Use best practice cipher suites for 2021#1802
Merged
georglauterbach merged 19 commits intodocker-mailserver:masterfrom Feb 18, 2021
Merged
Use best practice cipher suites for 2021#1802georglauterbach merged 19 commits intodocker-mailserver:masterfrom
georglauterbach merged 19 commits intodocker-mailserver:masterfrom
Conversation
Moved to the front of the list: ``` ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ``` `AES128-GCM-SHA256` may be weaker but is still considered quite secure, thus has been positioned for [performance reasons according to mozilla](mozilla/ssl-config-generator#48 (comment)). When allowing the client to choose the cipher from the list instead, which [mozilla advises for their intermediate and modern profiles](mozilla/ssl-config-generator#48 (comment)), the client can opt for what would suit it best, all ciphers the server advertises from this list are considered strong. [`tls_preempt_cipherlist`](http://www.postfix.org/postconf.5.html#tls_preempt_cipherlist) controls this in postfix. They have set it to `no`, which is the default, it could also be commented to remain visible in config, or removed if preferred. I have not changed it to `no` in this commit, as that would require port 25 inbound `STARTTLS` to also use the same custom cipherlist to follow Mozilla's advice. Probably a good idea to switch to `no` for `modern` profile at least? Neither OWASP or Mozilla include the following two ciphers, so they've been removed. I think they may have been in a previous cipherlist from Mozilla when this list was last updated? ``` ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ``` [Mozilla](https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=intermediate&openssl=1.1.1d&guideline=5.4) ends its list with these two: ``` DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ``` [OWASP B](https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html) adds non-GCM DHE variants, and retains the last two ciphers in the current list. These are the only difference between OWASP A and B grades, so could be dropped if choosing to opt for grade A instead: ``` DHE-RSA-AES256-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ``` OWASP B also lists 3 TLS 1.3 ciphers, but these [rarely need to be specified for most software](mozilla/ssl-config-generator#53), as such they're not included: ``` TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 ```
Related is the `smtpd_tls_exclude_ciphers` parameter. Mozilla doesn't include it, and while it's possible to find relatively recent blogs / guides making use of it, they often don't explain any useful reasoning for the choices. I think it has just become a bit of parroting of information and a "better safe than sorry if I don't understand this" approach. Looking at the [postfix docs](http://www.postfix.org/postconf.5.html#smtpd_tls_exclude_ciphers) we have: > List of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels. > Excluding valid ciphers *can create interoperability problems*. **DO NOT** exclude ciphers unless it is essential to do so. > Cipher types listed in `smtpd_tls_mandatory_exclude_ciphers` or `smtpd_tls_exclude_ciphers` are excluded from the base definition of the selected cipher grade. > The underlying cipherlists for grades other than "null" include anonymous ciphers, but these are automatically filtered out if the server is configured to ask for remote SMTP client certificates. You are very unlikely to need to take any steps to exclude anonymous ciphers, **they are excluded automatically as required**. Additionally [`aNULL` also excludes `ADH`](https://community.letsencrypt.org/t/using-lets-encrypt-certs-with-postfix/18957/8). I have verified parity of the current excluded ciphers with this reduced set. They should be clear which ciphers they're responsible for, except for `MEDIUM` which handled the two `SEED` ciphers. Since `MEDIUM` is ambiguous to what it's covering(the others are still required for parity), I have switched `MEDIUM` to `SEED`. In my testing these excluded ciphers are still graded an `A`, only anon certs that `aNULL` excludes provide a lower `F` grade, but the docs state it's a non-issue with remote connections. We could also change the `high` cipherlist to `medium` like mozilla does or keep the expanded coverage for inbound mail. Should be possible to have submission ports be considered more trustworthy and better cipher support, allowing the client to choose the cipher from the high list would be a good improvement.
`modern` TLS_LEVEL has had it's cipherlist updated to match the postfix `main.cf`change in the related prior commit. See that commit message for more details about the change. `intermediate` TLS_LEVEL has had it's cipherlist truncated. None of these appear to remain available after applying the excludes on them. If the excludes are removed, each TLS level presents ciphers(when the cipherlist is only set to this removed list) with the warning: > Forward Secrecy not supported by any cipher This is misleading when associating them with a `high` grade list intended for mandatory TLS support. Despite the warning, the nmap tool grades them all with with A for encryption strength(if that's at all trustworthy of a metric). The `intermediate` cipherlist still produces the same cipher support with the reduced list and exclusions from the previous commit.
Same changes to cipherlist as communicated in the related postfix `main.cf` commit.
There was an extra `E` accidentally in the first `ECDHE`.
This was the same content for the most part. Shared content was moved into a function call and dynamic content passed in as variables from each TLS_LEVEL case.
Seems appropriate to prefix the function name with `_` based on other internal function names, assuming convention. Modified `sed` calls, removing `-r` option and regex token`$` as they're not necessary. Uppercase variables as per style guide, `local` prefix for variable initialization.
Original cipherlist matched that of the postfix/dovecot config defaults (same as `tls_high_cipherlist`).
Mozilla's TLS reference once included these. They are the only difference between OWASP A and B Grades. They are available in the intermediate cipher list. Removing these from our modern profile: DHE-RSA-AES256-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 These four cipher suites are using AES-CBC for the cipher. By removing them, we only support AEAD (AES-GCM and ChaCha20-Poly1305) ciphers. These require a minimum of TLS 1.2 support and represent modern and secure cipher suites.
wernerfred
added
area/enhancement
area/security
kind/new feature
Member
|
@wernerfred When this is merged, I guess
This is very much appreciated!
I think this is a welcome change.
That's true, but could you briefly write a changelog similar in style to this? Maybe it could look something like this:
Possibly breaking changes
But tests pass on GH CI. What's the status with tests?
We will just need this in Al in all, a very welcome change. Thank you for taking the time! |
Member
Author
Yeah sure :) Do you want that written here, or is there a file you'd like me to update? Did you want the same for the hybrid/dual certificate PR as well? |
Member
Here in this PR is absolutely fine. I will then make sure this is written to all the places it belongs. It'd be appreciated if you could do this for the other PR too, yes. And please reach back to me as soon as this PR can be reviewed so I can mark maintainers as reviewers. |
Member
Author
|
Release notes, revised a terser version (the visible one). The collapsed section For tests, since CI on this PR passed, I just need to consider any tests to add? There's quite a few
Should I add two self-signed certs? (RSA and ECDSA) Release Notes
Breaking Changes:
EDIT: Not relevant. TLS_LEVEL modern enforces a minimum of TLS 1.2, lack of AES-CBC should not cause any breakage
There's some extra details below, but I felt may not have added as much value to justify the verbosity? Original release notes (Verbose)
Changes for TLS_LEVEL modern:Added ( Removed ( TLS_LEVEL The new
How the cipher list is sorted: The cipher list matches the server preference order from
|
Member
Thanks for writing the log. I will look through it and decide what goes into the changelog and what does not:)
I think one or two more tests which especially test the new changes are fine.
