SSL Report

Heartbleed was a critical security vulnerability in SSL certificates that allowed attackers to access sensitive information being exchanged on the server side.

not vulnerable, no heartbeat extension

The Ticketbleed bug was the result of a programming error in hardware designed for industrial use. This bug allowed an attacker to extract 31 bytes of data from the main memory each time, which could include key values or sensitive data related to other secure communications.

not vulnerable

ROBOT is the name given to a 19-year-old vulnerability that allows RSA decryption and signing operations using a TLS servers private keys. In 1998, Daniel Bleichenbacher discovered that error messages sent by SSL servers related to PKCS1 v1.5 enabled a type of cryptographic attack. This attack could completely compromise TLS confidentiality when RSA-based encryption is used.

not vulnerable, no RSA key transport cipher

TLS and SSL version 3.0, and possibly earlier versions, as implemented in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in Apache HTTP Server 2.2.14 and earlier, OpenSSL before version 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and several Cisco products, do not correctly implement renegotiation handshakes in persistent connections. This flaw makes connections vulnerable to MITM attacks, allowing an attacker to inject data into secure communications using SSL and TLS protocols.

supported

The TLS and SSL version 3.0 protocols, and possibly older versions, while implemented on many products, do not support proper Renegotiation Handshake. This allows attackers to use a man-in-the-middle attack to inject data into HTTPS sessions and even other types of sessions secured using SSL and TLS. As a result, unauthorized and unverified requests sent by the attacker during the Renegotiation Handshake are processed. This type of attack is a subset of plaintext injection attacks, also known as Project Mogul.

not vulnerable

CRIME (Compression Ratio Info-leak Made Easy) exploits a security flaw in secret cookies that use HTTPS and SPDY along with data compression. In this attack, an attacker can obtain information about authentication cookies and impersonate the server, enabling further attacks.

not vulnerable

BREACH, short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext, is a compression-based attack that affects TLS/SSL communications. This vulnerability allows attackers to extract sensitive information, such as authentication tokens, security cookies, and other confidential data, from encrypted traffic.

potentially VULNERABLE, gzip deflate HTTP compression detected - only supplied / tested

Poodle (Padding Oracle On Downgraded Legacy Encryption) is a man-in-the-middle attack that exploits software support for SSLv3.0. If attackers successfully exploit this vulnerability, they need to send only 256 SSLv3.0-based messages to obtain a single byte of encrypted data on average.

not vulnerable, no SSLv3

FALLBACK SCSV is a cryptographic fallback protocol that identifies itself during the Client Hello process and initiates the SSL/TLS handshake with the SCSV (Signaling Cipher Suite Value). This protocol was implemented to address compatibility issues between SSL/TLS security protocols on clients and servers, preventing man-in-the-middle attacks. It ensures that fallback to an older cryptographic structure does not occur without user approval.

no protocol below TLS 1.2 offered

Sweet32 is an SSL/TLS vulnerability that exploits the weakness of 64-bit block ciphers such as 3DES and Blowfish. This attack allows attackers to intercept and decrypt sensitive HTTPS data through collision-based and Man-in-the-Middle (MITM) attacks. To prevent it, 3DES and Blowfish should be disabled, and more secure encryption like AES-GCM in TLS 1.2 or higher should be used.

not vulnerable

FREAK, which stands for Factoring RSA Export Keys, is a security attack that exploits cryptographic weaknesses in SSL/TLS protocols. In this type of attack, an attacker can use a Man-in-the-Middle technique and perform relatively low computations to break and decrypt connections that rely on weak and exportable 512-bit keys.

not vulnerable

DROWN attacks exploit an inter-protocol security flaw. This attack targets servers that use modern TLS versions but still allow fallback to older, insecure versions like SSLv2.0. As a result, it enables infiltration and misuse of supposedly secure connections. This attack is viable against all secure servers that still allow fallback to vulnerable protocols such as SSLv2.0.

not vulnerable on this host and port

DROWN-Hint is an optimized version of the DROWN attack that allows attackers to extract TLS encryption keys by leveraging partial traces of SSLv2. Unlike DROWN, which required a fully vulnerable SSLv2 server, DROWN-Hint can exploit small SSLv2 remnants in misconfigured servers. This attack is faster and more efficient, and even servers that have disabled SSLv2 but still retain traces of it remain at risk.

Make sure you dont use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=769CE2B181F243EDEB597BD12206984E9E17657DC068BF27FE83D40A69EBD0E5

LOGJAM attack allows an attacker to downgrade a TLS connection to protocols that support weak 512-bit export cryptography using a man-in-the-middle technique. This enables the attacker to decrypt and even modify all data exchanged between the user and the server. This attack is very similar to FREAK attacks but differs in two key aspects. First, the attack is possible due to a flaw in the TLS protocol rather than a vulnerability in service implementation. Second, LOGJAM attacks target Diffie-Hellman encryption instead of RSA.

not vulnerable, no DH EXPORT ciphers,

Millions of servers providing HTTPS, SSH, and VPN services use the same prime numbers for Diffie-Hellman key exchange. Experts believed that as long as new keys were generated and exchanged for each connection, the connection would remain secure, even if the prime numbers were the same. However, the first step in the number sieving process—the most efficient algorithm for breaking Diffie-Hellman connections—is based solely on prime numbers. After this process, an attacker can easily break encryption based on this cryptographic method.

no DH key with <= TLS 1.2

BEAST (Browser Exploit Against SSL/TLS) is an attack on SSL 3.0 and TLS 1.0 that allows an attacker to partially decrypt encrypted data. This attack exploits a weakness in CBC mode, enabling the attacker to guess certain encrypted information.

