Choose a standard

These results have been calculated using the following standard:

Export

D
is the overall score for
gsc-game.com

Crypto on this site is broken and is likely not to provide enough security.

Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.

Machines Scanned

D
gsc-game.com 5.9.10.49 2024-04-25 14:01:12 UTC
You must be logged in to monitor hosts.
D
mail.gsc-game.com 5.9.10.59 2024-04-25 14:01:12 UTC
You must be logged in to monitor hosts.
down arrow

Crypto Services Discovered

Below we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading. To see the full details of the cryptography offered by a service, click on "show details".

gsc-game.com

IP address 5.9.10.49
Last scan 2024-04-25 14:01:12 UTC
TLS SMTP (port 25)
Rules applicable 17
D
A
A!
B
C
D
F
8 2 0 5 2 0
TLS HTTP (port 443)
Rules applicable 17
D
A
A!
B
C
D
F
8 2 1 4 2 0
TLS SMTP (port 465)
Rules applicable 17
D
A
A!
B
C
D
F
8 2 1 5 1 0
TLS SMTP (port 587)
Rules applicable 17
D
A
A!
B
C
D
F
8 2 1 5 1 0

TLS (port 25 – SMTP)

Show scan details
Versions TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0x91b45856881ed8fb6b995d5e2822a5b9204510b81c92e2d29e4b87d137dfa9b99fa18337e2516edaf3ccd8b867ccabc4050948202393cd00f6f6444e69c45f48aa6c3483515e15ca52a23ab055f3519bb816593af5728664e48362f5a4239a529f56a6438367be7eacfaec27fdfd190d90e228b5bd4e09edc49578036fb27b299a7a81826c85d7e6af1681a8c58407aeb77e912fddc70675d3d614fb1236b563cd70f5f3b342bc01b978727c2900762300fd50a9d140f8d29eee7fea24a5c9159f00fa5a75021cc8a3f271a555b95910b158ccd8b4b9db7322b4b09402db65721e02a85b65724e942b98b29261cd5d15b34943270af1bcdc2d760d5eae7548a3
  • Generator: 0x2
Certificate start date 2023-12-06 00:00:00 UTC
Certificate expiration date 2024-12-22 23:59:59 UTC
Certificate serial number 178602405364846433479848078677005379024
Certificate issuer CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Certificate subject CN=mail.gsc-game.com
Certificate SANs
  • mail.gsc-game.com
  • www.mail.gsc-game.com
D
Broken cryptography
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger TLS 1.0, TLS 1.1 among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R6: Always enable perfect forward secrecy (PFS)
Trigger The server supports some cipher suites that do not provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with an algorithm that is neither ECDHE or DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Client order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R9: Prefer AES or ChaCha20
Trigger The server only encrypts bulk data with AES or ChaCha20.
Context

Recommendation R9 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2024-12-22 23:59:59 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

TLS (port 443 – HTTP)

Show scan details
Versions TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.1, TLS 1.2
Cipher order Server
Compression
  • NULL TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0xb89e8933638a5695b63417c3213de16b1ea537e030681fb80b518c9c61246fbe00653516e7a71e576db43fa2a699491ddc78696b47fc9bb6432ff90357c0810b304fb1c55dc35b275d99e7e0423ac2452cfa2d5be07fe152243f9f60deea81f4ae72dfd8f10de66621868ee419774848230ba348084a32086ac9492868d775601a681ca66cf10eb1bad5d2527fb39fe2c461335a514e1298368d7e61e5ef13854b3e1613cfd2e9ecbbaeafa6603f2e5e48bc287a024f450261e21e7d58b1c32245f3287da3a2fb7dbdfe8a80dfed62b6f09b38be356f125ed1d3c8abc3ce90aa94d8e4c346e3080874358ff1f6ee1910b8042d2d2fe8450d4e5647dec5086ebb
  • Generator: 0x2
Certificate start date 2022-04-28 00:00:00 UTC
Certificate expiration date 2023-04-30 23:59:59 UTC
Certificate serial number 17061850174481118340281812675480892070
Certificate issuer CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Certificate subject CN=gsc-game.com
Certificate SANs
  • gsc-game.com
  • www.gsc-game.com
D
Broken cryptography
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger TLS 1.1 among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R6: Always enable perfect forward secrecy (PFS)
Trigger The server supports some cipher suites that do not provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with an algorithm that is neither ECDHE or DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context

