2024-04-22 08:14:42 UTC
TLS FTP (port 21)
Rules applicable 19
A!
A
A!
B
C
D
F
20 2 0 0 0 0
TLS HTTP (port 443)
Rules applicable 20
D
A
A!
B
C
D
F
20 2 0 0 1 0
TLS SMTP (port 465)
Rules applicable 18
A!
A
A!
B
C
D
F
19 2 0 0 0 0
TLS SMTP (port 587)
Rules applicable 18
A!
A
A!
B
C
D
F
19 2 0 0 0 0

TLS (port 21 – FTP)

Scan details
Versions TLS 1.2
Ciphers
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Server
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xe27b2cd5c91f4abc877173aa6c5a968ae793003c2a16af4cdd7b30433409c3eabb6d8192a40cf75465d8db33de04ea22c8251f20d67fc699fc50306a887636d8e2142cde39f5b128da68a0d285c823759b8dd5c4bf7f09ed9af5e5b0ab03cd8ddfc8fe2434a28f7e7af188ef9ce3f89a457c335f99aa9234690c66461df17181ecb075fa51b9c8e713f8fbf68984191fd4f78f26d6aaacb37a6f82d3850359a4583bab20edf23923d8edafd54565d87d7be524ec743e0b412124c53d9b6ad26db1f8e390e0e0dc8a8c8642ebfee31e306c67dd7e39ef3ef12f9f3489834671029f59eeb2362231c392129a1c176c351f680ad6f9f79dd940d724b47dcaae9b63
  • Generator: 0x2
Certificate start date 2024-03-18 08:19:18 UTC
Certificate expiration date 2024-06-16 08:19:17 UTC
Certificate serial number 329490661022516498043036547854503392761526
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=server097.yourhosting.nl
Certificate SANs
  • server097.yourhosting.nl
A!
Borderline Compliance Warnings
Certificate RSA key length
Trigger The server uses a 2048-bit RSA key.
Context

RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems.

Diffie-Hellman group security
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org).

TLS (port 443 – HTTP)

Scan details
Versions TLS 1.2
Ciphers
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Server
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xe27b2cd5c91f4abc877173aa6c5a968ae793003c2a16af4cdd7b30433409c3eabb6d8192a40cf75465d8db33de04ea22c8251f20d67fc699fc50306a887636d8e2142cde39f5b128da68a0d285c823759b8dd5c4bf7f09ed9af5e5b0ab03cd8ddfc8fe2434a28f7e7af188ef9ce3f89a457c335f99aa9234690c66461df17181ecb075fa51b9c8e713f8fbf68984191fd4f78f26d6aaacb37a6f82d3850359a4583bab20edf23923d8edafd54565d87d7be524ec743e0b412124c53d9b6ad26db1f8e390e0e0dc8a8c8642ebfee31e306c67dd7e39ef3ef12f9f3489834671029f59eeb2362231c392129a1c176c351f680ad6f9f79dd940d724b47dcaae9b63
  • Generator: 0x2
Certificate start date 2023-08-12 08:20:05 UTC
Certificate expiration date 2023-11-10 08:20:04 UTC
Certificate serial number 422911942242554335527633784046993075147667
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=clientondersteuningplus.nl
Certificate SANs
  • clientondersteuningplus.nl
  • www.clientondersteuningplus.nl
D
Broken cryptography
Certificate expiration
Trigger The expiration date of this certificate is 2023-11-10 08:20:04 UTC.
Context

Each certificate defines a validity period. Outside of this period, it is not valid. In particular, no revocation information will be kept about an expired certificate.

A!
Borderline Compliance Warnings
Certificate RSA key length
Trigger The server uses a 2048-bit RSA key.
Context

RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems.

Diffie-Hellman group security
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org).

TLS (port 465 – SMTP)

Scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xe27b2cd5c91f4abc877173aa6c5a968ae793003c2a16af4cdd7b30433409c3eabb6d8192a40cf75465d8db33de04ea22c8251f20d67fc699fc50306a887636d8e2142cde39f5b128da68a0d285c823759b8dd5c4bf7f09ed9af5e5b0ab03cd8ddfc8fe2434a28f7e7af188ef9ce3f89a457c335f99aa9234690c66461df17181ecb075fa51b9c8e713f8fbf68984191fd4f78f26d6aaacb37a6f82d3850359a4583bab20edf23923d8edafd54565d87d7be524ec743e0b412124c53d9b6ad26db1f8e390e0e0dc8a8c8642ebfee31e306c67dd7e39ef3ef12f9f3489834671029f59eeb2362231c392129a1c176c351f680ad6f9f79dd940d724b47dcaae9b63
  • Generator: 0x2
Certificate start date 2024-03-18 08:19:18 UTC
Certificate expiration date 2024-06-16 08:19:17 UTC
Certificate serial number 329490661022516498043036547854503392761526
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=server097.yourhosting.nl
Certificate SANs
  • server097.yourhosting.nl
A!
Borderline Compliance Warnings
Certificate RSA key length
Trigger The server uses a 2048-bit RSA key.
Context

RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems.

Diffie-Hellman group security
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org).

TLS (port 587 – SMTP)

Scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xe27b2cd5c91f4abc877173aa6c5a968ae793003c2a16af4cdd7b30433409c3eabb6d8192a40cf75465d8db33de04ea22c8251f20d67fc699fc50306a887636d8e2142cde39f5b128da68a0d285c823759b8dd5c4bf7f09ed9af5e5b0ab03cd8ddfc8fe2434a28f7e7af188ef9ce3f89a457c335f99aa9234690c66461df17181ecb075fa51b9c8e713f8fbf68984191fd4f78f26d6aaacb37a6f82d3850359a4583bab20edf23923d8edafd54565d87d7be524ec743e0b412124c53d9b6ad26db1f8e390e0e0dc8a8c8642ebfee31e306c67dd7e39ef3ef12f9f3489834671029f59eeb2362231c392129a1c176c351f680ad6f9f79dd940d724b47dcaae9b63
  • Generator: 0x2
Certificate start date 2024-03-18 08:19:18 UTC
Certificate expiration date 2024-06-16 08:19:17 UTC
Certificate serial number 329490661022516498043036547854503392761526
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=server097.yourhosting.nl
Certificate SANs
  • server097.yourhosting.nl
A!
Borderline Compliance Warnings
Certificate RSA key length
Trigger The server uses a 2048-bit RSA key.
Context

RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems.

Diffie-Hellman group security
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org).

localhost.clientondersteuningplus.nl

IP address 127.0.0.1
Last scan excluded

This machine is excluded.

pop.clientondersteuningplus.nl

IP address 5.157.84.75
Last scan 2024-04-22 08:14:42 UTC

No service that could be analyzed detected on this machine.