not vulnerable, no SSL3 or TLS1

Lucky Thirteen is a cryptographic timing attack against the TLS protocol that exploits the CBC mode structure.

not vulnerable

WinShock is a critical vulnerability in Windows Schannel that allows attackers to remotely execute malicious code via SSL/TLS without requiring authentication. This security flaw exposes secure communications to remote code execution (RCE) attacks and man-in-the-middle (MITM) attacks.

not vulnerable

The RC4 algorithm, as used in SSL and TLS protocols, does not properly combine state data and encryption keys during the initialization phase. This flaw allows an attacker to eavesdrop on network transmissions and recover unencrypted information from the first few bytes of a request.

not vulnerable

SSL version 2.0 is the first publicly released version of SSL with severe security flaws and vulnerabilities including weak MAC construction and lack of protection for handshake. This protocol has been completely deprecated since 2011. Attackers can perform man-in-the-middle attacks and decrypt sensitive information. Supporting SSLv2 is extremely dangerous and should be disabled immediately.

not offered

SSL version 3.0 is vulnerable to several attacks including POODLE. While it was an improvement over SSLv2, it is now considered cryptographically broken and has been deprecated since 2015. Attackers can exploit vulnerabilities like POODLE to decrypt sensitive data. Supporting SSLv3 poses significant security risks and should be disabled.

not offered

TLS 1.0 from 1999 is vulnerable to various attacks including BEAST and CRIME. While more secure than SSL, it has known cryptographic flaws. The protocol is still used for legacy compatibility, but it is recommended to disable TLS 1.0 unless absolutely necessary for old clients.

not offered

TLS 1.1 from 2006 improved upon TLS 1.0 by addressing some vulnerabilities, but still lacks modern cryptographic primitives and is considered outdated. While more secure than TLS 1.0, it lacks protection against more recent attacks. It is recommended to disable unless legacy support is required.

not offered

TLS 1.2 from 2008 introduced significant security improvements including stronger hash functions and authenticated encryption. This version is currently widely supported and considered secure. When properly configured, it provides strong security and supporting it is recommended.

offered

TLS 1.3 from 2018 is the latest version with major security and performance improvements. It removes support for legacy algorithms, reduces handshake latency, and provides perfect forward secrecy by default. This version offers the strongest security and better performance. Supporting TLS 1.3 is highly recommended as it represents the current best practice in secure communication.

offered with final

The signature algorithm is a cryptographic algorithm used to sign the digital certificate. It ensures the integrity and authenticity of the certificate.

SHA256 with RSA

The key size is the length of the cryptographic key used in the certificate. It determines the strength of the encryption and the security of the certificate.

RSA 2048 bits (exponent is 65537)

The common name is the primary domain name of the organization or individual that owns the certificate.

*.sepehrpay.com

The subject alternative name is an optional field that can include additional domain names associated with the certificate.

*.sepehrpay.com sepehrpay.com

The trust extension is used to identify the Certificate Authority (CA) that issued the certificate. It is a critical part of the certificate chain and helps ensure the authenticity of the certificate.

Ok via SAN wildcard and CN wildcard (SNI mandatory)

The not before date is the date and time when the certificate becomes valid. It ensures that the certificate is not used before the specified date and time.

2024-07-23 12:19

The not after date is the date and time when the certificate expires. It ensures that the certificate is not used after the specified date and time.

2025-07-23 12:19

The DNS CAA record is a DNS record that allows a Certificate Authority (CA) to specify the conditions under which it will issue certificates for a particular domain name.

--

The certificate transparency extension is a mechanism that allows a Certificate Authority (CA) to publish the certificate chain for a domain name. It is a critical part of the certificate chain and helps ensure the authenticity of the certificate.

yes (certificate extension)

The CA Issuers extension identifies the Certificate Authority (CA) that issued the end-entity certificate for the server. This is typically an intermediate CA that is authorized to issue SSL/TLS certificates for websites.

Certum Domain Validation CA SHA2 (Unizeto Technologies S.A. from PL)

The HTTP status code is a numerical value that indicates the response status of an HTTP request. It helps clients understand whether a request was successful, redirected, or encountered an error.

HTTP header reply empty

The HTTP status code is a numerical value that indicates the response status of an HTTP request. It helps clients understand whether a request was successful, redirected, or encountered an error.

No HTTP status code

The HTTP status code is a numerical value that indicates the response status of an HTTP request. It helps clients understand whether a request was successful, redirected, or encountered an error.

HTTP header request failed

NULL ciphers disable encryption, allowing data to be transmitted in plaintext. If a server supports these ciphers, any data exchanged is vulnerable to interception. Disabling NULL ciphers ensures that all communication remains encrypted, protecting confidentiality and integrity.

not offered

Anonymous ciphers (aNULL) allow encryption without authentication, making connections vulnerable to man-in-the-middle attacks. If supported, attackers can intercept and modify data without detection. Disabling these ciphers ensures that only authenticated and secure connections are established.

not offered

Export-grade ciphers were intentionally weakened due to outdated export regulations and are highly insecure by modern standards. If a server supports these ciphers, it becomes susceptible to attacks like FREAK and Logjam. Stronger cryptographic algorithms should be used to prevent data breaches.

not offered

Low-strength ciphers provide minimal encryption and can be easily cracked with modern computing power. Supporting these ciphers makes encrypted traffic vulnerable to brute-force and cryptographic attacks. Using stronger ciphers enhances security and ensures compliance with best practices.

not offered

3DES and IDEA are legacy encryption algorithms that are considered weak due to vulnerabilities like SWEET32. If still in use, they allow attackers to exploit long-duration sessions and perform collision attacks. Modern alternatives such as AES should be used for better security.

not offered