We are, of course, always in the favor of more tests - but you said you were short on time. I guess doing what you deem appropriate for this PR is fine. |
georglauterbach
changed the title
Member
Author
|
I've had a look through existing tests and see nothing specific to cipher suite testing or RSA/ECDSA. No additional tests are required, a future PR can contribute new tests that cover this area more thoroughly. Likewise existing documentation doesn't appear to need any updating in regard to these changes AFAIK. I might have missed something on the wiki, I noticed some of the wiki is out of sync with the move to an organization too. Should be fine to have this reviewed for merging now 👍 Last modified:
This shouldn't require me to re-run my earlier tests which were part of my large WIP support document 😀 As that portion of the document is relevant to this PR, I am including it below in it's own comment. It is a far more detailed reference of the impact of this PR changes and some of the considerations that went into ensuring and verifying the security of the cipher list changes. I have reviewed it once more with some minor edits, and realized that the release notes were missing some details, I've updated the terse version above. Future PR should consider the following changes:
|
Member
Author
Postfix + Dovecot cipher suite config overviewQuick overview of Postfix and Dovecot configuration related to the cipher suites and their relation to ports. Summary:
Postfix config:
Dovecot config:
Cipher list comparisonsUpstream refers to results prior to applying the changes from this PR.
|
| Cipher suite lists | Total | TLS 1.2 | TLS 1.1 | TLS 1.0 |
|---|---|---|---|---|
| Port 25 (Opportunistic) | 17 | 13 | 2 | 2 |
intermediate |
11 | 7 | 2 | 2 |
modern |
3 | 3 | N/A | N/A |
Member
Author
|
Another section from my WIP supporting document if it helps with the review. It's primarily informational about ciphers, informing the decision of what to have in Ciphers
Availability of AES-CCM, Camellia, ARIA, SEED, ChaCha20-Poly1305Many TLS implementations do not support AES-CCM, Camellia, ARIA, SEED:
Thus server support for these ciphers is less useful. Potentially AES-CCM is worthwhile for embedded products (eg scanners/printers). Camellia, ARIA, SEED may be used by other MTAs, but are only likely to be encountered within their respective origin regions, perhaps mostly from government services or private sector?
Insecure CiphersSince OpenSSL 1.0.2h and 1.1.0 (Aug 2016), OpenSSL default builds do not include RC4 or 3DES cipher suites. They can only be enabled with the
Block Ciphers - Modes of Operation
AEAD Stream Cipher - ChaCha20-Poly1305
ChaCha20-Poly1305 - Additonal detailsIn 2014 Google added ChaCha20-Poly1305 to Android Chrome as it's highest priority cipher choice, it efficiently leverages CPU vector instructions to achieve a 3x perf advantage over AES-GCM (when lacking hardware acceleration support, AES-NI).
HW accel for AES arrived with ARMv8-A which IPhone5S in late 2013 was the first device, with Android devices arriving around late 2014 onwards.
This covers the history of ChaCha20-Poly1305 well.
PerformanceIn Feb 2019, a developer for Amazon's TLS implementation
Compared to AESThis discussion notes that AES prioritizes performance/efficiency in hardware implementations, while ChaCha20 is designed for efficiency within software and being easy to implement at the expense of not being as suitable for further acceleration via dedicated hardware (ASICs).
Prioritization support over other cipher suites when using server order preferenceIf your supported cipher suites have no disadvantage/risk to necessitate server order preference; It would be better to let the client hint their preference instead. Should be ok with our TLS_LEVEL
Postfix cipher suite exclusion rulesOpenSSL docs clarify the syntax accepted for
|
georglauterbach
removed
meta/wip
pr/missing integration tests
This comment has been minimized.
This comment has been minimized.
Checks that results from `testssl.sh` are valid.
Ports 587, 465, 143, 993, 110, 995 all share the same cipher lists.
11 tasks
DRY-ing up some code.
All ports can now be tested via single method including port 25. `KEY_TYPE` and `TLS_LEVEL` in the `check_ports()` function overrides variable scope, and child function calls share that scope not requiring passing down as additional parameters. Still requires running multiple `testssl.sh` runs to cover each combinatino of `KEY_TYPE` and `TLS_LEVEL`, along with corresponding `mailserver-testing:ci` instances.
Remaining change to support testing combinations of `KEY_TYPE` and `TLS_LEVEL` by running `testssl.sh` and `mailserver-testing:ci` containers per test case.
Running the `testssl.sh` container with `--user "0:0"` (root) is a problem as the CI user is unable to remove written files afterwards for cleanup (lacks permissions as root has more authority). Tried a different approach that should work better by using the current users uid and gid.
The `docker` process itself is being run as root, so volume mounts are still creating directories with root ownership. This can be avoided when the directories already exist. Added `cd` commands for supporting `testssl.sh` outside of docker, if it's switched to that. `|| exit` is from `shellcheck` linting suggestion when using `cd`. `rm -rf` had it's shared variable path swapped for hard-coded path, just as an added precaution due to risk that command can impose on a user running tests locally.
Doesn't seem to be a problem with `testssl.sh` but pulling the image in advance. `jq` pulling it's image was triggering failure for `assert_output` which is only interested in `jq` command not anything else caught by `stdout`.. `jq` is now an expected dependency to perform tests.
Member
Author
|
Tests are finally working for all combinations. Let me know if I've done it right as this was my first time (I must say writing unit tests in bash added a fair bit of friction to the process).
Presently The docker image has the benefits of using the docker daemons internal DNS so that I can reach the mail container via DNS query to Without that, we could use IP addresses instead, and I can recreate the certs to include an IP address that we assign the
I can probably reduce the scope of the Test time (22 minutes) via my VPS instance (Vultr Ubuntu 20.10 $5/month): |
Member
|
LGTM |
georglauterbach
approved these changes
Feb 17, 2021
wernerfred
approved these changes
Feb 17, 2021
Member
wernerfred
left a comment
wernerfred
left a comment
There was a problem hiding this comment.
I'm honest with you I do not get every point of your changes. I quickly looked over the tests in a logical manner and it looks good in my opinion.
As the tests pass I think we can merge.
For a deeper inspection and style review i need more time (but can be done later)
Member
Author
Could you be more specific? And I'll do my best to elaborate more clearly. If you're referring to the tests, all that happens is We could enforce our Removing those ciphers would also have the benefit of removing Beyond that, These json files contain extensive testing data, if you'd like a more human friendly version, I would suggest running Docker local test setup example:Create a user-defined network, this allows for internal DNS between containers, allowing for a container to be reached by it's container name or alias: Bring up the mail container (assumes project root directory, just like when running docker run -d --name tls_test_cipherlists \
--volume "${PWD}/test/duplicate_configs/security_tls_cipherlists.bats/:/tmp/docker-mailserver/" \
--volume "${PWD}/test/test-files/ssl/example.test/:/config/ssl/:ro" \
--env DMS_DEBUG=0 \
--env SSL_TYPE="manual" \
--env SSL_CERT_PATH="/config/ssl/cert.rsa.pem" \
--env SSL_KEY_PATH="/config/ssl/key.rsa.pem" \
--env TLS_LEVEL="intermediate" \
--hostname "mail.example.test" \
--tty \
--network test-network \
--network-alias "example.test" \
mailserver-testing:ciRun mkdir -p "/tmp/results/rsa/intermediate" && \
docker run --rm \
--user "$(id -u):$(id -g)" \
--network test-network \
--volume "/tmp/results/rsa/intermediate/:/output" \
--workdir /output \
drwetter/testssl.sh:3.1dev --jsonfile-pretty port_25.json --logfile port_25.txt --color 0 --starttls smtp example.test:25When testssl.sh text log for port 25 - rsa intermediateShell output (colour highlighting stripped via ## Scan started as: "testssl.sh --jsonfile-pretty port_25.json --logfile port_25.txt --color 0 --starttls smtp example.test:25"
## at b8c80034bf0a:/home/testssl/bin/openssl.Linux.x86_64
## version testssl: 3.1dev from
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-02-17 22:36:47 -->> 172.30.0.2:25 (example.test) <<--
rDNS (172.30.0.2): tls_test_cipherlists.test-network.
