Choose a standard

These results have been calculated using the following standard:

Export

C
is the overall score for
virtualmin.com

Crypto on this site is outdated and might not provide enough security.

Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.

Machines Scanned

-
 virtualmin.com 198.154.100.99 2024-04-18 16:33:02 UTC
You must be logged in to monitor hosts.
-
 jamie.cloud.virtualmin.com 108.60.199.109 2024-04-18 16:33:02 UTC
You must be logged in to monitor hosts.
-
 ns.cloud.virtualmin.com 108.60.199.108 2024-04-18 16:33:02 UTC
You must be logged in to monitor hosts.
-
 ns2.cloud.virtualmin.com 108.60.199.116 2024-04-18 16:33:02 UTC
You must be logged in to monitor hosts.
-
 docs.virtualmin.com 198.154.100.100 2024-04-18 16:33:02 UTC
You must be logged in to monitor hosts.
-
 ftp.virtualmin.com 108.60.199.107 2024-04-18 16:33:02 UTC
You must be logged in to monitor hosts.
C
software.virtualmin.com 149.28.242.101 2024-04-18 16:33:02 UTC
You must be logged in to monitor hosts.
-
 software2.virtualmin.com 163.172.162.254 2024-04-18 16:33:03 UTC
You must be logged in to monitor hosts.
-
 srv1.virtualmin.com 108.60.199.106 2024-04-18 16:33:03 UTC
You must be logged in to monitor hosts.
down arrow

Crypto Services Discovered

Below we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading. To see the full details of the cryptography offered by a service, click on "show details".

virtualmin.com

IP address 198.154.100.99
Last scan 2024-04-18 16:33:02 UTC

No service that could be analyzed detected on this machine.

jamie.cloud.virtualmin.com

IP address 108.60.199.109
Last scan 2024-04-18 16:33:02 UTC

No service that could be analyzed detected on this machine.

ns.cloud.virtualmin.com

IP address 108.60.199.108
Last scan 2024-04-18 16:33:02 UTC

No service that could be analyzed detected on this machine.

ns2.cloud.virtualmin.com

IP address 108.60.199.116
Last scan 2024-04-18 16:33:02 UTC

No service that could be analyzed detected on this machine.

docs.virtualmin.com

IP address 198.154.100.100
Last scan 2024-04-18 16:33:02 UTC

No service that could be analyzed detected on this machine.

ftp.virtualmin.com

IP address 108.60.199.107
Last scan 2024-04-18 16:33:02 UTC

No service that could be analyzed detected on this machine.

software.virtualmin.com

IP address 149.28.242.101
Last scan 2024-04-18 16:33:02 UTC
TLS FTP (port 21)
Rules applicable 5
C
A
A!
B
C
D
F
2 0 2 1 0 0
SSH (port 22)
Rules applicable 6
C
A
A!
B
C
D
F
2 0 3 1 0 0
TLS HTTP (port 443)
Rules applicable 5
B
A
A!
B
C
D
F
3 0 2 0 0 0

TLS (port 21 – FTP)

Show scan details
Versions TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_SEED_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_IDEA_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_MD5 TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_SEED_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (Postfix 2048-bit): 0xf2ea0a012bb967db1d155744be940e859bdba474fb6be6442ab52ef8546703dbf32b7b869fa8241b0acb13fc1c59cc5c2cee7a98063dd648a8add2876584d6f0a62aeb8d7a6c0dc9aceb41c2266f7920171baa5af924a48370e7ea22b6acc69da3cb36cb531351840343c2ecaa760eac7bf9e757cfd2432aeeff5b574aebf746c5e783f9e1115d54a331f36afbea7e6012db1536c54a6d369ba1bdf06558dd082225495a6e9866162576eedb314f174ded6923fccc31ab67d8c2558f9c128538cf586b5a01d3b68bdf8685bc8b550b36b19f38e71d3331a12bf56db8853a44c2aa7c2e8e86664b31dfdf6b7229e63a064561a7976a044042b6f40449c46ed403
  • Generator: 0x5
Certificate start date 2018-07-27 06:18:54 UTC
Certificate expiration date 2018-08-26 06:18:54 UTC
Certificate serial number 10016193776172319625
Certificate issuer CN=software3.virtualmin.com ,O=Self-signed for software3.virtualmin.com ,L=NA,ST=NA,C=NA
Certificate subject CN=software3.virtualmin.com ,O=Self-signed for software3.virtualmin.com ,L=NA,ST=NA,C=NA
C
Weak cryptography
Support for RC4 cipher
Trigger The server supports a cipher suite containing the RC4 cipher.
Context

ECRYPT discourages the use of RC4 for both legacy and future applications (ECRYPT 2016 report).

In TLS, cipher suites using RC4 have been deprecated as of February 2015 (RFC 7465).

B
Warnings
Certificate RSA key length
Trigger The server uses a 2048-bit RSA key.
Context

ECRYPT recommends a length of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 bits for long term applications (ECRYPT 2016 report).

Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

ECRYPT recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (ECRYPT 2016 report).

A
Passed
Support for DES cipher
Trigger The server doesn't support any cipher suites containing the DES cipher.
Context

DES is a cipher with an effective key length of 56 bits, too weak by ECRYPT even for legacy applications (ECRYPT 2016 report).

Security of hash function for certificate signature digest
Trigger The hash used for the certificate is SHA-256.
Context

ECRYPT considers SHA-2, SHA-3 and Whirlpool (with at least 256 bits of output) to be the only acceptable choices for future applications. SHA-1, RIPEMD-160, SHA-224 and SHA3-224 are acceptable for legacy applications. MD5 and RIPEMD-128 are considered to weak for any application (ECRYPT 2016 report).

