Cryptosense Discovery

weneedafence.ca

IP address	173.255.231.250
Last scan	2024-04-29 11:53:54 UTC

TLS FTP (port 21)

Rules applicable 4

B

A	A^!	B	C	D	F
3	0	1	0	0	0

SSH (port 22)

Rules applicable 3

C

A	A^!	B	C	D	F
2	0	0	1	0	0

TLS HTTP (port 443)

Rules applicable 4

B

A	A^!	B	C	D	F
3	0	1	0	0	0

TLS (port 21 – FTP)

Show scan details

Versions	TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV	Supported
Ciphers	`TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_SEED_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_RC4_128_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDH_anon_WITH_AES_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDH_anon_WITH_AES_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDH_anon_WITH_RC4_128_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_3DES_EDE_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_CAMELLIA_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_CAMELLIA_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_IDEA_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_RC4_128_MD5` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_RC4_128_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_SEED_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2
Cipher order	Client
Compression	`NULL` TLS 1.0, TLS 1.1, TLS 1.2
Certificate key	RSA 2048-bit test this key
Hash algorithm	SHA-256
Diffie-Hellman	Group (Postfix 2048-bit): 0xf2ea0a012bb967db1d155744be940e859bdba474fb6be6442ab52ef8546703dbf32b7b869fa8241b0acb13fc1c59cc5c2cee7a98063dd648a8add2876584d6f0a62aeb8d7a6c0dc9aceb41c2266f7920171baa5af924a48370e7ea22b6acc69da3cb36cb531351840343c2ecaa760eac7bf9e757cfd2432aeeff5b574aebf746c5e783f9e1115d54a331f36afbea7e6012db1536c54a6d369ba1bdf06558dd082225495a6e9866162576eedb314f174ded6923fccc31ab67d8c2558f9c128538cf586b5a01d3b68bdf8685bc8b550b36b19f38e71d3331a12bf56db8853a44c2aa7c2e8e86664b31dfdf6b7229e63a064561a7976a044042b6f40449c46ed403 Generator: 0x5
Certificate start date	2024-01-15 00:00:00 UTC
Certificate expiration date	2025-01-15 23:59:59 UTC
Certificate serial number	6641180403045079872233749531306882564
Certificate issuer	CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject	CN=*.niner.net
Certificate SANs	`*.niner.net` `niner.net`

Trigger	The server uses a 2048-bit Diffie-Hellman group.
Context	Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger

The server uses a 2048-bit Diffie-Hellman group.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support any cipher suites containing the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The hash used for the certificate is SHA-256.
Context	NIST considers SHA-512 as the only hash algorithm providing security for long-term use. Algorithms SHA-256 and SHA-384 are acceptable for near-term use and SHA-1 should not be used (NIST SP 800-57, Part 1, Rev. 3).

SSH (port 22)

Show scan details

Version string SSH-2.0-OpenSSH_7.4

Encryption algorithms

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com

Compression algorithms

none
zlib@openssh.com

MAC algorithms

hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

Server host key algorithms

ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa

Key exchange algorithms

curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

Server keys

ECDSA secp256r1	ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN0tuooyTmop1SMOlpgFZUq+7TUEo3f1zcNrHYjaze44DhysbFSGUKT86BBZS0pGDyjgI2kMCWV7mWaOP+EJa90=
Ed25519	ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAION+OpWD39dI5deAPtpVjg9qK/2Tk2EXT/6Ji+SxG0R7
RSA 2048-bit	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwcgm8X7SHrAxa2OyjW/YSlw4G/pkxuGjVlELA84hsKCr3TQBp6tseILcsRX8lfF95AN/uP26Fh7ForuG2eafqJ8J9KWXlshqnGf4ddGhEGWRyN2wzRo0zQF9eNbaYS+LGFG0r0Jthy2BGcm20HGQ2SHE0XPRDUkOy/G5mTZYb29sTZ2GbbfT8h9HfWzICytERv/6uP1L0vS86+JorweiAisdZLtf6Pv+dH5uTIa6qgWKb8YFFTKFT5YDmkFHIAa5XIkkJfhUbcGTOwvmH6U4ZdKmOPqOAXAytWjoxuZLjl9j/eW/I0fl8tshPttVRZA80Zmm12Gzvwx4Btc4dgg0v	test this key

