Crypto Service Audit by Cryptosense

Report for weneedafence.ca produced at 2024-05-17 00:02:13 UTC using the NIST standard.

For more information on coverage, go to discovery.cryptosense.com/faq. If you have any suggestions for improving this report, please send us an email at discovery@cryptosense.com.

C
is the overall score for
weneedafence.ca

Crypto on this site is outdated and might not provide enough security.

Note: The overall score is calculated based on the lowest score achieved by any of the machines scanned.

Machines Scanned

C
weneedafence.ca 173.255.231.250 2024-05-16 03:35:11 UTC
C
weneedafence.ca 2600:3c03::f03c:91ff:fe08:94f3 2024-05-16 03:35:11 UTC
C
mx.niner.net 178.62.195.26 2024-05-16 03:35:11 UTC
C
ns1.niner.net 159.203.0.217 2024-05-16 03:35:11 UTC
C
ns1.niner.net 2604:a880:cad:d0::6813:4001 2024-05-16 03:35:11 UTC
C
ns2.niner.net 159.203.55.78 2024-05-16 03:35:11 UTC

Crypto Services Discovered

In the next pages, we list all of the machines detected. For each machine, we list the cryptographic services found. For each service, we give the reasons behind the grading and, if applicable, instructions on how to fix it.

weneedafence.ca

IP address 173.255.231.250
Last scan 2024-05-16 03:35:11 UTC
TLS FTP (port 21)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0
SSH (port 22)
Rules applicable 3
C
A
A!
B
C
D
F
2 0 0 1 0 0
TLS HTTP (port 443)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0

TLS (port 21 – FTP)

Scan details
Versions TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_SEED_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDH_anon_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDH_anon_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_IDEA_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_MD5 TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_SEED_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (Postfix 2048-bit): 0xf2ea0a012bb967db1d155744be940e859bdba474fb6be6442ab52ef8546703dbf32b7b869fa8241b0acb13fc1c59cc5c2cee7a98063dd648a8add2876584d6f0a62aeb8d7a6c0dc9aceb41c2266f7920171baa5af924a48370e7ea22b6acc69da3cb36cb531351840343c2ecaa760eac7bf9e757cfd2432aeeff5b574aebf746c5e783f9e1115d54a331f36afbea7e6012db1536c54a6d369ba1bdf06558dd082225495a6e9866162576eedb314f174ded6923fccc31ab67d8c2558f9c128538cf586b5a01d3b68bdf8685bc8b550b36b19f38e71d3331a12bf56db8853a44c2aa7c2e8e86664b31dfdf6b7229e63a064561a7976a044042b6f40449c46ed403
  • Generator: 0x5
Certificate start date 2024-01-15 00:00:00 UTC
Certificate expiration date 2025-01-15 23:59:59 UTC
Certificate serial number 6641180403045079872233749531306882564
Certificate issuer CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject CN=*.niner.net
Certificate SANs
  • *.niner.net
  • niner.net
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

SSH (port 22)

Scan details
Version string SSH-2.0-OpenSSH_7.4
Encryption algorithms
  • 3des-cbc
  • aes128-cbc
  • aes128-ctr
  • aes128-gcm@openssh.com
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • aes256-gcm@openssh.com
  • blowfish-cbc
  • cast128-cbc
  • chacha20-poly1305@openssh.com
Compression algorithms
  • none
  • zlib@openssh.com
MAC algorithms
  • hmac-sha1
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-512-etm@openssh.com
  • umac-128-etm@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-64@openssh.com
Server host key algorithms
  • ecdsa-sha2-nistp256
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-ed25519
  • ssh-rsa
Key exchange algorithms
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
Server keys
ECDSA secp256r1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN0tuooyTmop1SMOlpgFZUq+7TUEo3f1zcNrHYjaze44DhysbFSGUKT86BBZS0pGDyjgI2kMCWV7mWaOP+EJa90=
Ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAION+OpWD39dI5deAPtpVjg9qK/2Tk2EXT/6Ji+SxG0R7
RSA 2048-bit ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwcgm8X7SHrAxa2OyjW/YSlw4G/pkxuGjVlELA84hsKCr3TQBp6tseILcsRX8lfF95AN/uP26Fh7ForuG2eafqJ8J9KWXlshqnGf4ddGhEGWRyN2wzRo0zQF9eNbaYS+LGFG0r0Jthy2BGcm20HGQ2SHE0XPRDUkOy/G5mTZYb29sTZ2GbbfT8h9HfWzICytERv/6uP1L0vS86+JorweiAisdZLtf6Pv+dH5uTIa6qgWKb8YFFTKFT5YDmkFHIAa5XIkkJfhUbcGTOwvmH6U4ZdKmOPqOAXAytWjoxuZLjl9j/eW/I0fl8tshPttVRZA80Zmm12Gzvwx4Btc4dgg0v test this key
C
Weak cryptography
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

