Crypto on this site is broken and is likely not to provide enough security.
Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.
D
|
weneedafence.ca | 173.255.231.250 | 2024-04-29 11:53:54 UTC | ||
D
|
weneedafence.ca | 2600:3c03::f03c:91ff:fe08:94f3 | 2024-04-29 11:53:54 UTC | ||
A
|
mx.niner.net | 178.62.195.26 | 2024-04-29 11:53:55 UTC | ||
D
|
ns1.niner.net | 159.203.0.217 | 2024-04-29 11:53:55 UTC | ||
D
|
ns1.niner.net | 2604:a880:cad:d0::6813:4001 | 2024-04-29 11:53:55 UTC | ||
D
|
ns2.niner.net | 159.203.55.78 | 2024-04-29 11:53:55 UTC |
Below we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading. To see the full details of the cryptography offered by a service, click on "show details".
IP address | 173.255.231.250 |
---|---|
Last scan | 2024-04-29 11:53:54 UTC |
Versions | TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2024-01-15 00:00:00 UTC |
Certificate expiration date | 2025-01-15 23:59:59 UTC |
Certificate serial number | 6641180403045079872233749531306882564 |
Certificate issuer | CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US |
Certificate subject | CN=*.niner.net |
Certificate SANs |
|
Trigger | TLS 1.0, TLS 1.1 among the protocols offered by TLS server. |
---|---|
Context |
Recommendation R4 (ANSSI recommendations for TLS) |
Trigger | The server supports anonymous cipher suites. |
---|---|
Context |
Recommendation R5 (ANSSI recommendations for TLS) |
Trigger | The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth. |
---|---|
Context |
Recommendation R28 (ANSSI recommendations for TLS) |
Trigger | The server supports some cipher suites that do not provide forward secrecy. |
---|---|
Context |
Recommendation R6 (ANSSI recommendations for TLS) |
Trigger | The server can exchange keys with an algorithm that is neither ECDHE or DHE. |
---|---|
Context |
Recommendation R7 (ANSSI recommendations for TLS) |
Trigger | The server can be authenticated with: none, RSA. |
---|---|
Context |
Recommendation R8 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not AES, ChaCha20, Camellia or ARIA. |
---|---|
Context |
Recommendation R9 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not GCM or CCM. |
---|---|
Context |
Recommendation R10 (ANSSI recommendations for TLS) |
Trigger | The server can hash data with a hash function that is not of the SHA-2 family. |
---|---|
Context |
Recommendation R11 (ANSSI recommendations for TLS) |
Trigger | Client order is preferred. |
---|---|
Context |
Recommendation R13 (ANSSI recommendations for TLS) |
Trigger | TLS 1.2 supported by the server. |
---|---|
Context |
Recommendation R3 (ANSSI recommendations for TLS) |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
Recommendation R19 (ANSSI recommendations for TLS) |
Trigger | The certificate is signed with SHA-2 |
---|---|
Context |
Recommendation R24 (ANSSI recommendations for TLS) |
Trigger | The expiration date of this certificate is 2025-01-15 23:59:59 UTC. |
---|---|
Context |
Recommendation R25 (ANSSI recommendations for TLS) |
Trigger | The certificate's RSA key has a length of 2048 bits and an exponent of 65537. |
---|---|
Context |
Recommendation R26 (ANSSI recommendations for TLS) |
Trigger | The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature |
---|---|
Context |
Recommendation R27 (ANSSI recommendations for TLS) |
Trigger | Both CRLDP and AIA extensions are present and marked as non-critical. |
---|---|
Context |
Recommendation R33 (ANSSI recommendations for TLS) |
Version string | SSH-2.0-OpenSSH_7.4 |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|
Encryption algorithms |
|
|||||||||
Compression algorithms |
|
|||||||||
MAC algorithms |
|
|||||||||
Server host key algorithms |
|
|||||||||
Key exchange algorithms |
|
|||||||||
Server keys |
|
Versions | SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2024-01-15 00:00:00 UTC |
Certificate expiration date | 2025-01-15 23:59:59 UTC |
Certificate serial number | 6641180403045079872233749531306882564 |
Certificate issuer | CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US |
Certificate subject | CN=*.niner.net |
Certificate SANs |
|
Trigger | TLS 1.0, SSL 3.0, TLS 1.1 among the protocols offered by TLS server. |
---|---|
Context |
Recommendation R4 (ANSSI recommendations for TLS) |
Trigger | The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth. |
---|---|
Context |
Recommendation R28 (ANSSI recommendations for TLS) |