Trigger	The server supports the "diffie-hellman-group1-sha1" algorithm.
Context	Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3). The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger

The server supports the "diffie-hellman-group1-sha1" algorithm.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

TLS (port 443 – HTTP)

Show scan details

Versions	SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV	Supported
Ciphers	`TLS_DHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order	Client
Compression	`NULL` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key	RSA 2048-bit test this key
Hash algorithm	SHA-256
Diffie-Hellman	Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff Generator: 0x2
Certificate start date	2024-01-15 00:00:00 UTC
Certificate expiration date	2025-01-15 23:59:59 UTC
Certificate serial number	6641180403045079872233749531306882564
Certificate issuer	CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject	CN=*.niner.net
Certificate SANs	`*.niner.net` `niner.net`

Trigger	The server uses a 2048-bit Diffie-Hellman group.
Context	Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger

The server uses a 2048-bit Diffie-Hellman group.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support any cipher suites containing the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The hash used for the certificate is SHA-256.
Context	NIST considers SHA-512 as the only hash algorithm providing security for long-term use. Algorithms SHA-256 and SHA-384 are acceptable for near-term use and SHA-1 should not be used (NIST SP 800-57, Part 1, Rev. 3).

weneedafence.ca

IP address	2600:3c03::f03c:91ff:fe08:94f3
Last scan	2024-04-29 11:53:54 UTC

TLS FTP (port 21)

Rules applicable 4

B

A	A^!	B	C	D	F
3	0	1	0	0	0

SSH (port 22)

Rules applicable 3

C

A	A^!	B	C	D	F
2	0	0	1	0	0

TLS HTTP (port 443)

Rules applicable 4

B

A	A^!	B	C	D	F
3	0	1	0	0	0

TLS (port 21 – FTP)

Show scan details

Versions	TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV	Supported
Ciphers	`TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_SEED_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_RC4_128_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDH_anon_WITH_AES_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDH_anon_WITH_AES_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDH_anon_WITH_RC4_128_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_3DES_EDE_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_CAMELLIA_128_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_CAMELLIA_256_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_IDEA_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_RC4_128_MD5` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_RC4_128_SHA` TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_SEED_CBC_SHA` TLS 1.0, TLS 1.1, TLS 1.2
Cipher order	Client
Compression	`NULL` TLS 1.0, TLS 1.1, TLS 1.2
Certificate key	RSA 2048-bit test this key
Hash algorithm	SHA-256
Diffie-Hellman	Group (Postfix 2048-bit): 0xf2ea0a012bb967db1d155744be940e859bdba474fb6be6442ab52ef8546703dbf32b7b869fa8241b0acb13fc1c59cc5c2cee7a98063dd648a8add2876584d6f0a62aeb8d7a6c0dc9aceb41c2266f7920171baa5af924a48370e7ea22b6acc69da3cb36cb531351840343c2ecaa760eac7bf9e757cfd2432aeeff5b574aebf746c5e783f9e1115d54a331f36afbea7e6012db1536c54a6d369ba1bdf06558dd082225495a6e9866162576eedb314f174ded6923fccc31ab67d8c2558f9c128538cf586b5a01d3b68bdf8685bc8b550b36b19f38e71d3331a12bf56db8853a44c2aa7c2e8e86664b31dfdf6b7229e63a064561a7976a044042b6f40449c46ed403 Generator: 0x5
Certificate start date	2024-01-15 00:00:00 UTC
Certificate expiration date	2025-01-15 23:59:59 UTC
Certificate serial number	6641180403045079872233749531306882564
Certificate issuer	CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject	CN=*.niner.net
Certificate SANs	`*.niner.net` `niner.net`

Trigger	The server uses a 2048-bit Diffie-Hellman group.
Context	Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger

The server uses a 2048-bit Diffie-Hellman group.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support any cipher suites containing the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The hash used for the certificate is SHA-256.
Context	NIST considers SHA-512 as the only hash algorithm providing security for long-term use. Algorithms SHA-256 and SHA-384 are acceptable for near-term use and SHA-1 should not be used (NIST SP 800-57, Part 1, Rev. 3).