TLS (port 443 – HTTP)

Scan details
Versions SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff
  • Generator: 0x2
Certificate start date 2024-01-15 00:00:00 UTC
Certificate expiration date 2025-01-15 23:59:59 UTC
Certificate serial number 6641180403045079872233749531306882564
Certificate issuer CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject CN=*.niner.net
Certificate SANs
  • *.niner.net
  • niner.net
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

weneedafence.ca

IP address 2600:3c03::f03c:91ff:fe08:94f3
Last scan 2024-05-16 03:35:11 UTC
TLS FTP (port 21)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0
SSH (port 22)
Rules applicable 3
C
A
A!
B
C
D
F
2 0 0 1 0 0
TLS HTTP (port 443)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0

TLS (port 21 – FTP)

Scan details
Versions TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_SEED_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDH_anon_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDH_anon_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_IDEA_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_MD5 TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_SHA TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_SEED_CBC_SHA TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (Postfix 2048-bit): 0xf2ea0a012bb967db1d155744be940e859bdba474fb6be6442ab52ef8546703dbf32b7b869fa8241b0acb13fc1c59cc5c2cee7a98063dd648a8add2876584d6f0a62aeb8d7a6c0dc9aceb41c2266f7920171baa5af924a48370e7ea22b6acc69da3cb36cb531351840343c2ecaa760eac7bf9e757cfd2432aeeff5b574aebf746c5e783f9e1115d54a331f36afbea7e6012db1536c54a6d369ba1bdf06558dd082225495a6e9866162576eedb314f174ded6923fccc31ab67d8c2558f9c128538cf586b5a01d3b68bdf8685bc8b550b36b19f38e71d3331a12bf56db8853a44c2aa7c2e8e86664b31dfdf6b7229e63a064561a7976a044042b6f40449c46ed403
  • Generator: 0x5
Certificate start date 2024-01-15 00:00:00 UTC
Certificate expiration date 2025-01-15 23:59:59 UTC
Certificate serial number 6641180403045079872233749531306882564
Certificate issuer CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject CN=*.niner.net
Certificate SANs
  • *.niner.net
  • niner.net
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

SSH (port 22)

Scan details
Version string SSH-2.0-OpenSSH_7.4
Encryption algorithms
  • 3des-cbc
  • aes128-cbc
  • aes128-ctr
  • aes128-gcm@openssh.com
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • aes256-gcm@openssh.com
  • blowfish-cbc
  • cast128-cbc
  • chacha20-poly1305@openssh.com
Compression algorithms
  • none
  • zlib@openssh.com
MAC algorithms
  • hmac-sha1
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-512-etm@openssh.com
  • umac-128-etm@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-64@openssh.com
Server host key algorithms
  • ecdsa-sha2-nistp256
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-ed25519
  • ssh-rsa
Key exchange algorithms
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
Server keys
ECDSA secp256r1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN0tuooyTmop1SMOlpgFZUq+7TUEo3f1zcNrHYjaze44DhysbFSGUKT86BBZS0pGDyjgI2kMCWV7mWaOP+EJa90=
Ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAION+OpWD39dI5deAPtpVjg9qK/2Tk2EXT/6Ji+SxG0R7
RSA 2048-bit ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwcgm8X7SHrAxa2OyjW/YSlw4G/pkxuGjVlELA84hsKCr3TQBp6tseILcsRX8lfF95AN/uP26Fh7ForuG2eafqJ8J9KWXlshqnGf4ddGhEGWRyN2wzRo0zQF9eNbaYS+LGFG0r0Jthy2BGcm20HGQ2SHE0XPRDUkOy/G5mTZYb29sTZ2GbbfT8h9HfWzICytERv/6uP1L0vS86+JorweiAisdZLtf6Pv+dH5uTIa6qgWKb8YFFTKFT5YDmkFHIAa5XIkkJfhUbcGTOwvmH6U4ZdKmOPqOAXAytWjoxuZLjl9j/eW/I0fl8tshPttVRZA80Zmm12Gzvwx4Btc4dgg0v test this key
C
Weak cryptography
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