Recommendation R11 (ANSSI recommendations for TLS)

B
Warnings
R9: Prefer AES or ChaCha20
Trigger The server can encrypt bulk data with Camellia or ARIA.
Context

Recommendation R9 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Server order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2023-04-30 23:59:59 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

TLS (port 465 – SMTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0x91b45856881ed8fb6b995d5e2822a5b9204510b81c92e2d29e4b87d137dfa9b99fa18337e2516edaf3ccd8b867ccabc4050948202393cd00f6f6444e69c45f48aa6c3483515e15ca52a23ab055f3519bb816593af5728664e48362f5a4239a529f56a6438367be7eacfaec27fdfd190d90e228b5bd4e09edc49578036fb27b299a7a81826c85d7e6af1681a8c58407aeb77e912fddc70675d3d614fb1236b563cd70f5f3b342bc01b978727c2900762300fd50a9d140f8d29eee7fea24a5c9159f00fa5a75021cc8a3f271a555b95910b158ccd8b4b9db7322b4b09402db65721e02a85b65724e942b98b29261cd5d15b34943270af1bcdc2d760d5eae7548a3
  • Generator: 0x2
Certificate start date 2023-12-06 00:00:00 UTC
Certificate expiration date 2024-12-22 23:59:59 UTC
Certificate serial number 178602405364846433479848078677005379024
Certificate issuer CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Certificate subject CN=mail.gsc-game.com
Certificate SANs
  • mail.gsc-game.com
  • www.mail.gsc-game.com
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R6: Always enable perfect forward secrecy (PFS)
Trigger The server supports some cipher suites that do not provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with an algorithm that is neither ECDHE or DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Client order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

B
Warnings
R9: Prefer AES or ChaCha20
Trigger The server can encrypt bulk data with Camellia or ARIA.
Context

Recommendation R9 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger SSL 2.0, SSL 3.0, TLS 1.1, TLS 1.0 not among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2024-12-22 23:59:59 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

TLS (port 587 – SMTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0x91b45856881ed8fb6b995d5e2822a5b9204510b81c92e2d29e4b87d137dfa9b99fa18337e2516edaf3ccd8b867ccabc4050948202393cd00f6f6444e69c45f48aa6c3483515e15ca52a23ab055f3519bb816593af5728664e48362f5a4239a529f56a6438367be7eacfaec27fdfd190d90e228b5bd4e09edc49578036fb27b299a7a81826c85d7e6af1681a8c58407aeb77e912fddc70675d3d614fb1236b563cd70f5f3b342bc01b978727c2900762300fd50a9d140f8d29eee7fea24a5c9159f00fa5a75021cc8a3f271a555b95910b158ccd8b4b9db7322b4b09402db65721e02a85b65724e942b98b29261cd5d15b34943270af1bcdc2d760d5eae7548a3
  • Generator: 0x2
Certificate start date 2023-12-06 00:00:00 UTC
Certificate expiration date 2024-12-22 23:59:59 UTC
Certificate serial number 178602405364846433479848078677005379024
Certificate issuer CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Certificate subject CN=mail.gsc-game.com
Certificate SANs
  • mail.gsc-game.com
  • www.mail.gsc-game.com
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R6: Always enable perfect forward secrecy (PFS)
Trigger The server supports some cipher suites that do not provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with an algorithm that is neither ECDHE or DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Client order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

B
Warnings
R9: Prefer AES or ChaCha20
Trigger The server can encrypt bulk data with Camellia or ARIA.
Context

Recommendation R9 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger SSL 2.0, SSL 3.0, TLS 1.1, TLS 1.0 not among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2024-12-22 23:59:59 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

mail.gsc-game.com

IP address 5.9.10.59
Last scan 2024-04-25 14:01:12 UTC
TLS SMTP (port 25)
Rules applicable 17
D
A
A!
B
C
D
F
8 2 0 5 2 0
TLS SMTP (port 465)
Rules applicable 17
D
A
A!
B
C
D
F
8 2 1 5 1 0
TLS SMTP (port 587)
Rules applicable 17
D
A
A!
B
C
D
F
8 2 1 5 1 0