SSH (port 22)

Show scan details

Version string SSH-2.0-OpenSSH_7.4

Encryption algorithms

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com

Compression algorithms

none
zlib@openssh.com

MAC algorithms

hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

Server host key algorithms

ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa

Key exchange algorithms

curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

Server keys

ECDSA secp256r1	ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN0tuooyTmop1SMOlpgFZUq+7TUEo3f1zcNrHYjaze44DhysbFSGUKT86BBZS0pGDyjgI2kMCWV7mWaOP+EJa90=
Ed25519	ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAION+OpWD39dI5deAPtpVjg9qK/2Tk2EXT/6Ji+SxG0R7
RSA 2048-bit	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwcgm8X7SHrAxa2OyjW/YSlw4G/pkxuGjVlELA84hsKCr3TQBp6tseILcsRX8lfF95AN/uP26Fh7ForuG2eafqJ8J9KWXlshqnGf4ddGhEGWRyN2wzRo0zQF9eNbaYS+LGFG0r0Jthy2BGcm20HGQ2SHE0XPRDUkOy/G5mTZYb29sTZ2GbbfT8h9HfWzICytERv/6uP1L0vS86+JorweiAisdZLtf6Pv+dH5uTIa6qgWKb8YFFTKFT5YDmkFHIAa5XIkkJfhUbcGTOwvmH6U4ZdKmOPqOAXAytWjoxuZLjl9j/eW/I0fl8tshPttVRZA80Zmm12Gzvwx4Btc4dgg0v	test this key

Trigger	The server supports the "diffie-hellman-group1-sha1" algorithm.
Context	Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3). The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger

The server supports the "diffie-hellman-group1-sha1" algorithm.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

TLS (port 443 – HTTP)

Show scan details

Versions	SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV	Supported
Ciphers	`TLS_DHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order	Client
Compression	`NULL` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key	RSA 2048-bit test this key
Hash algorithm	SHA-256
Diffie-Hellman	Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff Generator: 0x2
Certificate start date	2024-01-15 00:00:00 UTC
Certificate expiration date	2025-01-15 23:59:59 UTC
Certificate serial number	6641180403045079872233749531306882564
Certificate issuer	CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject	CN=*.niner.net
Certificate SANs	`*.niner.net` `niner.net`

Trigger	The server uses a 2048-bit Diffie-Hellman group.
Context	Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger

The server uses a 2048-bit Diffie-Hellman group.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support any cipher suites containing the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The hash used for the certificate is SHA-256.
Context	NIST considers SHA-512 as the only hash algorithm providing security for long-term use. Algorithms SHA-256 and SHA-384 are acceptable for near-term use and SHA-1 should not be used (NIST SP 800-57, Part 1, Rev. 3).

mx.niner.net

IP address	178.62.195.26
Last scan	2024-04-29 11:53:55 UTC

SSH (port 22)

Rules applicable 3

C

A	A^!	B	C	D	F
2	0	0	1	0	0

SSH (port 22)

Show scan details

Version string SSH-2.0-OpenSSH_7.4

Encryption algorithms

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com

Compression algorithms

none
zlib@openssh.com

MAC algorithms

hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

Server host key algorithms

ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa

Key exchange algorithms

curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

Server keys

ECDSA secp256r1	ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHYYd+kBO6jwjLNoj3TAQSFYJYz86NtX6L3QcipDf3BFGbPitRMsi0eNzil1FSCqwMIB9R/JcRszjwxBxYzSjLc=
Ed25519	ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO6YHy4s5QEufeo5VbXfDKtyHVuAkiYn4lJifWdUtoA
RSA 2048-bit	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDHPJDW8jaJw9GWogXC8gmYDdLGcOw+tGwZ7R6i+uonoGdP4IRI85Gm80zVtD1L2w3iMM2Lzq0Zdlg4Ck2WzEKmpoUISq3Hl+3c5TAmY8/ixiFxiRFtZ2wWenZp8rK+BFxKfRmOZN3nJJeBhI6eAcWCMaaSyS2I8BV/oSXM1/oi4S3RGd9GTCUUwP1gBJsxxd8qqBCHXMNT7jtLTUtakIlnANDLmfP/kzJ/U0LFw3WlWb5FJOhncfQf+fCbukuFbbBMYRQ8qjXHepH+aGxTIVhnizki5r0wEWuGWv8QP+9N9wUL5aTOeU9gquNVrK57C42icje4h9ujGLRgh+9t8TT	test this key