TLS (port 443 – HTTP)

Scan details
Versions SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff
  • Generator: 0x2
Certificate start date 2024-01-15 00:00:00 UTC
Certificate expiration date 2025-01-15 23:59:59 UTC
Certificate serial number 6641180403045079872233749531306882564
Certificate issuer CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject CN=*.niner.net
Certificate SANs
  • *.niner.net
  • niner.net
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

mx.niner.net

IP address 178.62.195.26
Last scan 2024-05-16 03:35:11 UTC
SSH (port 22)
Rules applicable 3
C
A
A!
B
C
D
F
2 0 0 1 0 0

SSH (port 22)

Scan details
Version string SSH-2.0-OpenSSH_7.4
Encryption algorithms
  • 3des-cbc
  • aes128-cbc
  • aes128-ctr
  • aes128-gcm@openssh.com
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • aes256-gcm@openssh.com
  • blowfish-cbc
  • cast128-cbc
  • chacha20-poly1305@openssh.com
Compression algorithms
  • none
  • zlib@openssh.com
MAC algorithms
  • hmac-sha1
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-512-etm@openssh.com
  • umac-128-etm@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-64@openssh.com
Server host key algorithms
  • ecdsa-sha2-nistp256
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-ed25519
  • ssh-rsa
Key exchange algorithms
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
Server keys
ECDSA secp256r1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHYYd+kBO6jwjLNoj3TAQSFYJYz86NtX6L3QcipDf3BFGbPitRMsi0eNzil1FSCqwMIB9R/JcRszjwxBxYzSjLc=
Ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO6YHy4s5QEufeo5VbXfDKtyHVuAkiYn4lJifWdUtoA
RSA 2048-bit ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDHPJDW8jaJw9GWogXC8gmYDdLGcOw+tGwZ7R6i+uonoGdP4IRI85Gm80zVtD1L2w3iMM2Lzq0Zdlg4Ck2WzEKmpoUISq3Hl+3c5TAmY8/ixiFxiRFtZ2wWenZp8rK+BFxKfRmOZN3nJJeBhI6eAcWCMaaSyS2I8BV/oSXM1/oi4S3RGd9GTCUUwP1gBJsxxd8qqBCHXMNT7jtLTUtakIlnANDLmfP/kzJ/U0LFw3WlWb5FJOhncfQf+fCbukuFbbBMYRQ8qjXHepH+aGxTIVhnizki5r0wEWuGWv8QP+9N9wUL5aTOeU9gquNVrK57C42icje4h9ujGLRgh+9t8TT test this key
C
Weak cryptography
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

ns1.niner.net

IP address 159.203.0.217
Last scan 2024-05-16 03:35:11 UTC
SSH (port 22)
Rules applicable 3
C
A
A!
B
C
D
F
2 0 0 1 0 0
TLS HTTP (port 443)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0

SSH (port 22)