Service set: STARTTLS via SMTP
Testing protocols via sockets
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) offered
Strong encryption (AEAD ciphers) with no FS offered (OK)
Forward Secrecy strong encryption (AEAD ciphers) offered (OK)
Testing server's cipher preferences
Has server cipher order? yes (OK) -- TLS 1.3 and below
Negotiated protocol TLSv1.3
Negotiated cipher TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
Cipher per protocol
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1 (server order)
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x39 DHE-RSA-AES256-SHA DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x33 DHE-RSA-AES128-SHA DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLSv1.1 (server order)
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x39 DHE-RSA-AES256-SHA DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x33 DHE-RSA-AES128-SHA DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLSv1.2 (server order)
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
x9f DHE-RSA-AES256-GCM-SHA384 DH 4096 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xccaa DHE-RSA-CHACHA20-POLY1305 DH 4096 ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xc0a3 DHE-RSA-AES256-CCM8 DH 4096 AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8
xc09f DHE-RSA-AES256-CCM DH 4096 AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM
xc061 ECDHE-ARIA256-GCM-SHA384 ECDH 253 ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
xc053 DHE-RSA-ARIA256-GCM-SHA384 DH 4096 ARIAGCM 256 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
x6b DHE-RSA-AES256-SHA256 DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
xc014 ECDHE-RSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x39 DHE-RSA-AES256-SHA DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc051 ARIA256-GCM-SHA384 RSA ARIAGCM 256 TLS_RSA_WITH_ARIA_256_GCM_SHA384
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
x9e DHE-RSA-AES128-GCM-SHA256 DH 4096 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
xc0a2 DHE-RSA-AES128-CCM8 DH 4096 AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8
xc09e DHE-RSA-AES128-CCM DH 4096 AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM
xc060 ECDHE-ARIA128-GCM-SHA256 ECDH 253 ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
xc052 DHE-RSA-ARIA128-GCM-SHA256 DH 4096 ARIAGCM 128 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
x67 DHE-RSA-AES128-SHA256 DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
xc013 ECDHE-RSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x33 DHE-RSA-AES128-SHA DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
xc050 ARIA128-GCM-SHA256 RSA ARIAGCM 128 TLS_RSA_WITH_ARIA_128_GCM_SHA256
TLSv1.3 (server order)
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
FS is offered (OK) TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8
DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA DHE-RSA-ARIA256-GCM-SHA384
ECDHE-ARIA256-GCM-SHA384 TLS_AES_128_GCM_SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8
DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA DHE-RSA-ARIA128-GCM-SHA256
ECDHE-ARIA128-GCM-SHA256
Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448
DH group offered: ffdhe4096
Testing server defaults (Server Hello)
TLS extensions (standard) "renegotiation info/#65281"
"EC point formats/#11" "session ticket/#35"
"supported versions/#43" "key share/#51"
"supported_groups/#10" "max fragment length/#1"
"encrypt-then-mac/#22"
"extended master secret/#23"
Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily
SSL Session ID support yes
Session Resumption Tickets: yes, ID: no
TLS clock skew Random values, no fingerprinting possible
Client Authentication none
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits (exponent is 65537)
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial / Fingerprints 9CF42A11521763A5A0FBD1CEDB085F33 / SHA1 9D6A770D287245F2D19513493761429E2AD89619
SHA256 C2E3D67194D5AD96458CE3143698E89D3E8C3CBA87C7B9B3E3B67641A6948498
Common Name (CN) Smallstep self-signed
subjectAltName (SAN) example.test mail.example.test
Trust (hostname) Ok via SAN (same w/o SNI)
Chain of trust NOT ok (chain incomplete)
EV cert (experimental) no
Certificate Validity (UTC) 3604 >= 60 days (2021-01-01 00:00 --> 2031-01-01 00:00)
>= 10 years is way too long
ETS/"eTLS", visibility info not present
Certificate Revocation List --
OCSP URI --
NOT ok -- neither CRL nor OCSP URI provided
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) not offered
Certificate Transparency N/A
Certificates provided 1
Issuer Smallstep self-signed
Intermediate Bad OCSP (exp.) Ok
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
ROBOT not vulnerable (OK)
Secure Renegotiation (RFC 5746) supported (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK) (not using HTTP anyway)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=C2E3D67194D5AD96458CE3143698E89D3E8C3CBA87C7B9B3E3B67641A6948498 could help you to find out
LOGJAM (CVE-2015-4000), experimental common prime with 4096 bits detected: RFC7919/ffdhe4096 (4096 bits),
but no DH EXPORT ciphers
BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA
VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
Winshock (CVE-2014-6321), experimental not vulnerable (OK)
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
STARTTLS injection (experimental) not vulnerable (OK)
Running client simulations via sockets
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Java 6u45 No connection
Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
Java 8u161 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256)
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 256 bit ECDH (P-256)
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256 bit ECDH (P-256)
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 253 bit ECDH (X25519)
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Rating (experimental)
Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Protocol Support (weighted) 0 (0)
Key Exchange (weighted) 0 (0)
Cipher Strength (weighted) 0 (0)
Final Score 0
Overall Grade T
Grade cap reasons Grade capped to T. Issues with the chain of trust (chain incomplete)
Grade capped to T. Encryption via STARTTLS is not mandatory (opportunistic).
Grade capped to B. TLS 1.1 offered
Grade capped to B. TLS 1.0 offered
Done 2021-02-17 22:40:11 [ 206s] -->> 172.30.0.2:25 (example.test) <<--
Terminal output with colour variant (cat this document in a terminal to view with syntax highlighting): testssl.sh text log for port 25 - rsa intermediateShell output: ## Scan started as: "testssl.sh --jsonfile-pretty port_25.json --logfile port_25.txt --starttls smtp example.test:25"
## at 85f9e108f9d3:/home/testssl/bin/openssl.Linux.x86_64
## version testssl: 3.1dev from
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
�[7m Start 2021-02-17 22:26:08 -->> 172.30.0.2:25 (example.test) <<--�[m
rDNS (172.30.0.2): tls_test_cipherlists.test-network.
