Report for virtualmin.com produced at 2024-04-26 01:11:10 UTC using the Cryptosense 2019 standard.
For more information on coverage, go to discovery.cryptosense.com/faq. If you have any suggestions for improving this report, please send us an email at discovery@cryptosense.com.
Crypto on this site is broken and is likely not to provide enough security.
Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.
-
|
virtualmin.com | 198.154.100.99 | 2024-04-25 13:31:58 UTC |
-
|
jamie.cloud.virtualmin.com | 108.60.199.109 | 2024-04-25 13:31:58 UTC |
-
|
ns.cloud.virtualmin.com | 108.60.199.108 | 2024-04-25 13:31:58 UTC |
-
|
ns2.cloud.virtualmin.com | 108.60.199.116 | 2024-04-25 13:31:58 UTC |
-
|
docs.virtualmin.com | 198.154.100.100 | 2024-04-25 13:31:58 UTC |
-
|
ftp.virtualmin.com | 108.60.199.107 | 2024-04-25 13:31:58 UTC |
D
|
software.virtualmin.com | 149.28.242.101 | 2024-04-25 13:31:58 UTC |
-
|
software2.virtualmin.com | 163.172.162.254 | 2024-04-25 13:31:58 UTC |
-
|
srv1.virtualmin.com | 108.60.199.106 | 2024-04-25 13:31:59 UTC |
In the next pages, we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading and, if applicable, instructions on how to fix it.
IP address | 198.154.100.99 |
---|---|
Last scan | 2024-04-25 13:31:58 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.109 |
---|---|
Last scan | 2024-04-25 13:31:58 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.108 |
---|---|
Last scan | 2024-04-25 13:31:58 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.116 |
---|---|
Last scan | 2024-04-25 13:31:58 UTC |
No service that could be analyzed detected on this machine.
IP address | 198.154.100.100 |
---|---|
Last scan | 2024-04-25 13:31:58 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.107 |
---|---|
Last scan | 2024-04-25 13:31:58 UTC |
No service that could be analyzed detected on this machine.
IP address | 149.28.242.101 |
---|---|
Last scan | 2024-04-25 13:31:58 UTC |
Versions | TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2018-07-27 06:18:54 UTC |
Certificate expiration date | 2018-08-26 06:18:54 UTC |
Certificate serial number | 10016193776172319625 |
Certificate issuer | CN=software3.virtualmin.com ,O=Self-signed for software3.virtualmin.com ,L=NA,ST=NA,C=NA |
Certificate subject | CN=software3.virtualmin.com ,O=Self-signed for software3.virtualmin.com ,L=NA,ST=NA,C=NA |
Trigger | The expiration date of this certificate is 2018-08-26 06:18:54 UTC. |
---|---|
Context |
Each certificate defines a validity period. Outside of this period, it is not valid. In particular, no revocation information will be kept about an expired certificate. |
Trigger | The server supports a cipher suite containing the RC4 cipher. |
---|---|
Context |
RC4 is a stream cipher in which significant weaknesses have been found. The use of this cipher in any protocol has been discouraged by ECRYPT as of 2014 (ECRYPT 2016 report). In TLS, cipher suites using RC4 have been deprecated as of February 2015 (RFC 7465). |
Trigger | The server supports a cipher suite containing the 3DES cipher. |
---|---|
Context |
Three-key-3DES is a cipher with 168-bit keys but an effective key length of 112 bits because of a meet-in-the-middle attack. This is considered enough only for legacy. Furthermore, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info). |
Trigger | The server uses a 2048-bit RSA key. |
---|---|
Context |
RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems. |
Trigger | The server uses a commonly-shared 2048-bit Diffie-Hellman group. |
---|---|
Context |
Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org). |
Trigger | TLS 1.0 among the protocols offered by TLS server. |
---|---|
Context |
TLS 1.0 is discouraged by PCI-DSS and has been considered non-compliant since June 2018 (PCI-DSS v3.2). |
Version string | SSH-2.0-OpenSSH_7.4 |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|
Encryption algorithms |
|
|||||||||
Compression algorithms |
|
|||||||||
MAC algorithms |
|
|||||||||
Server host key algorithms |
|
|||||||||
Key exchange algorithms |
|
|||||||||
Server keys |
|
Trigger | The server supports the "diffie-hellman-group1-sha1" algorithm. |
---|---|
Context |
The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253). For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org). Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. |
Trigger | The server supports the 3DES cipher. |
---|---|
Context |
Three-key-3DES is a cipher with 168-bit keys but an effective key length of 112 bits because of a meet-in-the-middle attack. This is considered enough only for legacy. Furthermore, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info). In SSH, there seem to be no advantage to using 3DES over more secure and more supported ciphers. |
Trigger | The server supports the Blowfish cipher. |
---|---|
Context |
Blowfish is a block cipher with a 64-bit block size. In SSH, Blowfish is used with 128-bit keys. However, its 64-bit block size, can be insufficient for some applications, for example because of birthday attacks (sweet32.info). There are also some cryptanalytic results on reduced-round versions (though no practical attacks). There seem to be no advantage to using it over more secure and more widely supported ciphers. |
Trigger | The server supports the CAST-128 cipher. |
---|---|
Context |
In SSH, CAST-128 is used with 128-bit keys. However, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks (sweet32.info). There seem to be no advantage to using it over more secure and more widely supported ciphers. |
Trigger | The server uses a 2048-bit RSA key. |
---|---|
Context |
RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems. |
Versions | TLS 1.2 |
---|---|
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2023-09-12 16:51:07 UTC |
Certificate expiration date | 2023-12-11 16:51:06 UTC |
Certificate serial number | 279503508235384226986805774441936220599460 |
Certificate issuer | CN=R3,O=Let's Encrypt,C=US |
Certificate subject | CN=software2.virtualmin.com |
Certificate SANs |
|
Trigger | The expiration date of this certificate is 2023-12-11 16:51:06 UTC. |
---|---|
Context |
Each certificate defines a validity period. Outside of this period, it is not valid. In particular, no revocation information will be kept about an expired certificate. |
Trigger | The server uses a 2048-bit RSA key. |
---|---|
Context |
RSA keys must be long enough to provide reasonable security against brute-force attack by factoring. While 2048-bit keys are fine today, a minimum of 3072-bit is recommended by ECRYPT for new systems. |
Trigger | The server uses a commonly-shared 2048-bit Diffie-Hellman group. |
---|---|
Context |
Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. For security, a 2048-bit group is reasonable although ECRYPT recommends a group size of at least 3072 bits (ECRYPT 2016 report). The use of commonly-shared 1024-bit groups such as Oakley group 2 is especially discouraged because of possible precomputation attacks (weakdh.org). |
IP address | 163.172.162.254 |
---|---|
Last scan | 2024-04-25 13:31:58 UTC |
No service that could be analyzed detected on this machine.
IP address | 108.60.199.106 |
---|---|
Last scan | 2024-04-25 13:31:59 UTC |
No service that could be analyzed detected on this machine.