Scan details
Version string SSH-2.0-OpenSSH_7.4
Encryption algorithms
  • 3des-cbc
  • aes128-cbc
  • aes128-ctr
  • aes128-gcm@openssh.com
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • aes256-gcm@openssh.com
  • blowfish-cbc
  • cast128-cbc
  • chacha20-poly1305@openssh.com
Compression algorithms
  • none
  • zlib@openssh.com
MAC algorithms
  • hmac-sha1
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-512-etm@openssh.com
  • umac-128-etm@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-64@openssh.com
Server host key algorithms
  • ecdsa-sha2-nistp256
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-ed25519
  • ssh-rsa
Key exchange algorithms
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
Server keys
ECDSA secp256r1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHHbPHnJjHn7qSYZv0iDxXxCgGOCaTopbLVB6MpCLCygT3KMcYEJUYCRU+U3mrez03eXgKM4jsFUiqJKaqO0UO4=
Ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWJRjQ5AbCkXVk1zPPhvHKnzZdrMfCF9XbXPHecv+zg
RSA 2048-bit ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSlxXWaY1TubE61mcktR+Wo32EMGG8M5ADLgBTNZIZQLi2idMBjhpEZ9I7jrndSVoXUPmd2GAW20i236oGoSw7kmlgMF6XxrUaQ0MO/iMZ00k3Xlvj3EPWm6/h2g9QrzDwmd1pjyJYsn28KpoMj5pkZQK7XKc/BTwec7P/LcwCpqy7IvRYgRPMxbHa8XSYheBeHn8bPKdVWT/DtzeNO04ROSwiK3XMoq34fZLkFAd/vyje+yLxek8XUmiJGVYnUAY4WnmHPxcCvkCLB36DGvjPXHx/BRTQJBIvVAIuOfS0979yfNb43XGeeQQbH1nLDdvKr0IWwC4DoQbjEn3tyETR test this key
C
Weak cryptography
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

TLS (port 443 – HTTP)

Scan details
Versions SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff
  • Generator: 0x2
Certificate start date 2024-01-15 00:00:00 UTC
Certificate expiration date 2025-01-15 23:59:59 UTC
Certificate serial number 6641180403045079872233749531306882564
Certificate issuer CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject CN=*.niner.net
Certificate SANs
  • *.niner.net
  • niner.net
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

ns1.niner.net

IP address 2604:a880:cad:d0::6813:4001
Last scan 2024-05-16 03:35:11 UTC
SSH (port 22)
Rules applicable 3
C
A
A!
B
C
D
F
2 0 0 1 0 0
TLS HTTP (port 443)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0

SSH (port 22)

Scan details
Version string SSH-2.0-OpenSSH_7.4
Encryption algorithms
  • 3des-cbc
  • aes128-cbc
  • aes128-ctr
  • aes128-gcm@openssh.com
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • aes256-gcm@openssh.com
  • blowfish-cbc
  • cast128-cbc
  • chacha20-poly1305@openssh.com
Compression algorithms
  • none
  • zlib@openssh.com
MAC algorithms
  • hmac-sha1
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-512-etm@openssh.com
  • umac-128-etm@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-64@openssh.com
Server host key algorithms
  • ecdsa-sha2-nistp256
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-ed25519
  • ssh-rsa
Key exchange algorithms
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
Server keys
ECDSA secp256r1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHHbPHnJjHn7qSYZv0iDxXxCgGOCaTopbLVB6MpCLCygT3KMcYEJUYCRU+U3mrez03eXgKM4jsFUiqJKaqO0UO4=
Ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWJRjQ5AbCkXVk1zPPhvHKnzZdrMfCF9XbXPHecv+zg
RSA 2048-bit ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSlxXWaY1TubE61mcktR+Wo32EMGG8M5ADLgBTNZIZQLi2idMBjhpEZ9I7jrndSVoXUPmd2GAW20i236oGoSw7kmlgMF6XxrUaQ0MO/iMZ00k3Xlvj3EPWm6/h2g9QrzDwmd1pjyJYsn28KpoMj5pkZQK7XKc/BTwec7P/LcwCpqy7IvRYgRPMxbHa8XSYheBeHn8bPKdVWT/DtzeNO04ROSwiK3XMoq34fZLkFAd/vyje+yLxek8XUmiJGVYnUAY4WnmHPxcCvkCLB36DGvjPXHx/BRTQJBIvVAIuOfS0979yfNb43XGeeQQbH1nLDdvKr0IWwC4DoQbjEn3tyETR test this key
C
Weak cryptography
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

TLS (port 443 – HTTP)