Service set: STARTTLS via SMTP
�[1m�[4m Testing protocols �[m�[4mvia sockets �[m
�[1m SSLv2 �[m�[1;32mnot offered (OK)�[m
�[1m SSLv3 �[m�[1;32mnot offered (OK)�[m
�[1m TLS 1 �[m�[1;33moffered�[m (deprecated)
�[1m TLS 1.1 �[m�[1;33moffered�[m (deprecated)
�[1m TLS 1.2 �[m�[1;32moffered (OK)�[m
�[1m TLS 1.3 �[m�[1;32moffered (OK)�[m: final
�[1m�[4m Testing cipher categories �[m
�[1m NULL ciphers (no encryption) �[m�[1;32mnot offered (OK)�[m
�[1m Anonymous NULL Ciphers (no authentication) �[m�[1;32mnot offered (OK)�[m
�[1m Export ciphers (w/o ADH+NULL) �[m�[1;32mnot offered (OK)�[m
�[1m LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) �[m�[0;32mnot offered (OK)�[m
�[1m Triple DES Ciphers / IDEA �[mnot offered
�[1m Obsoleted CBC ciphers (AES, ARIA etc.) �[m�[1;33moffered�[m
�[1m Strong encryption (AEAD ciphers) with no FS �[m�[0;32moffered (OK)�[m
�[1m Forward Secrecy strong encryption (AEAD ciphers) �[m�[1;32moffered (OK)�[m
�[1m�[4m Testing server's cipher preferences �[m
�[1m Has server cipher order? �[m�[1;32myes (OK)�[m -- TLS 1.3 and below
�[1m Negotiated protocol �[m�[1;32mTLSv1.3�[m
�[1m Negotiated cipher �[m�[1;32mTLS_AES_256_GCM_SHA384�[m, �[0;32m253 bit ECDH (X25519)�[m
�[1m Cipher per protocol�[m
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
�[4mSSLv2�[m
-
�[4mSSLv3�[m
-
�[4mTLSv1�[m (server order)
xc014 ECDHE-RSA-AES256-SHA ECDH�[0;32m 256�[m AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x39 DHE-RSA-AES256-SHA DH�[0;32m 4096�[m AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc013 ECDHE-RSA-AES128-SHA ECDH�[0;32m 256�[m AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x33 DHE-RSA-AES128-SHA DH�[0;32m 4096�[m AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
�[4mTLSv1.1�[m (server order)
xc014 ECDHE-RSA-AES256-SHA ECDH�[0;32m 256�[m AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x39 DHE-RSA-AES256-SHA DH�[0;32m 4096�[m AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc013 ECDHE-RSA-AES128-SHA ECDH�[0;32m 256�[m AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x33 DHE-RSA-AES128-SHA DH�[0;32m 4096�[m AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
�[4mTLSv1.2�[m (server order)
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH�[0;32m 253�[m AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
x9f DHE-RSA-AES256-GCM-SHA384 DH�[0;32m 4096�[m AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH�[0;32m 253�[m ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xccaa DHE-RSA-CHACHA20-POLY1305 DH�[0;32m 4096�[m ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
xc0a3 DHE-RSA-AES256-CCM8 DH�[0;32m 4096�[m AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8
xc09f DHE-RSA-AES256-CCM DH�[0;32m 4096�[m AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM
xc061 ECDHE-ARIA256-GCM-SHA384 ECDH�[0;32m 253�[m ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
xc053 DHE-RSA-ARIA256-GCM-SHA384 DH�[0;32m 4096�[m ARIAGCM 256 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
xc028 ECDHE-RSA-AES256-SHA384 ECDH�[0;32m 253�[m AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
x6b DHE-RSA-AES256-SHA256 DH�[0;32m 4096�[m AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
xc014 ECDHE-RSA-AES256-SHA ECDH�[0;32m 253�[m AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
x39 DHE-RSA-AES256-SHA DH�[0;32m 4096�[m AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
xc051 ARIA256-GCM-SHA384 RSA ARIAGCM 256 TLS_RSA_WITH_ARIA_256_GCM_SHA384
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH�[0;32m 253�[m AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
x9e DHE-RSA-AES128-GCM-SHA256 DH�[0;32m 4096�[m AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
xc0a2 DHE-RSA-AES128-CCM8 DH�[0;32m 4096�[m AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8
xc09e DHE-RSA-AES128-CCM DH�[0;32m 4096�[m AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM
xc060 ECDHE-ARIA128-GCM-SHA256 ECDH�[0;32m 253�[m ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
xc052 DHE-RSA-ARIA128-GCM-SHA256 DH�[0;32m 4096�[m ARIAGCM 128 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
xc027 ECDHE-RSA-AES128-SHA256 ECDH�[0;32m 253�[m AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
x67 DHE-RSA-AES128-SHA256 DH�[0;32m 4096�[m AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
xc013 ECDHE-RSA-AES128-SHA ECDH�[0;32m 253�[m AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
x33 DHE-RSA-AES128-SHA DH�[0;32m 4096�[m AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
xc050 ARIA128-GCM-SHA256 RSA ARIAGCM 128 TLS_RSA_WITH_ARIA_128_GCM_SHA256
�[4mTLSv1.3�[m (server order)
x1302 TLS_AES_256_GCM_SHA384 ECDH�[0;32m 253�[m AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH�[0;32m 253�[m ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH�[0;32m 253�[m AESGCM 128 TLS_AES_128_GCM_SHA256
�[1m�[4m Testing robust forward secrecy (FS)�[m�[4m -- omitting Null Authentication/Encryption, 3DES, RC4 �[m
�[0;32m FS is offered (OK) �[m TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8
DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA DHE-RSA-ARIA256-GCM-SHA384
ECDHE-ARIA256-GCM-SHA384 TLS_AES_128_GCM_SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8
DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA DHE-RSA-ARIA128-GCM-SHA256
ECDHE-ARIA128-GCM-SHA256