SSH (port 22)

Show scan details
Version string SSH-2.0-OpenSSH_7.4
Encryption algorithms
  • 3des-cbc
  • aes128-cbc
  • aes128-ctr
  • aes128-gcm@openssh.com
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • aes256-gcm@openssh.com
  • blowfish-cbc
  • cast128-cbc
  • chacha20-poly1305@openssh.com
Compression algorithms
  • none
  • zlib@openssh.com
MAC algorithms
  • hmac-sha1
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-512-etm@openssh.com
  • umac-128-etm@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-64@openssh.com
Server host key algorithms
  • ecdsa-sha2-nistp256
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-ed25519
  • ssh-rsa
Key exchange algorithms
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
Server keys
ECDSA secp256r1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPk4PTMjmD6iGqSA0hRWBiAM6I8THGH1DhrFV3FtQcenA+hVldrCFrd+EHuUpdRZhbY49T3hyi8Dm/EzSzG6S2o=
Ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHx+fPwMNnu2ZYg4jbxeEqBB15faIf+Qc7lNNAcExUhj
RSA 2048-bit ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqU1NHmBQNavlQnbAKMA4fgBHxY/87PDmQesVO7/p2AX5xBtHXRhMxFEPPmvoggLV2ixBrAn8YYUsgyOf73FObNS6u1pR11Oh96cUCXY8g5SJGYdXujdIYidAh7an2JYiJ1qsaILqnWHNfChVyscgJZdT9rCWhurQJZh7ZoI08MyomBvz6tfLi1Kamipgb3aazQtlJqbm1fVfh9G/ggV4gdFr66L/+BlFgautY7h81CzVP/D3pi6avzNQXYh4UxLdrY6jGK/IENFEq35CUOj2JAxO8FwvvnyGuPMwnQF9UTOiXjwIC/P4u4fPGgi2ZyWLTFTi5wQFfygtFLYkdpozd test this key
C
Weak cryptography
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

ECRYPT recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (ECRYPT 2016 report).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

B
Warnings
SSH RSA key length
Trigger The server uses a 2048-bit RSA key.
Context

ECRYPT recommends a length of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 bits for long term applications (ECRYPT 2016 report).

Support for Blowfish cipher
Trigger The server supports the Blowfish cipher.
Context

Blowfish is a block cipher with a 64-bit block size.

ECRYPT considers Blowfish to only be suitable for legacy applications (ECRYPT 2016 report).

Support for 3DES cipher
Trigger The server supports the 3DES cipher.
Context

Three-key-3DES is a cipher with 168-bit keys but an effective key length of 112 bits because of a meet-in-the-middle attack. This is considered enough only for legacy. Furthermore, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info).

ECRYPT considers 3DES to only be suitable for legacy applications (ECRYPT 2016 report).

A
Passed
Support for DES cipher
Trigger The server doesn't support the DES cipher.
Context

DES is a cipher with an effective key length of 56 bits, too weak by ECRYPT even for legacy applications (ECRYPT 2016 report).

Support for RC4 cipher
Trigger The server doesn't support the RC4 cipher.
Context

ECRYPT discourages the use of RC4 for both legacy and future applications (ECRYPT 2016 report).

In SSH, RC4 is implemented as "arcfour", "arcfour128" and "arcfour256". "arcfour128" and "arcfour256" improve the original algorithm but are still considered weak (RFC 4345).

TLS (port 443 – HTTP)

Show scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff
  • Generator: 0x2
Certificate start date 2023-09-12 16:51:07 UTC
Certificate expiration date 2023-12-11 16:51:06 UTC
Certificate serial number 279503508235384226986805774441936220599460
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=software2.virtualmin.com
Certificate SANs
  • software.virtualmin.com
  • software2.virtualmin.com
B
Warnings
Certificate RSA key length
Trigger The server uses a 2048-bit RSA key.
Context

ECRYPT recommends a length of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 bits for long term applications (ECRYPT 2016 report).

Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

ECRYPT recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (ECRYPT 2016 report).

A
Passed
Support for DES cipher
Trigger The server doesn't support any cipher suites containing the DES cipher.
Context

DES is a cipher with an effective key length of 56 bits, too weak by ECRYPT even for legacy applications (ECRYPT 2016 report).

Support for RC4 cipher
Trigger The server doesn't support any cipher suites containing the RC4 cipher.
Context

ECRYPT discourages the use of RC4 for both legacy and future applications (ECRYPT 2016 report).

In TLS, cipher suites using RC4 have been deprecated as of February 2015 (RFC 7465).

Security of hash function for certificate signature digest
Trigger The hash used for the certificate is SHA-256.
Context

ECRYPT considers SHA-2, SHA-3 and Whirlpool (with at least 256 bits of output) to be the only acceptable choices for future applications. SHA-1, RIPEMD-160, SHA-224 and SHA3-224 are acceptable for legacy applications. MD5 and RIPEMD-128 are considered to weak for any application (ECRYPT 2016 report).

software2.virtualmin.com

IP address 163.172.162.254
Last scan 2024-04-18 16:33:03 UTC

No service that could be analyzed detected on this machine.

srv1.virtualmin.com

IP address 108.60.199.106
Last scan 2024-04-18 16:33:03 UTC

No service that could be analyzed detected on this machine.