Trigger	The server supports the "diffie-hellman-group1-sha1" algorithm.
Context	Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy. NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3). The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger

The server supports the "diffie-hellman-group1-sha1" algorithm.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

ns1.niner.net

IP address	159.203.0.217
Last scan	2024-04-29 11:53:55 UTC

SSH (port 22)

Rules applicable 3

C

A	A^!	B	C	D	F
2	0	0	1	0	0

TLS HTTP (port 443)

Rules applicable 4

B

A	A^!	B	C	D	F
3	0	1	0	0	0

SSH (port 22)

Show scan details

Version string SSH-2.0-OpenSSH_7.4

Encryption algorithms

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com

Compression algorithms

none
zlib@openssh.com

MAC algorithms

hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

Server host key algorithms

ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa

Key exchange algorithms

curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

Server keys

ECDSA secp256r1	ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHHbPHnJjHn7qSYZv0iDxXxCgGOCaTopbLVB6MpCLCygT3KMcYEJUYCRU+U3mrez03eXgKM4jsFUiqJKaqO0UO4=
Ed25519	ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWJRjQ5AbCkXVk1zPPhvHKnzZdrMfCF9XbXPHecv+zg
RSA 2048-bit	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSlxXWaY1TubE61mcktR+Wo32EMGG8M5ADLgBTNZIZQLi2idMBjhpEZ9I7jrndSVoXUPmd2GAW20i236oGoSw7kmlgMF6XxrUaQ0MO/iMZ00k3Xlvj3EPWm6/h2g9QrzDwmd1pjyJYsn28KpoMj5pkZQK7XKc/BTwec7P/LcwCpqy7IvRYgRPMxbHa8XSYheBeHn8bPKdVWT/DtzeNO04ROSwiK3XMoq34fZLkFAd/vyje+yLxek8XUmiJGVYnUAY4WnmHPxcCvkCLB36DGvjPXHx/BRTQJBIvVAIuOfS0979yfNb43XGeeQQbH1nLDdvKr0IWwC4DoQbjEn3tyETR	test this key

Trigger

The server supports the "diffie-hellman-group1-sha1" algorithm.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

TLS (port 443 – HTTP)

Show scan details

Versions	SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV	Supported
Ciphers	`TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_RC4_128_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_RC4_128_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order	Client
Compression	`NULL` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key	RSA 2048-bit test this key
Hash algorithm	SHA-256
Diffie-Hellman	Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff Generator: 0x2
Certificate start date	2024-01-15 00:00:00 UTC
Certificate expiration date	2025-01-15 23:59:59 UTC
Certificate serial number	6641180403045079872233749531306882564
Certificate issuer	CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject	CN=*.niner.net
Certificate SANs	`*.niner.net` `niner.net`

Trigger

The server uses a 2048-bit Diffie-Hellman group.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support any cipher suites containing the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The hash used for the certificate is SHA-256.
Context	NIST considers SHA-512 as the only hash algorithm providing security for long-term use. Algorithms SHA-256 and SHA-384 are acceptable for near-term use and SHA-1 should not be used (NIST SP 800-57, Part 1, Rev. 3).

ns1.niner.net

IP address	2604:a880:cad:d0::6813:4001
Last scan	2024-04-29 11:53:55 UTC

SSH (port 22)

Rules applicable 3

C

A	A^!	B	C	D	F
2	0	0	1	0	0

TLS HTTP (port 443)

Rules applicable 4

B

A	A^!	B	C	D	F
3	0	1	0	0	0

SSH (port 22)