�[1m Elliptic curves offered: �[m�[0;32mprime256v1�[m �[0;32msecp384r1�[m �[0;32msecp521r1�[m �[0;32mX25519�[m �[0;32mX448�[m
�[1m DH group offered: �[m�[0;32mffdhe4096�[m
�[1m�[4m Testing server defaults (Server Hello) �[m
�[1m TLS extensions (standard) �[m"renegotiation info/#65281"
"EC point formats/#11" "session ticket/#35"
"supported versions/#43" "key share/#51"
"supported_groups/#10" "max fragment length/#1"
"encrypt-then-mac/#22"
"extended master secret/#23"
�[1m Session Ticket RFC 5077 hint �[m7200 seconds, session tickets keys seems to be rotated < daily
�[1m SSL Session ID support �[myes
�[1m Session Resumption �[mTickets: yes, ID: no
�[1m TLS clock skew�[m Random values, no fingerprinting possible
�[1m Client Authentication �[mnone
�[1m Signature Algorithm �[m�[0;32mSHA256 with RSA�[m
�[1m Server key size �[mRSA 2048 bits (exponent is 65537)
�[1m Server key usage �[mDigital Signature, Key Encipherment
�[1m Server extended key usage �[mTLS Web Server Authentication, TLS Web Client Authentication
�[1m Serial / Fingerprints �[m9CF42A11521763A5A0FBD1CEDB085F33 / SHA1 9D6A770D287245F2D19513493761429E2AD89619
SHA256 C2E3D67194D5AD96458CE3143698E89D3E8C3CBA87C7B9B3E3B67641A6948498
�[1m Common Name (CN) �[m�[3mSmallstep self-signed �[m
�[1m subjectAltName (SAN) �[m�[3mexample.test mail.example.test �[m
�[1m Trust (hostname) �[m�[0;32mOk via SAN�[m (same w/o SNI)
�[1m Chain of trust�[m �[1;31mNOT ok�[m (chain incomplete)
�[1m EV cert�[m (experimental) no
�[1m Certificate Validity (UTC) �[m�[0;32m3604 >= 60 days�[m (2021-01-01 00:00 --> 2031-01-01 00:00)
�[0;31m>= 10 years is way too long�[m
�[1m ETS/"eTLS"�[m, visibility info not present
�[1m Certificate Revocation List �[m--
�[1m OCSP URI �[m--
�[0;31mNOT ok --�[m neither CRL nor OCSP URI provided
�[1m OCSP stapling �[mnot offered
�[1m OCSP must staple extension �[m--
�[1m DNS CAA RR�[m (experimental) �[1;33mnot offered�[m
�[1m Certificate Transparency �[mN/A
�[1m Certificates provided�[m 1
�[1m Issuer �[m�[3mSmallstep self-signed�[m
�[1m Intermediate Bad OCSP�[m (exp.) �[0;32mOk�[m
�[1m�[4m Testing vulnerabilities �[m
�[1m Heartbleed�[m (CVE-2014-0160) �[1;32mnot vulnerable (OK)�[m, no heartbeat extension
�[1m CCS�[m (CVE-2014-0224) �[1;32mnot vulnerable (OK)�[m
�[1m ROBOT �[m�[1;32mnot vulnerable (OK)�[m
�[1m Secure Renegotiation (RFC 5746) �[m�[1;32msupported (OK)�[m
�[1m Secure Client-Initiated Renegotiation �[m�[0;32mnot vulnerable (OK)�[m
�[1m CRIME, TLS �[m(CVE-2012-4929) �[0;32mnot vulnerable (OK)�[m (not using HTTP anyway)
�[1m POODLE, SSL�[m (CVE-2014-3566) �[1;32mnot vulnerable (OK)�[m, no SSLv3 support
�[1m TLS_FALLBACK_SCSV�[m (RFC 7507) �[0;32mDowngrade attack prevention supported (OK)�[m
�[1m SWEET32�[m (CVE-2016-2183, CVE-2016-6329) �[1;32mnot vulnerable (OK)�[m
�[1m FREAK�[m (CVE-2015-0204) �[1;32mnot vulnerable (OK)�[m
�[1m DROWN�[m (CVE-2016-0800, CVE-2016-0703) �[1;32mnot vulnerable on this host and port (OK)�[m
make sure you don't use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=C2E3D67194D5AD96458CE3143698E89D3E8C3CBA87C7B9B3E3B67641A6948498 could help you to find out
�[1m LOGJAM�[m (CVE-2015-4000), experimental common prime with 4096 bits detected: �[3mRFC7919/ffdhe4096�[m (�[0;32m4096 bits�[m),
but no DH EXPORT ciphers
�[1m BEAST�[m (CVE-2011-3389) TLS1: �[1;33mECDHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA �[m
�[1;33mVULNERABLE�[m -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
�[1m LUCKY13�[m (CVE-2013-0169), experimental potentially �[1;33mVULNERABLE�[m, uses cipher block chaining (CBC) ciphers with TLS. Check patches
�[1m Winshock�[m (CVE-2014-6321), experimental �[1;32mnot vulnerable (OK)�[m
�[1m RC4�[m (CVE-2013-2566, CVE-2015-2808) �[0;32mno RC4 ciphers detected (OK)�[m
�[1m STARTTLS injection�[m (experimental) �[0;32mnot vulnerable (OK)�[m
�[1m�[4m Running client simulations �[m�[1m�[4mvia sockets �[m
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 �[0;32m253 bit ECDH (X25519)�[m
Android 9.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 �[0;32m253 bit ECDH (X25519)�[m
Android 10.0 (native) TLSv1.3 TLS_AES_256_GCM_SHA384 �[0;32m253 bit ECDH (X25519)�[m
Java 6u45 No connection
Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA �[0;32m256 bit ECDH (P-256)�[m
Java 8u161 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 �[0;32m256 bit ECDH (P-256)�[m
Java 11.0.2 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 �[0;32m256 bit ECDH (P-256)�[m
Java 12.0.1 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 �[0;32m256 bit ECDH (P-256)�[m
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 �[0;32m256 bit ECDH (P-256)�[m
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 �[0;32m253 bit ECDH (X25519)�[m
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 �[0;32m253 bit ECDH (X25519)�[m
�[1m�[4m Rating (experimental) �[m
�[1m Rating specs�[m (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
�[1m Specification documentation �[mhttps://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
�[1m Protocol Support�[m (weighted) 0 (0)
�[1m Key Exchange�[m (weighted) 0 (0)
�[1m Cipher Strength�[m (weighted) 0 (0)
�[1m Final Score �[m0
�[1m Overall Grade �[m�[1;31mT�[m
�[1m Grade cap reasons �[mGrade capped to T. Issues with the chain of trust (chain incomplete)
Grade capped to T. Encryption via STARTTLS is not mandatory (opportunistic).