Trigger | The server supports some cipher suites that do not provide forward secrecy. |
---|---|
Context |
Recommendation R6 (ANSSI recommendations for TLS) |
Trigger | The server can exchange keys with an algorithm that is neither ECDHE or DHE. |
---|---|
Context |
Recommendation R7 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not GCM or CCM. |
---|---|
Context |
Recommendation R10 (ANSSI recommendations for TLS) |
Trigger | The server can hash data with a hash function that is not of the SHA-2 family. |
---|---|
Context |
Recommendation R11 (ANSSI recommendations for TLS) |
Trigger | Client order is preferred. |
---|---|
Context |
Recommendation R13 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with Camellia or ARIA. |
---|---|
Context |
Recommendation R9 (ANSSI recommendations for TLS) |
Trigger | TLS 1.2 supported by the server. |
---|---|
Context |
Recommendation R3 (ANSSI recommendations for TLS) |
Trigger | The server can be authenticated with: RSA. |
---|---|
Context |
Recommendation R8 (ANSSI recommendations for TLS) |
Trigger | The server doesn't support any anonymous cipher suite. |
---|---|
Context |
Recommendation R5 (ANSSI recommendations for TLS) |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
Recommendation R19 (ANSSI recommendations for TLS) |
Trigger | The certificate is signed with SHA-2 |
---|---|
Context |
Recommendation R24 (ANSSI recommendations for TLS) |
Trigger | The expiration date of this certificate is 2025-01-15 23:59:59 UTC. |
---|---|
Context |
Recommendation R25 (ANSSI recommendations for TLS) |
Trigger | The certificate's RSA key has a length of 2048 bits and an exponent of 65537. |
---|---|
Context |
Recommendation R26 (ANSSI recommendations for TLS) |
Trigger | The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature |
---|---|
Context |
Recommendation R27 (ANSSI recommendations for TLS) |
Trigger | Both CRLDP and AIA extensions are present and marked as non-critical. |
---|---|
Context |
Recommendation R33 (ANSSI recommendations for TLS) |
IP address | 2600:3c03::f03c:91ff:fe08:94f3 |
---|---|
Last scan | 2024-04-29 11:53:54 UTC |
Versions | TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2024-01-15 00:00:00 UTC |
Certificate expiration date | 2025-01-15 23:59:59 UTC |
Certificate serial number | 6641180403045079872233749531306882564 |
Certificate issuer | CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US |
Certificate subject | CN=*.niner.net |
Certificate SANs |
|
Trigger | TLS 1.0, TLS 1.1 among the protocols offered by TLS server. |
---|---|
Context |
Recommendation R4 (ANSSI recommendations for TLS) |
Trigger | The server supports anonymous cipher suites. |
---|---|
Context |
Recommendation R5 (ANSSI recommendations for TLS) |
Trigger | The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth. |
---|---|
Context |
Recommendation R28 (ANSSI recommendations for TLS) |
Trigger | The server supports some cipher suites that do not provide forward secrecy. |
---|---|
Context |
Recommendation R6 (ANSSI recommendations for TLS) |
Trigger | The server can exchange keys with an algorithm that is neither ECDHE or DHE. |
---|---|
Context |
Recommendation R7 (ANSSI recommendations for TLS) |
Trigger | The server can be authenticated with: none, RSA. |
---|---|
Context |
Recommendation R8 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not AES, ChaCha20, Camellia or ARIA. |
---|---|
Context |
Recommendation R9 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not GCM or CCM. |
---|---|
Context |
Recommendation R10 (ANSSI recommendations for TLS) |
Trigger | The server can hash data with a hash function that is not of the SHA-2 family. |
---|---|
Context |
Recommendation R11 (ANSSI recommendations for TLS) |
Trigger | Client order is preferred. |
---|---|
Context |
Recommendation R13 (ANSSI recommendations for TLS) |
Trigger | TLS 1.2 supported by the server. |
---|---|
Context |
Recommendation R3 (ANSSI recommendations for TLS) |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
Recommendation R19 (ANSSI recommendations for TLS) |
Trigger | The certificate is signed with SHA-2 |
---|---|
Context |
Recommendation R24 (ANSSI recommendations for TLS) |
Trigger | The expiration date of this certificate is 2025-01-15 23:59:59 UTC. |
---|---|
Context |
Recommendation R25 (ANSSI recommendations for TLS) |
Trigger | The certificate's RSA key has a length of 2048 bits and an exponent of 65537. |
---|---|