Show scan details

Version string SSH-2.0-OpenSSH_7.4

Encryption algorithms

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com

Compression algorithms

none
zlib@openssh.com

MAC algorithms

hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

Server host key algorithms

ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa

Key exchange algorithms

curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

Server keys

ECDSA secp256r1	ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHHbPHnJjHn7qSYZv0iDxXxCgGOCaTopbLVB6MpCLCygT3KMcYEJUYCRU+U3mrez03eXgKM4jsFUiqJKaqO0UO4=
Ed25519	ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWJRjQ5AbCkXVk1zPPhvHKnzZdrMfCF9XbXPHecv+zg
RSA 2048-bit	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSlxXWaY1TubE61mcktR+Wo32EMGG8M5ADLgBTNZIZQLi2idMBjhpEZ9I7jrndSVoXUPmd2GAW20i236oGoSw7kmlgMF6XxrUaQ0MO/iMZ00k3Xlvj3EPWm6/h2g9QrzDwmd1pjyJYsn28KpoMj5pkZQK7XKc/BTwec7P/LcwCpqy7IvRYgRPMxbHa8XSYheBeHn8bPKdVWT/DtzeNO04ROSwiK3XMoq34fZLkFAd/vyje+yLxek8XUmiJGVYnUAY4WnmHPxcCvkCLB36DGvjPXHx/BRTQJBIvVAIuOfS0979yfNb43XGeeQQbH1nLDdvKr0IWwC4DoQbjEn3tyETR	test this key

Trigger

The server supports the "diffie-hellman-group1-sha1" algorithm.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

TLS (port 443 – HTTP)

Show scan details

Versions	SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV	Supported
Ciphers	`TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_RC4_128_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_RC4_128_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order	Client
Compression	`NULL` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key	RSA 2048-bit test this key
Hash algorithm	SHA-256
Diffie-Hellman	Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff Generator: 0x2
Certificate start date	2024-01-15 00:00:00 UTC
Certificate expiration date	2025-01-15 23:59:59 UTC
Certificate serial number	6641180403045079872233749531306882564
Certificate issuer	CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject	CN=*.niner.net
Certificate SANs	`*.niner.net` `niner.net`

Trigger

The server uses a 2048-bit Diffie-Hellman group.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support any cipher suites containing the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The hash used for the certificate is SHA-256.
Context	NIST considers SHA-512 as the only hash algorithm providing security for long-term use. Algorithms SHA-256 and SHA-384 are acceptable for near-term use and SHA-1 should not be used (NIST SP 800-57, Part 1, Rev. 3).

ns2.niner.net

IP address	159.203.55.78
Last scan	2024-04-29 11:53:55 UTC

SSH (port 22)

Rules applicable 3

C

A	A^!	B	C	D	F
2	0	0	1	0	0

TLS HTTP (port 443)

Rules applicable 4

B

A	A^!	B	C	D	F
3	0	1	0	0	0

SSH (port 22)

Show scan details

Version string SSH-2.0-OpenSSH_7.4

Encryption algorithms

3des-cbc
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
aes256-gcm@openssh.com
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com

Compression algorithms

none
zlib@openssh.com

MAC algorithms

hmac-sha1
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com

Server host key algorithms

ecdsa-sha2-nistp256
rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa

Key exchange algorithms

curve25519-sha256
curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521

Server keys

ECDSA secp256r1	ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHHbPHnJjHn7qSYZv0iDxXxCgGOCaTopbLVB6MpCLCygT3KMcYEJUYCRU+U3mrez03eXgKM4jsFUiqJKaqO0UO4=
Ed25519	ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWJRjQ5AbCkXVk1zPPhvHKnzZdrMfCF9XbXPHecv+zg
RSA 2048-bit	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSlxXWaY1TubE61mcktR+Wo32EMGG8M5ADLgBTNZIZQLi2idMBjhpEZ9I7jrndSVoXUPmd2GAW20i236oGoSw7kmlgMF6XxrUaQ0MO/iMZ00k3Xlvj3EPWm6/h2g9QrzDwmd1pjyJYsn28KpoMj5pkZQK7XKc/BTwec7P/LcwCpqy7IvRYgRPMxbHa8XSYheBeHn8bPKdVWT/DtzeNO04ROSwiK3XMoq34fZLkFAd/vyje+yLxek8XUmiJGVYnUAY4WnmHPxcCvkCLB36DGvjPXHx/BRTQJBIvVAIuOfS0979yfNb43XGeeQQbH1nLDdvKr0IWwC4DoQbjEn3tyETR	test this key