TLS (port 25 – SMTP)

Show scan details
Versions TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0x91b45856881ed8fb6b995d5e2822a5b9204510b81c92e2d29e4b87d137dfa9b99fa18337e2516edaf3ccd8b867ccabc4050948202393cd00f6f6444e69c45f48aa6c3483515e15ca52a23ab055f3519bb816593af5728664e48362f5a4239a529f56a6438367be7eacfaec27fdfd190d90e228b5bd4e09edc49578036fb27b299a7a81826c85d7e6af1681a8c58407aeb77e912fddc70675d3d614fb1236b563cd70f5f3b342bc01b978727c2900762300fd50a9d140f8d29eee7fea24a5c9159f00fa5a75021cc8a3f271a555b95910b158ccd8b4b9db7322b4b09402db65721e02a85b65724e942b98b29261cd5d15b34943270af1bcdc2d760d5eae7548a3
  • Generator: 0x2
Certificate start date 2023-12-06 00:00:00 UTC
Certificate expiration date 2024-12-22 23:59:59 UTC
Certificate serial number 178602405364846433479848078677005379024
Certificate issuer CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Certificate subject CN=mail.gsc-game.com
Certificate SANs
  • mail.gsc-game.com
  • www.mail.gsc-game.com
D
Broken cryptography
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger TLS 1.0, TLS 1.1 among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R6: Always enable perfect forward secrecy (PFS)
Trigger The server supports some cipher suites that do not provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with an algorithm that is neither ECDHE or DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Client order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R9: Prefer AES or ChaCha20
Trigger The server only encrypts bulk data with AES or ChaCha20.
Context

Recommendation R9 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2024-12-22 23:59:59 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

TLS (port 465 – SMTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0x91b45856881ed8fb6b995d5e2822a5b9204510b81c92e2d29e4b87d137dfa9b99fa18337e2516edaf3ccd8b867ccabc4050948202393cd00f6f6444e69c45f48aa6c3483515e15ca52a23ab055f3519bb816593af5728664e48362f5a4239a529f56a6438367be7eacfaec27fdfd190d90e228b5bd4e09edc49578036fb27b299a7a81826c85d7e6af1681a8c58407aeb77e912fddc70675d3d614fb1236b563cd70f5f3b342bc01b978727c2900762300fd50a9d140f8d29eee7fea24a5c9159f00fa5a75021cc8a3f271a555b95910b158ccd8b4b9db7322b4b09402db65721e02a85b65724e942b98b29261cd5d15b34943270af1bcdc2d760d5eae7548a3
  • Generator: 0x2
Certificate start date 2023-12-06 00:00:00 UTC
Certificate expiration date 2024-12-22 23:59:59 UTC
Certificate serial number 178602405364846433479848078677005379024
Certificate issuer CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Certificate subject CN=mail.gsc-game.com
Certificate SANs
  • mail.gsc-game.com
  • www.mail.gsc-game.com
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R6: Always enable perfect forward secrecy (PFS)
Trigger The server supports some cipher suites that do not provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with an algorithm that is neither ECDHE or DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Client order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

B
Warnings
R9: Prefer AES or ChaCha20
Trigger The server can encrypt bulk data with Camellia or ARIA.
Context

Recommendation R9 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger SSL 2.0, SSL 3.0, TLS 1.1, TLS 1.0 not among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2024-12-22 23:59:59 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)