Context |
Recommendation R26 (ANSSI recommendations for TLS) |
Trigger | The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature |
---|---|
Context |
Recommendation R27 (ANSSI recommendations for TLS) |
Trigger | Both CRLDP and AIA extensions are present and marked as non-critical. |
---|---|
Context |
Recommendation R33 (ANSSI recommendations for TLS) |
Version string | SSH-2.0-OpenSSH_7.4 |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|
Encryption algorithms |
|
|||||||||
Compression algorithms |
|
|||||||||
MAC algorithms |
|
|||||||||
Server host key algorithms |
|
|||||||||
Key exchange algorithms |
|
|||||||||
Server keys |
|
Versions | SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2024-01-15 00:00:00 UTC |
Certificate expiration date | 2025-01-15 23:59:59 UTC |
Certificate serial number | 6641180403045079872233749531306882564 |
Certificate issuer | CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US |
Certificate subject | CN=*.niner.net |
Certificate SANs |
|
Trigger | TLS 1.0, SSL 3.0, TLS 1.1 among the protocols offered by TLS server. |
---|---|
Context |
Recommendation R4 (ANSSI recommendations for TLS) |
Trigger | The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth. |
---|---|
Context |
Recommendation R28 (ANSSI recommendations for TLS) |
Trigger | The server supports some cipher suites that do not provide forward secrecy. |
---|---|
Context |
Recommendation R6 (ANSSI recommendations for TLS) |
Trigger | The server can exchange keys with an algorithm that is neither ECDHE or DHE. |
---|---|
Context |
Recommendation R7 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not GCM or CCM. |
---|---|
Context |
Recommendation R10 (ANSSI recommendations for TLS) |
Trigger | The server can hash data with a hash function that is not of the SHA-2 family. |
---|---|
Context |
Recommendation R11 (ANSSI recommendations for TLS) |
Trigger | Client order is preferred. |
---|---|
Context |
Recommendation R13 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with Camellia or ARIA. |
---|---|
Context |
Recommendation R9 (ANSSI recommendations for TLS) |
Trigger | TLS 1.2 supported by the server. |
---|---|
Context |
Recommendation R3 (ANSSI recommendations for TLS) |
Trigger | The server can be authenticated with: RSA. |
---|---|
Context |
Recommendation R8 (ANSSI recommendations for TLS) |
Trigger | The server doesn't support any anonymous cipher suite. |
---|---|
Context |
Recommendation R5 (ANSSI recommendations for TLS) |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
Recommendation R19 (ANSSI recommendations for TLS) |
Trigger | The certificate is signed with SHA-2 |
---|---|
Context |
Recommendation R24 (ANSSI recommendations for TLS) |
Trigger | The expiration date of this certificate is 2025-01-15 23:59:59 UTC. |
---|---|
Context |
Recommendation R25 (ANSSI recommendations for TLS) |
Trigger | The certificate's RSA key has a length of 2048 bits and an exponent of 65537. |
---|---|
Context |
Recommendation R26 (ANSSI recommendations for TLS) |
Trigger | The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature |
---|---|
Context |
Recommendation R27 (ANSSI recommendations for TLS) |
Trigger | Both CRLDP and AIA extensions are present and marked as non-critical. |
---|---|
Context |
Recommendation R33 (ANSSI recommendations for TLS) |
IP address | 178.62.195.26 |
---|---|
Last scan | 2024-04-29 11:53:55 UTC |
Version string | SSH-2.0-OpenSSH_7.4 |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|
Encryption algorithms |
|
|||||||||
Compression algorithms |
|
|||||||||
MAC algorithms |
|
|||||||||
Server host key algorithms |
|
|||||||||
Key exchange algorithms |
|
|||||||||
Server keys |
|
IP address | 159.203.0.217 |
---|---|
Last scan | 2024-04-29 11:53:55 UTC |
Version string | SSH-2.0-OpenSSH_7.4 |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|
Encryption algorithms |
|
|||||||||
Compression algorithms |
|
|||||||||
MAC algorithms |
|
|||||||||
Server host key algorithms |
|
|||||||||
Key exchange algorithms |
|
|||||||||
Server keys |
|
Versions | SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2024-01-15 00:00:00 UTC |
Certificate expiration date | 2025-01-15 23:59:59 UTC |
Certificate serial number | 6641180403045079872233749531306882564 |
Certificate issuer | CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US |
Certificate subject | CN=*.niner.net |
Certificate SANs |
|