Grade capped to B. TLS 1.1 offered
Grade capped to B. TLS 1.0 offered
�[7m Done 2021-02-17 22:29:50 [ 225s] -->> 172.30.0.2:25 (example.test) <<--�[m
testssl.sh json log for port 25 - rsa intermediateJSON output: {
"Invocation" : "testssl.sh --jsonfile-pretty port_25.json --logfile port_25.txt --starttls smtp example.test:25",
"at" : "85f9e108f9d3:/home/testssl/bin/openssl.Linux.x86_64",
"version" : "3.1dev ",
"openssl" : "OpenSSL 1.0.2-chacha from Jan 18 17:12:17 2019",
"startTime" : "1613600765",
"scanResult" : [
{
"targetHost" : "example.test",
"ip" : "172.30.0.2",
"port" : "25",
"rDNS" : "tls_test_cipherlists.test-network.",
"service" : "smtp",
"pretest" : [
{
"id" : "pre_128cipher",
"severity" : "INFO",
"finding" : "No 128 cipher limit bug"
}
],
"protocols" : [
{
"id" : "SSLv2",
"severity" : "OK",
"finding" : "not offered"
},{
"id" : "SSLv3",
"severity" : "OK",
"finding" : "not offered"
},{
"id" : "TLS1",
"severity" : "LOW",
"finding" : "offered (deprecated)"
},{
"id" : "TLS1_1",
"severity" : "LOW",
"finding" : "offered (deprecated)"
},{
"id" : "TLS1_2",
"severity" : "OK",
"finding" : "offered"
},{
"id" : "TLS1_3",
"severity" : "OK",
"finding" : "offered with final"
}
],
"grease" : [
],
"ciphers" : [
{
"id" : "cipherlist_NULL",
"severity" : "OK",
"cwe" : "CWE-327",
"finding" : "not offered"
},{
"id" : "cipherlist_aNULL",
"severity" : "OK",
"cwe" : "CWE-327",
"finding" : "not offered"
},{
"id" : "cipherlist_EXPORT",
"severity" : "OK",
"cwe" : "CWE-327",
"finding" : "not offered"
},{
"id" : "cipherlist_LOW",
"severity" : "OK",
"cwe" : "CWE-327",
"finding" : "not offered"
},{
"id" : "cipherlist_3DES_IDEA",
"severity" : "INFO",
"cwe" : "CWE-310",
"finding" : "not offered"
},{
"id" : "cipherlist_AVERAGE",
"severity" : "LOW",
"cwe" : "CWE-310",
"finding" : "offered"
},{
"id" : "cipherlist_GOOD",
"severity" : "OK",
"finding" : "offered"
},{
"id" : "cipherlist_STRONG",
"severity" : "OK",
"finding" : "offered"
}
],
"fs" : [
{
"id" : "cipher_order",
"severity" : "OK",
"finding" : "server"
},{
"id" : "protocol_negotiated",
"severity" : "OK",
"finding" : "Default protocol TLS1.3"
},{
"id" : "cipher_negotiated",
"severity" : "OK",
"finding" : "TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)"
},{
"id" : "cipher-tls1_xc014",
"severity" : "LOW",
"finding" : "TLSv1 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
},{
"id" : "cipher-tls1_x39",
"severity" : "LOW",
"finding" : "TLSv1 x39 DHE-RSA-AES256-SHA DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
},{
"id" : "cipher-tls1_xc013",
"severity" : "LOW",
"finding" : "TLSv1 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
},{
"id" : "cipher-tls1_x33",
"severity" : "LOW",
"finding" : "TLSv1 x33 DHE-RSA-AES128-SHA DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
},{
"id" : "cipherorder_TLSv1",
"severity" : "INFO",
"finding" : "ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA"
},{
"id" : "cipher-tls1_1_xc014",
"severity" : "LOW",
"finding" : "TLSv1.1 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
},{
"id" : "cipher-tls1_1_x39",
"severity" : "LOW",
"finding" : "TLSv1.1 x39 DHE-RSA-AES256-SHA DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
},{
"id" : "cipher-tls1_1_xc013",
"severity" : "LOW",
"finding" : "TLSv1.1 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
},{
"id" : "cipher-tls1_1_x33",
"severity" : "LOW",
"finding" : "TLSv1.1 x33 DHE-RSA-AES128-SHA DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
},{
"id" : "cipherorder_TLSv1_1",
"severity" : "INFO",
"finding" : "ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA"
},{
"id" : "cipher-tls1_2_xc030",
"severity" : "OK",
"finding" : "TLSv1.2 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
},{
"id" : "cipher-tls1_2_x9f",
"severity" : "OK",
"finding" : "TLSv1.2 x9f DHE-RSA-AES256-GCM-SHA384 DH 4096 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
},{
"id" : "cipher-tls1_2_xcca8",
"severity" : "OK",
"finding" : "TLSv1.2 xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
},{
"id" : "cipher-tls1_2_xccaa",
"severity" : "OK",
"finding" : "TLSv1.2 xccaa DHE-RSA-CHACHA20-POLY1305 DH 4096 ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
},{
"id" : "cipher-tls1_2_xc0a3",
"severity" : "OK",
"finding" : "TLSv1.2 xc0a3 DHE-RSA-AES256-CCM8 DH 4096 AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8"
},{
"id" : "cipher-tls1_2_xc09f",
"severity" : "OK",
"finding" : "TLSv1.2 xc09f DHE-RSA-AES256-CCM DH 4096 AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM"
},{
"id" : "cipher-tls1_2_xc061",
"severity" : "OK",
"finding" : "TLSv1.2 xc061 ECDHE-ARIA256-GCM-SHA384 ECDH 253 ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"
},{
"id" : "cipher-tls1_2_xc053",
"severity" : "OK",
"finding" : "TLSv1.2 xc053 DHE-RSA-ARIA256-GCM-SHA384 DH 4096 ARIAGCM 256 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"
},{
"id" : "cipher-tls1_2_xc028",
"severity" : "LOW",
"finding" : "TLSv1.2 xc028 ECDHE-RSA-AES256-SHA384 ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
},{
"id" : "cipher-tls1_2_x6b",
"severity" : "LOW",
"finding" : "TLSv1.2 x6b DHE-RSA-AES256-SHA256 DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
},{
"id" : "cipher-tls1_2_xc014",
"severity" : "LOW",
"finding" : "TLSv1.2 xc014 ECDHE-RSA-AES256-SHA ECDH 253 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
},{
"id" : "cipher-tls1_2_x39",
"severity" : "LOW",
"finding" : "TLSv1.2 x39 DHE-RSA-AES256-SHA DH 4096 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
},{
"id" : "cipher-tls1_2_xc051",
"severity" : "OK",
"finding" : "TLSv1.2 xc051 ARIA256-GCM-SHA384 RSA ARIAGCM 256 TLS_RSA_WITH_ARIA_256_GCM_SHA384"
},{
"id" : "cipher-tls1_2_xc02f",
"severity" : "OK",
"finding" : "TLSv1.2 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
},{
"id" : "cipher-tls1_2_x9e",
"severity" : "OK",
"finding" : "TLSv1.2 x9e DHE-RSA-AES128-GCM-SHA256 DH 4096 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
},{
"id" : "cipher-tls1_2_xc0a2",
"severity" : "OK",
"finding" : "TLSv1.2 xc0a2 DHE-RSA-AES128-CCM8 DH 4096 AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8"