Trigger

The server supports the "diffie-hellman-group1-sha1" algorithm.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

TLS (port 443 – HTTP)

Show scan details

Versions	SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV	Supported
Ciphers	`TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_ECDHE_RSA_WITH_RC4_128_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_3DES_EDE_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_128_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_128_GCM_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_AES_256_CBC_SHA256` TLS 1.2 `TLS_RSA_WITH_AES_256_GCM_SHA384` TLS 1.2 `TLS_RSA_WITH_CAMELLIA_128_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_CAMELLIA_256_CBC_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 `TLS_RSA_WITH_RC4_128_SHA` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order	Client
Compression	`NULL` SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key	RSA 2048-bit test this key
Hash algorithm	SHA-256
Diffie-Hellman	Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff Generator: 0x2
Certificate start date	2024-01-15 00:00:00 UTC
Certificate expiration date	2025-01-15 23:59:59 UTC
Certificate serial number	6641180403045079872233749531306882564
Certificate issuer	CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject	CN=*.niner.net
Certificate SANs	`*.niner.net` `niner.net`

Trigger

The server uses a 2048-bit Diffie-Hellman group.

Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server uses a 2048-bit RSA key.
Context	NIST recommends a length of at least 1024 bits for legacy applications, 2048 bits for near term applications and 15360 bits for long term applications (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The server doesn't support any cipher suites containing the DES cipher.
Context	DES is a cipher with an effective key length of 56 bits, which is considered unsuitable by NIST even for legacy use (NIST SP 800-57, Part 1, Rev. 3).

Trigger	The hash used for the certificate is SHA-256.
Context	NIST considers SHA-512 as the only hash algorithm providing security for long-term use. Algorithms SHA-256 and SHA-384 are acceptable for near-term use and SHA-1 should not be used (NIST SP 800-57, Part 1, Rev. 3).

C	weneedafence.ca	173.255.231.250	2024-04-29 11:53:54 UTC	You must be logged in to monitor hosts.
C	weneedafence.ca	2600:3c03::f03c:91ff:fe08:94f3	2024-04-29 11:53:54 UTC	You must be logged in to monitor hosts.
C	mx.niner.net	178.62.195.26	2024-04-29 11:53:55 UTC	You must be logged in to monitor hosts.
C	ns1.niner.net	159.203.0.217	2024-04-29 11:53:55 UTC	You must be logged in to monitor hosts.
C	ns1.niner.net	2604:a880:cad:d0::6813:4001	2024-04-29 11:53:55 UTC	You must be logged in to monitor hosts.
C	ns2.niner.net	159.203.55.78	2024-04-29 11:53:55 UTC	You must be logged in to monitor hosts.

Choose a standard

Export

Machines Scanned

Crypto Services Discovered

weneedafence.ca

TLS (port 21 – FTP)

Warnings

Passed

SSH (port 22)

Weak cryptography

Passed

TLS (port 443 – HTTP)

Warnings

Passed

weneedafence.ca

TLS (port 21 – FTP)

Warnings

Passed

SSH (port 22)

Weak cryptography

Passed

TLS (port 443 – HTTP)

Warnings

Passed

mx.niner.net

SSH (port 22)

Weak cryptography

Passed

ns1.niner.net

SSH (port 22)

Weak cryptography

Passed

TLS (port 443 – HTTP)

Warnings

Passed

ns1.niner.net

SSH (port 22)

Weak cryptography

Passed

TLS (port 443 – HTTP)

Warnings

Passed

ns2.niner.net

SSH (port 22)

Weak cryptography

Passed

TLS (port 443 – HTTP)

Warnings

Passed