Trigger | TLS 1.0, SSL 3.0, TLS 1.1 among the protocols offered by TLS server. |
---|---|
Context |
Recommendation R4 (ANSSI recommendations for TLS) |
Trigger | The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth. |
---|---|
Context |
Recommendation R28 (ANSSI recommendations for TLS) |
Trigger | The server supports some cipher suites that do not provide forward secrecy. |
---|---|
Context |
Recommendation R6 (ANSSI recommendations for TLS) |
Trigger | The server can exchange keys with an algorithm that is neither ECDHE or DHE. |
---|---|
Context |
Recommendation R7 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not AES, ChaCha20, Camellia or ARIA. |
---|---|
Context |
Recommendation R9 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not GCM or CCM. |
---|---|
Context |
Recommendation R10 (ANSSI recommendations for TLS) |
Trigger | The server can hash data with a hash function that is not of the SHA-2 family. |
---|---|
Context |
Recommendation R11 (ANSSI recommendations for TLS) |
Trigger | Client order is preferred. |
---|---|
Context |
Recommendation R13 (ANSSI recommendations for TLS) |
Trigger | TLS 1.2 supported by the server. |
---|---|
Context |
Recommendation R3 (ANSSI recommendations for TLS) |
Trigger | The server can be authenticated with: RSA. |
---|---|
Context |
Recommendation R8 (ANSSI recommendations for TLS) |
Trigger | The server doesn't support any anonymous cipher suite. |
---|---|
Context |
Recommendation R5 (ANSSI recommendations for TLS) |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
Recommendation R19 (ANSSI recommendations for TLS) |
Trigger | The certificate is signed with SHA-2 |
---|---|
Context |
Recommendation R24 (ANSSI recommendations for TLS) |
Trigger | The expiration date of this certificate is 2025-01-15 23:59:59 UTC. |
---|---|
Context |
Recommendation R25 (ANSSI recommendations for TLS) |
Trigger | The certificate's RSA key has a length of 2048 bits and an exponent of 65537. |
---|---|
Context |
Recommendation R26 (ANSSI recommendations for TLS) |
Trigger | The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature |
---|---|
Context |
Recommendation R27 (ANSSI recommendations for TLS) |
Trigger | Both CRLDP and AIA extensions are present and marked as non-critical. |
---|---|
Context |
Recommendation R33 (ANSSI recommendations for TLS) |
IP address | 2604:a880:cad:d0::6813:4001 |
---|---|
Last scan | 2024-04-29 11:53:55 UTC |
Version string | SSH-2.0-OpenSSH_7.4 |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|
Encryption algorithms |
|
|||||||||
Compression algorithms |
|
|||||||||
MAC algorithms |
|
|||||||||
Server host key algorithms |
|
|||||||||
Key exchange algorithms |
|
|||||||||
Server keys |
|
Versions | SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2024-01-15 00:00:00 UTC |
Certificate expiration date | 2025-01-15 23:59:59 UTC |
Certificate serial number | 6641180403045079872233749531306882564 |
Certificate issuer | CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US |
Certificate subject | CN=*.niner.net |
Certificate SANs |
|
Trigger | TLS 1.0, SSL 3.0, TLS 1.1 among the protocols offered by TLS server. |
---|---|
Context |
Recommendation R4 (ANSSI recommendations for TLS) |
Trigger | The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth. |
---|---|
Context |
Recommendation R28 (ANSSI recommendations for TLS) |
Trigger | The server supports some cipher suites that do not provide forward secrecy. |
---|---|
Context |
Recommendation R6 (ANSSI recommendations for TLS) |
Trigger | The server can exchange keys with an algorithm that is neither ECDHE or DHE. |
---|---|
Context |
Recommendation R7 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not AES, ChaCha20, Camellia or ARIA. |
---|---|
Context |
Recommendation R9 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not GCM or CCM. |
---|---|
Context |
Recommendation R10 (ANSSI recommendations for TLS) |
Trigger | The server can hash data with a hash function that is not of the SHA-2 family. |
---|---|
Context |
Recommendation R11 (ANSSI recommendations for TLS) |
Trigger | Client order is preferred. |
---|---|
Context |
Recommendation R13 (ANSSI recommendations for TLS) |
Trigger | TLS 1.2 supported by the server. |
---|---|
Context |
Recommendation R3 (ANSSI recommendations for TLS) |
Trigger | The server can be authenticated with: RSA. |
---|---|
Context |
Recommendation R8 (ANSSI recommendations for TLS) |