},{
"id" : "cipher-tls1_2_xc09e",
"severity" : "OK",
"finding" : "TLSv1.2 xc09e DHE-RSA-AES128-CCM DH 4096 AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM"
},{
"id" : "cipher-tls1_2_xc060",
"severity" : "OK",
"finding" : "TLSv1.2 xc060 ECDHE-ARIA128-GCM-SHA256 ECDH 253 ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"
},{
"id" : "cipher-tls1_2_xc052",
"severity" : "OK",
"finding" : "TLSv1.2 xc052 DHE-RSA-ARIA128-GCM-SHA256 DH 4096 ARIAGCM 128 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"
},{
"id" : "cipher-tls1_2_xc027",
"severity" : "LOW",
"finding" : "TLSv1.2 xc027 ECDHE-RSA-AES128-SHA256 ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
},{
"id" : "cipher-tls1_2_x67",
"severity" : "LOW",
"finding" : "TLSv1.2 x67 DHE-RSA-AES128-SHA256 DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
},{
"id" : "cipher-tls1_2_xc013",
"severity" : "LOW",
"finding" : "TLSv1.2 xc013 ECDHE-RSA-AES128-SHA ECDH 253 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
},{
"id" : "cipher-tls1_2_x33",
"severity" : "LOW",
"finding" : "TLSv1.2 x33 DHE-RSA-AES128-SHA DH 4096 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
},{
"id" : "cipher-tls1_2_xc050",
"severity" : "OK",
"finding" : "TLSv1.2 xc050 ARIA128-GCM-SHA256 RSA ARIAGCM 128 TLS_RSA_WITH_ARIA_128_GCM_SHA256"
},{
"id" : "cipherorder_TLSv1_2",
"severity" : "INFO",
"finding" : "ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM ECDHE-ARIA256-GCM-SHA384 DHE-RSA-ARIA256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ARIA256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM ECDHE-ARIA128-GCM-SHA256 DHE-RSA-ARIA128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA ARIA128-GCM-SHA256"
},{
"id" : "cipher-tls1_3_x1302",
"severity" : "OK",
"finding" : "TLSv1.3 x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384"
},{
"id" : "cipher-tls1_3_x1303",
"severity" : "OK",
"finding" : "TLSv1.3 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256"
},{
"id" : "cipher-tls1_3_x1301",
"severity" : "OK",
"finding" : "TLSv1.3 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256"
},{
"id" : "cipherorder_TLSv1_3",
"severity" : "INFO",
"finding" : "TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256"
}
],
"serverPreferences" : [
{
"id" : "FS",
"severity" : "OK",
"finding" : "offered"
},{
"id" : "FS_ciphers",
"severity" : "INFO",
"finding" : "TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-ARIA256-GCM-SHA384 ECDHE-ARIA256-GCM-SHA384 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-ARIA128-GCM-SHA256 ECDHE-ARIA128-GCM-SHA256"
},{
"id" : "FS_ECDHE_curves",
"severity" : "OK",
"finding" : "prime256v1 secp384r1 secp521r1 X25519 X448"
},{
"id" : "DH_groups",
"severity" : "OK",
"finding" : "ffdhe4096"
}
],
"serverDefaults" : [
{
"id" : "TLS_extensions",
"severity" : "INFO",
"finding" : "'renegotiation info/#65281' 'EC point formats/#11' 'session ticket/#35' 'supported versions/#43' 'key share/#51' 'supported_groups/#10' 'max fragment length/#1' 'encrypt-then-mac/#22' 'extended master secret/#23'"
},{
"id" : "TLS_session_ticket",
"severity" : "INFO",
"finding" : "valid for 7200 seconds only (<daily)"
},{
"id" : "SSL_sessionID_support",
"severity" : "INFO",
"finding" : "yes"
},{
"id" : "sessionresumption_ticket",
"severity" : "INFO",
"finding" : "supported"
},{
"id" : "sessionresumption_ID",
"severity" : "INFO",
"finding" : "not supported"
},{
"id" : "TLS_timestamp",
"severity" : "INFO",
"finding" : "random"
},{
"id" : "clientAuth",
"severity" : "INFO",
"finding" : "none"
},{
"id" : "cert_numbers",
"severity" : "INFO",
"finding" : "1"
},{
"id" : "cert_signatureAlgorithm",
"severity" : "OK",
"finding" : "SHA256 with RSA"
},{
"id" : "cert_keySize",
"severity" : "INFO",
"finding" : "RSA 2048 bits (exponent is 65537)"
},{
"id" : "cert_keyUsage",
"severity" : "INFO",
"finding" : "Digital Signature, Key Encipherment"
},{
"id" : "cert_extKeyUsage",
"severity" : "INFO",
"finding" : "TLS Web Server Authentication, TLS Web Client Authentication"
},{
"id" : "cert_serialNumber",
"severity" : "INFO",
"finding" : "9CF42A11521763A5A0FBD1CEDB085F33"
},{
"id" : "cert_fingerprintSHA1",
"severity" : "INFO",
"finding" : "9D6A770D287245F2D19513493761429E2AD89619"
},{
"id" : "cert_fingerprintSHA256",
"severity" : "INFO",
"finding" : "C2E3D67194D5AD96458CE3143698E89D3E8C3CBA87C7B9B3E3B67641A6948498"
},{
"id" : "cert",
"severity" : "INFO",
"finding" : "-----BEGIN CERTIFICATE----- MIIDRzCCAi+gAwIBAgIRAJz0KhFSF2OloPvRztsIXzMwDQYJKoZIhvcNAQELBQAw IDEeMBwGA1UEAxMVU21hbGxzdGVwIHNlbGYtc2lnbmVkMB4XDTIxMDEwMTAwMDAw MFoXDTMxMDEwMTAwMDAwMFowIDEeMBwGA1UEAxMVU21hbGxzdGVwIHNlbGYtc2ln bmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nj6rxuC7pKMtpuW 7qdPuN1y7MaFl6hTwK0MBMkjXT71Gs54txT9YVMeUQNUZGA8hzjJ/OxVjsDdgoys 2em47jfflWDZ8gL2IQTgr9LFGrY+X9w6MbjmxzeLelNUsSFhNDEFqm8oiIktrEP4 T7DnVxf+tk2zfA70NFgctwbpMxPTKmjrQcNcz6nxdrRBns2GakqAawXNXA8abfaN 7VCitfeXAHUbNp/oaOdD1BzMftMD4MW+VKvp5NxTNmyyRvtyvSbnm8ZFqb5K4xC4 gFXuKGMJCWCc+1f0xzaPCTkynSaSS3hRnOu8dGHsgG5zWV1S8gKVJPdHnWqysxc1 nUhYgQIDAQABo3wwejAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQFrGNR4kShRvgIhtnvaTKyiW3azjAqBgNV HREEIzAhggxleGFtcGxlLnRlc3SCEW1haWwuZXhhbXBsZS50ZXN0MA0GCSqGSIb3 DQEBCwUAA4IBAQBQR3tZJp2N9+TcA5SwNeQDt5QWfrZ5xbvnYdvK5iLMyKCfnbB8 EkPsp/P+rQpEaWl/xzH3P+iYpzdDvftbxoWFkdwpI8trqarw8GJ5zkOMXyhJ7qHU FmdrWcMVZePTOzXaWTUzKl6KWf8UuVGljgt8G6Gx9IkaPy/XsY0jCnp54cIDtS/u NBapZye2EGdd9B3Ws+CrgD1Z/LxLGlX7NnX/44hz4xZNKxd7KiGjGBQEGbO4ETlV P84ht9NdjXjVOuCyF0GtPI6lorrrPbaeLO991cxxywdUIUKBeUUrk3STocnxXl4R PazfVZg3RNJVpRWpM3lu/klt5XugHBLFG00z -----END CERTIFICATE-----"
},{
"id" : "cert_commonName",
"severity" : "OK",
"finding" : "Smallstep self-signed"
},{
"id" : "cert_commonName_wo_SNI",
"severity" : "INFO",
"finding" : "Smallstep self-signed"
},{
"id" : "cert_subjectAltName",
"severity" : "INFO",
"finding" : "example.test mail.example.test"
},{
"id" : "cert_trust",
"severity" : "OK",
"finding" : "Ok via SAN (same w/o SNI)"
},{
"id" : "cert_chain_of_trust",
"severity" : "CRITICAL",
"finding" : "failed (chain incomplete)."
