Crypto Service Audit by Cryptosense

Report for virtualmin.com produced at 2024-04-24 13:52:48 UTC using the NIST standard.

For more information on coverage, go to discovery.cryptosense.com/faq. If you have any suggestions for improving this report, please send us an email at discovery@cryptosense.com.

C
is the overall score for
virtualmin.com

Crypto on this site is outdated and might not provide enough security.

Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.

Machines Scanned

-
 virtualmin.com 198.154.100.99 2024-04-23 14:51:14 UTC
-
 jamie.cloud.virtualmin.com 108.60.199.109 2024-04-23 14:51:14 UTC
-
 ns.cloud.virtualmin.com 108.60.199.108 2024-04-23 14:51:14 UTC
-
 ns2.cloud.virtualmin.com 108.60.199.116 2024-04-23 14:51:14 UTC
-
 docs.virtualmin.com 198.154.100.100 2024-04-23 14:51:14 UTC
-
 ftp.virtualmin.com 108.60.199.107 2024-04-23 14:51:14 UTC
C
software.virtualmin.com 149.28.242.101 2024-04-23 14:51:15 UTC
-
 software2.virtualmin.com 163.172.162.254 2024-04-23 14:51:15 UTC
-
 srv1.virtualmin.com 108.60.199.106 2024-04-23 14:51:15 UTC

Crypto Services Discovered

In the next pages, we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading and, if applicable, instructions on how to fix it.

virtualmin.com

IP address 198.154.100.99
Last scan 2024-04-23 14:51:14 UTC

No service that could be analyzed detected on this machine.

jamie.cloud.virtualmin.com

IP address 108.60.199.109
Last scan 2024-04-23 14:51:14 UTC

No service that could be analyzed detected on this machine.

ns.cloud.virtualmin.com

IP address 108.60.199.108
Last scan 2024-04-23 14:51:14 UTC

No service that could be analyzed detected on this machine.

ns2.cloud.virtualmin.com

IP address 108.60.199.116
Last scan 2024-04-23 14:51:14 UTC

No service that could be analyzed detected on this machine.

docs.virtualmin.com

IP address 198.154.100.100
Last scan 2024-04-23 14:51:14 UTC

No service that could be analyzed detected on this machine.

ftp.virtualmin.com

IP address 108.60.199.107
Last scan 2024-04-23 14:51:14 UTC

No service that could be analyzed detected on this machine.

software.virtualmin.com

IP address 149.28.242.101
Last scan 2024-04-23 14:51:15 UTC
TLS FTP (port 21)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0
SSH (port 22)
Rules applicable 3
C
A
A!
B
C
D
F
2 0 0 1 0 0
TLS HTTP (port 443)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0

TLS (port 21 – FTP)

Scan details
Versions TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_SEED_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_IDEA_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_MD5 TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_SEED_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (Postfix 2048-bit): 0xf2ea0a012bb967db1d155744be940e859bdba474fb6be6442ab52ef8546703dbf32b7b869fa8241b0acb13fc1c59cc5c2cee7a98063dd648a8add2876584d6f0a62aeb8d7a6c0dc9aceb41c2266f7920171baa5af924a48370e7ea22b6acc69da3cb36cb531351840343c2ecaa760eac7bf9e757cfd2432aeeff5b574aebf746c5e783f9e1115d54a331f36afbea7e6012db1536c54a6d369ba1bdf06558dd082225495a6e9866162576eedb314f174ded6923fccc31ab67d8c2558f9c128538cf586b5a01d3b68bdf8685bc8b550b36b19f38e71d3331a12bf56db8853a44c2aa7c2e8e86664b31dfdf6b7229e63a064561a7976a044042b6f40449c46ed403
  • Generator: 0x5
Certificate start date 2018-07-27 06:18:54 UTC
Certificate expiration date 2018-08-26 06:18:54 UTC
Certificate serial number 10016193776172319625
Certificate issuer CN=software3.virtualmin.com ,O=Self-signed for software3.virtualmin.com ,L=NA,ST=NA,C=NA
Certificate subject CN=software3.virtualmin.com ,O=Self-signed for software3.virtualmin.com ,L=NA,ST=NA,C=NA
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

SSH (port 22)

Scan details
Version string SSH-2.0-OpenSSH_7.4
Encryption algorithms
  • 3des-cbc
  • aes128-cbc
  • aes128-ctr
  • aes128-gcm@openssh.com
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • aes256-gcm@openssh.com
  • blowfish-cbc
  • cast128-cbc
  • chacha20-poly1305@openssh.com
Compression algorithms
  • none
  • zlib@openssh.com
MAC algorithms
  • hmac-sha1
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-512-etm@openssh.com
  • umac-128-etm@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-64@openssh.com
Server host key algorithms
  • ecdsa-sha2-nistp256
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-ed25519
  • ssh-rsa
Key exchange algorithms
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
Server keys
ECDSA secp256r1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPk4PTMjmD6iGqSA0hRWBiAM6I8THGH1DhrFV3FtQcenA+hVldrCFrd+EHuUpdRZhbY49T3hyi8Dm/EzSzG6S2o=
Ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHx+fPwMNnu2ZYg4jbxeEqBB15faIf+Qc7lNNAcExUhj
RSA 2048-bit ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqU1NHmBQNavlQnbAKMA4fgBHxY/87PDmQesVO7/p2AX5xBtHXRhMxFEPPmvoggLV2ixBrAn8YYUsgyOf73FObNS6u1pR11Oh96cUCXY8g5SJGYdXujdIYidAh7an2JYiJ1qsaILqnWHNfChVyscgJZdT9rCWhurQJZh7ZoI08MyomBvz6tfLi1Kamipgb3aazQtlJqbm1fVfh9G/ggV4gdFr66L/+BlFgautY7h81CzVP/D3pi6avzNQXYh4UxLdrY6jGK/IENFEq35CUOj2JAxO8FwvvnyGuPMwnQF9UTOiXjwIC/P4u4fPGgi2ZyWLTFTi5wQFfygtFLYkdpozd test this key
C
Weak cryptography
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

TLS (port 443 – HTTP)

Scan details
Versions TLS 1.2
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff
  • Generator: 0x2
Certificate start date 2023-09-12 16:51:07 UTC
Certificate expiration date 2023-12-11 16:51:06 UTC
Certificate serial number 279503508235384226986805774441936220599460
Certificate issuer CN=R3,O=Let's Encrypt,C=US
Certificate subject CN=software2.virtualmin.com
Certificate SANs
  • software.virtualmin.com
  • software2.virtualmin.com
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

software2.virtualmin.com

IP address 163.172.162.254
Last scan 2024-04-23 14:51:15 UTC

No service that could be analyzed detected on this machine.

srv1.virtualmin.com

IP address 108.60.199.106
Last scan 2024-04-23 14:51:15 UTC

No service that could be analyzed detected on this machine.