TLS (port 587 – SMTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM TLS 1.2
  • TLS_RSA_WITH_AES_128_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM TLS 1.2
  • TLS_RSA_WITH_AES_256_CCM_8 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_ARIA_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_ARIA_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (custom, 2048-bit): 0x91b45856881ed8fb6b995d5e2822a5b9204510b81c92e2d29e4b87d137dfa9b99fa18337e2516edaf3ccd8b867ccabc4050948202393cd00f6f6444e69c45f48aa6c3483515e15ca52a23ab055f3519bb816593af5728664e48362f5a4239a529f56a6438367be7eacfaec27fdfd190d90e228b5bd4e09edc49578036fb27b299a7a81826c85d7e6af1681a8c58407aeb77e912fddc70675d3d614fb1236b563cd70f5f3b342bc01b978727c2900762300fd50a9d140f8d29eee7fea24a5c9159f00fa5a75021cc8a3f271a555b95910b158ccd8b4b9db7322b4b09402db65721e02a85b65724e942b98b29261cd5d15b34943270af1bcdc2d760d5eae7548a3
  • Generator: 0x2
Certificate start date 2023-12-06 00:00:00 UTC
Certificate expiration date 2024-12-22 23:59:59 UTC
Certificate serial number 178602405364846433479848078677005379024
Certificate issuer CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Certificate subject CN=mail.gsc-game.com
Certificate SANs
  • mail.gsc-game.com
  • www.mail.gsc-game.com
D
Broken cryptography
R28: Present an appropriate ExtendedKeyUsage
Trigger The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth.
Context

Recommendation R28 (ANSSI recommendations for TLS)

C
Weak cryptography
R6: Always enable perfect forward secrecy (PFS)
Trigger The server supports some cipher suites that do not provide forward secrecy.
Context

Recommendation R6 (ANSSI recommendations for TLS)

R7: Exchange keys with ECDHE, or at least DHE
Trigger The server can exchange keys with an algorithm that is neither ECDHE or DHE.
Context

Recommendation R7 (ANSSI recommendations for TLS)

R10: Use an authenticated mode of encryption
Trigger The server can encrypt bulk data with a mechanism that is not GCM or CCM.
Context

Recommendation R10 (ANSSI recommendations for TLS)

R11: Use SHA-2 as hashing function
Trigger The server can hash data with a hash function that is not of the SHA-2 family.
Context

Recommendation R11 (ANSSI recommendations for TLS)

R13: Prefer server order of cipher suites
Trigger Client order is preferred.
Context

Recommendation R13 (ANSSI recommendations for TLS)

B
Warnings
R9: Prefer AES or ChaCha20
Trigger The server can encrypt bulk data with Camellia or ARIA.
Context

Recommendation R9 (ANSSI recommendations for TLS)

A!
Borderline Compliance Warnings
R3: Prefer TLS 1.3 and accept TLS 1.2
Trigger TLS 1.2 supported by the server.
Context

Recommendation R3 (ANSSI recommendations for TLS)

R8: Authenticate the server with a certificate
Trigger The server can be authenticated with: RSA.
Context

Recommendation R8 (ANSSI recommendations for TLS)

A
Passed
R4: Avoid SSLv2, SSLv3, TLS 1.0 and TLS 1.1
Trigger SSL 2.0, SSL 3.0, TLS 1.1, TLS 1.0 not among the protocols offered by TLS server.
Context

Recommendation R4 (ANSSI recommendations for TLS)

R5: Authenticate the server with a key exchange
Trigger The server doesn't support any anonymous cipher suite.
Context

Recommendation R5 (ANSSI recommendations for TLS)

R19: Don't use TLS compression
Trigger This service supports the following compression algorithms: NULL.
Context

Recommendation R19 (ANSSI recommendations for TLS)

R24: Present a certificate signed with SHA-2
Trigger The certificate is signed with SHA-2
Context

Recommendation R24 (ANSSI recommendations for TLS)

R25: Present a certificate valid for 3 years (825 days) or less
Trigger The expiration date of this certificate is 2024-12-22 23:59:59 UTC.
Context

Recommendation R25 (ANSSI recommendations for TLS)

R26: Use keys of sufficient length
Trigger The certificate's RSA key has a length of 2048 bits and an exponent of 65537.
Context

Recommendation R26 (ANSSI recommendations for TLS)

R27: Present an appropriate KeyUsage
Trigger The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature
Context

Recommendation R27 (ANSSI recommendations for TLS)

R33: Present a certificate with revocation sources
Trigger Both CRLDP and AIA extensions are present and marked as non-critical.
Context

Recommendation R33 (ANSSI recommendations for TLS)