Trigger | The server doesn't support any anonymous cipher suite. |
---|---|
Context |
Recommendation R5 (ANSSI recommendations for TLS) |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
Recommendation R19 (ANSSI recommendations for TLS) |
Trigger | The certificate is signed with SHA-2 |
---|---|
Context |
Recommendation R24 (ANSSI recommendations for TLS) |
Trigger | The expiration date of this certificate is 2025-01-15 23:59:59 UTC. |
---|---|
Context |
Recommendation R25 (ANSSI recommendations for TLS) |
Trigger | The certificate's RSA key has a length of 2048 bits and an exponent of 65537. |
---|---|
Context |
Recommendation R26 (ANSSI recommendations for TLS) |
Trigger | The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature |
---|---|
Context |
Recommendation R27 (ANSSI recommendations for TLS) |
Trigger | Both CRLDP and AIA extensions are present and marked as non-critical. |
---|---|
Context |
Recommendation R33 (ANSSI recommendations for TLS) |
IP address | 159.203.55.78 |
---|---|
Last scan | 2024-04-29 11:53:55 UTC |
Version string | SSH-2.0-OpenSSH_7.4 |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|
Encryption algorithms |
|
|||||||||
Compression algorithms |
|
|||||||||
MAC algorithms |
|
|||||||||
Server host key algorithms |
|
|||||||||
Key exchange algorithms |
|
|||||||||
Server keys |
|
Versions | SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 |
---|---|
Fallback SCSV | Supported |
Ciphers |
|
Cipher order | Client |
Compression |
|
Certificate key | RSA 2048-bit test this key |
Hash algorithm | SHA-256 |
Diffie-Hellman |
|
Certificate start date | 2024-01-15 00:00:00 UTC |
Certificate expiration date | 2025-01-15 23:59:59 UTC |
Certificate serial number | 6641180403045079872233749531306882564 |
Certificate issuer | CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US |
Certificate subject | CN=*.niner.net |
Certificate SANs |
|
Trigger | TLS 1.0, SSL 3.0, TLS 1.1 among the protocols offered by TLS server. |
---|---|
Context |
Recommendation R4 (ANSSI recommendations for TLS) |
Trigger | The ExtendedKeyUsage extension is marked as non-critical and has the following values: clientAuth, serverAuth. |
---|---|
Context |
Recommendation R28 (ANSSI recommendations for TLS) |
Trigger | The server supports some cipher suites that do not provide forward secrecy. |
---|---|
Context |
Recommendation R6 (ANSSI recommendations for TLS) |
Trigger | The server can exchange keys with an algorithm that is neither ECDHE or DHE. |
---|---|
Context |
Recommendation R7 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not AES, ChaCha20, Camellia or ARIA. |
---|---|
Context |
Recommendation R9 (ANSSI recommendations for TLS) |
Trigger | The server can encrypt bulk data with a mechanism that is not GCM or CCM. |
---|---|
Context |
Recommendation R10 (ANSSI recommendations for TLS) |
Trigger | The server can hash data with a hash function that is not of the SHA-2 family. |
---|---|
Context |
Recommendation R11 (ANSSI recommendations for TLS) |
Trigger | Client order is preferred. |
---|---|
Context |
Recommendation R13 (ANSSI recommendations for TLS) |
Trigger | TLS 1.2 supported by the server. |
---|---|
Context |
Recommendation R3 (ANSSI recommendations for TLS) |
Trigger | The server can be authenticated with: RSA. |
---|---|
Context |
Recommendation R8 (ANSSI recommendations for TLS) |
Trigger | The server doesn't support any anonymous cipher suite. |
---|---|
Context |
Recommendation R5 (ANSSI recommendations for TLS) |
Trigger | This service supports the following compression algorithms: NULL. |
---|---|
Context |
Recommendation R19 (ANSSI recommendations for TLS) |
Trigger | The certificate is signed with SHA-2 |
---|---|
Context |
Recommendation R24 (ANSSI recommendations for TLS) |
Trigger | The expiration date of this certificate is 2025-01-15 23:59:59 UTC. |
---|---|
Context |
Recommendation R25 (ANSSI recommendations for TLS) |
Trigger | The certificate's RSA key has a length of 2048 bits and an exponent of 65537. |
---|---|
Context |
Recommendation R26 (ANSSI recommendations for TLS) |
Trigger | The KeyUsage extension is marked as critical and has the following values: keyEncipherment, digitalSignature |
---|---|
Context |
Recommendation R27 (ANSSI recommendations for TLS) |
Trigger | Both CRLDP and AIA extensions are present and marked as non-critical. |
---|---|
Context |
Recommendation R33 (ANSSI recommendations for TLS) |