Scan details
Versions SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff
  • Generator: 0x2
Certificate start date 2024-01-15 00:00:00 UTC
Certificate expiration date 2025-01-15 23:59:59 UTC
Certificate serial number 6641180403045079872233749531306882564
Certificate issuer CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject CN=*.niner.net
Certificate SANs
  • *.niner.net
  • niner.net
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

ns2.niner.net

IP address 159.203.55.78
Last scan 2024-05-16 03:35:11 UTC
SSH (port 22)
Rules applicable 3
C
A
A!
B
C
D
F
2 0 0 1 0 0
TLS HTTP (port 443)
Rules applicable 4
B
A
A!
B
C
D
F
3 0 1 0 0 0

SSH (port 22)

Scan details
Version string SSH-2.0-OpenSSH_7.4
Encryption algorithms
  • 3des-cbc
  • aes128-cbc
  • aes128-ctr
  • aes128-gcm@openssh.com
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • aes256-gcm@openssh.com
  • blowfish-cbc
  • cast128-cbc
  • chacha20-poly1305@openssh.com
Compression algorithms
  • none
  • zlib@openssh.com
MAC algorithms
  • hmac-sha1
  • hmac-sha1-etm@openssh.com
  • hmac-sha2-256
  • hmac-sha2-256-etm@openssh.com
  • hmac-sha2-512
  • hmac-sha2-512-etm@openssh.com
  • umac-128-etm@openssh.com
  • umac-128@openssh.com
  • umac-64-etm@openssh.com
  • umac-64@openssh.com
Server host key algorithms
  • ecdsa-sha2-nistp256
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-ed25519
  • ssh-rsa
Key exchange algorithms
  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group14-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
Server keys
ECDSA secp256r1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHHbPHnJjHn7qSYZv0iDxXxCgGOCaTopbLVB6MpCLCygT3KMcYEJUYCRU+U3mrez03eXgKM4jsFUiqJKaqO0UO4=
Ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWJRjQ5AbCkXVk1zPPhvHKnzZdrMfCF9XbXPHecv+zg
RSA 2048-bit ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSlxXWaY1TubE61mcktR+Wo32EMGG8M5ADLgBTNZIZQLi2idMBjhpEZ9I7jrndSVoXUPmd2GAW20i236oGoSw7kmlgMF6XxrUaQ0MO/iMZ00k3Xlvj3EPWm6/h2g9QrzDwmd1pjyJYsn28KpoMj5pkZQK7XKc/BTwec7P/LcwCpqy7IvRYgRPMxbHa8XSYheBeHn8bPKdVWT/DtzeNO04ROSwiK3XMoq34fZLkFAd/vyje+yLxek8XUmiJGVYnUAY4WnmHPxcCvkCLB36DGvjPXHx/BRTQJBIvVAIuOfS0979yfNb43XGeeQQbH1nLDdvKr0IWwC4DoQbjEn3tyETR test this key
C
Weak cryptography
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).

The "diffie-hellman-group1-sha1" key exchange algorithm uses the commonly-shared and 1024-bit Oakley Group 2 (RFC 4253).

TLS (port 443 – HTTP)

Scan details
Versions SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Fallback SCSV Supported
Ciphers
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_128_GCM_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_AES_256_CBC_SHA256 TLS 1.2
  • TLS_RSA_WITH_AES_256_GCM_SHA384 TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
  • TLS_RSA_WITH_RC4_128_SHA SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Cipher order Client
Compression
  • NULL SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Certificate key RSA 2048-bit test this key
Hash algorithm SHA-256
Diffie-Hellman
  • Group (2048-bit MODP from RFC 3526): 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff
  • Generator: 0x2
Certificate start date 2024-01-15 00:00:00 UTC
Certificate expiration date 2025-01-15 23:59:59 UTC
Certificate serial number 6641180403045079872233749531306882564
Certificate issuer CN=RapidSSL TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate subject CN=*.niner.net
Certificate SANs
  • *.niner.net
  • niner.net
B
Warnings
Diffie-Hellman group size
Trigger The server uses a 2048-bit Diffie-Hellman group.
Context

Diffie-Hellman is mainly used so that two machines can compute a shared secret and so benefit from forward secrecy.

NIST recommends a group size of at least 1024 bits for legacy applications, 3072 bits for near term applications and 15360 for long term applications (NIST SP 800-57, Part 1, Rev. 3).