},{
"id" : "cert_certificatePolicies_EV",
"severity" : "INFO",
"finding" : "no"
},{
"id" : "cert_expirationStatus",
"severity" : "OK",
"finding" : "3604 >= 60 days"
},{
"id" : "cert_notBefore",
"severity" : "INFO",
"finding" : "2021-01-01 00:00"
},{
"id" : "cert_notAfter",
"severity" : "OK",
"finding" : "2031-01-01 00:00"
},{
"id" : "cert_extlifeSpan",
"severity" : "HIGH",
"finding" : "3652 days"
},{
"id" : "cert_eTLS",
"severity" : "INFO",
"finding" : "not present"
},{
"id" : "cert_crlDistributionPoints",
"severity" : "INFO",
"finding" : "--"
},{
"id" : "cert_ocspURL",
"severity" : "INFO",
"finding" : "--"
},{
"id" : "cert_revocation",
"severity" : "HIGH",
"finding" : "Neither CRL nor OCSP URI provided"
},{
"id" : "OCSP_stapling",
"severity" : "INFO",
"finding" : "not offered"
},{
"id" : "cert_mustStapleExtension",
"severity" : "INFO",
"finding" : "--"
},{
"id" : "DNS_CAArecord",
"severity" : "LOW",
"finding" : "--"
},{
"id" : "certificate_transparency",
"severity" : "INFO",
"finding" : "N/A"
},{
"id" : "certs_countServer",
"severity" : "INFO",
"finding" : "1"
},{
"id" : "certs_list_ordering_problem",
"severity" : "INFO",
"finding" : "no"
},{
"id" : "cert_caIssuers",
"severity" : "INFO",
"finding" : "Smallstep self-signed"
},{
"id" : "intermediate_cert_badOCSP",
"severity" : "OK",
"finding" : "intermediate certificate(s) is/are ok"
}
],
"headerResponse" : [
],
"vulnerabilities" : [
{
"id" : "heartbleed",
"severity" : "OK",
"cve" : "CVE-2014-0160",
"cwe" : "CWE-119",
"finding" : "not vulnerable, no heartbeat extension"
},{
"id" : "CCS",
"severity" : "OK",
"cve" : "CVE-2014-0224",
"cwe" : "CWE-310",
"finding" : "not vulnerable"
},{
"id" : "ROBOT",
"severity" : "OK",
"cve" : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168",
"cwe" : "CWE-203",
"finding" : "not vulnerable"
},{
"id" : "secure_renego",
"severity" : "OK",
"cwe" : "CWE-310",
"finding" : "supported"
},{
"id" : "secure_client_renego",
"severity" : "OK",
"cve" : "CVE-2011-1473",
"cwe" : "CWE-310",
"finding" : "not vulnerable"
},{
"id" : "CRIME_TLS",
"severity" : "OK",
"cve" : "CVE-2012-4929",
"cwe" : "CWE-310",
"finding" : "not vulnerable (not using HTTP anyway)"
},{
"id" : "POODLE_SSL",
"severity" : "OK",
"cve" : "CVE-2014-3566",
"cwe" : "CWE-310",
"finding" : "not vulnerable, no SSLv3"
},{
"id" : "fallback_SCSV",
"severity" : "OK",
"finding" : "supported"
},{
"id" : "SWEET32",
"severity" : "OK",
"cve" : "CVE-2016-2183 CVE-2016-6329",
"cwe" : "CWE-327",
"finding" : "not vulnerable"
},{
"id" : "FREAK",
"severity" : "OK",
"cve" : "CVE-2015-0204",
"cwe" : "CWE-310",
"finding" : "not vulnerable"
},{
"id" : "DROWN",
"severity" : "OK",
"cve" : "CVE-2016-0800 CVE-2016-0703",
"cwe" : "CWE-310",
"finding" : "not vulnerable on this host and port"
},{
"id" : "DROWN_hint",
"severity" : "INFO",
"cve" : "CVE-2016-0800 CVE-2016-0703",
"cwe" : "CWE-310",
"finding" : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=C2E3D67194D5AD96458CE3143698E89D3E8C3CBA87C7B9B3E3B67641A6948498"
},{
"id" : "LOGJAM-common_primes",
"severity" : "INFO",
"cve" : "CVE-2015-4000",
"cwe" : "CWE-310",
"finding" : "RFC7919/ffdhe4096"
},{
"id" : "LOGJAM",
"severity" : "OK",
"cve" : "CVE-2015-4000",
"cwe" : "CWE-310",
"finding" : "not vulnerable, no DH EXPORT ciphers,"
},{
"id" : "BEAST_CBC_TLS1",
"severity" : "MEDIUM",
"cve" : "CVE-2011-3389",
"cwe" : "CWE-20",
"finding" : "ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA"
},{
"id" : "BEAST",
"severity" : "LOW",
"cve" : "CVE-2011-3389",
"cwe" : "CWE-20",
"finding" : "VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)"
},{
"id" : "LUCKY13",
"severity" : "LOW",
"cve" : "CVE-2013-0169",
"cwe" : "CWE-310",
"finding" : "potentially vulnerable, uses TLS CBC ciphers"
},{
"id" : "winshock",
"severity" : "OK",
"cve" : "CVE-2014-6321",
"cwe" : "CWE-94",
"finding" : "not vulnerable"
},{
"id" : "RC4",
"severity" : "OK",
"cve" : "CVE-2013-2566 CVE-2015-2808",
"cwe" : "CWE-310",
"finding" : "not vulnerable"
},{
"id" : "starttls_injection",
"severity" : "OK",
"cwe" : "CWE-74",
"finding" : "not vulnerable"
}
],
"cipherTests" : [
],
"browserSimulations": [
{
"id" : "clientsimulation-android_81",
"severity" : "INFO",
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384"
},{
"id" : "clientsimulation-android_90",
"severity" : "INFO",
"finding" : "TLSv1.3 TLS_AES_256_GCM_SHA384"
},{
"id" : "clientsimulation-android_X",
"severity" : "INFO",
"finding" : "TLSv1.3 TLS_AES_256_GCM_SHA384"
},{
"id" : "clientsimulation-java_6u45",
"severity" : "INFO",
"finding" : "No connection"
},{
"id" : "clientsimulation-java_7u25",
"severity" : "INFO",
"finding" : "TLSv1.0 ECDHE-RSA-AES128-SHA"
},{
"id" : "clientsimulation-java_8u161",
"severity" : "INFO",
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384"
},{
"id" : "clientsimulation-java1102",
"severity" : "INFO",
"finding" : "TLSv1.3 TLS_AES_256_GCM_SHA384"
},{
"id" : "clientsimulation-java1201",
"severity" : "INFO",
"finding" : "TLSv1.3 TLS_AES_256_GCM_SHA384"
},{
"id" : "clientsimulation-openssl_102e",
"severity" : "INFO",
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384"
},{
"id" : "clientsimulation-openssl_110l",
"severity" : "INFO",
"finding" : "TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384"
},{
"id" : "clientsimulation-openssl_111d",
"severity" : "INFO",
"finding" : "TLSv1.3 TLS_AES_256_GCM_SHA384"
}
],
"rating" : [
{
"id" : "rating_spec",
"severity" : "INFO",
"finding" : "SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)"
},{
"id" : "rating_doc",
"severity" : "INFO",
"finding" : "https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide"
},{
"id" : "protocol_support_score",
"severity" : "INFO",
"finding" : "0"
},{
"id" : "protocol_support_score_weighted",
"severity" : "INFO",
"finding" : "0"
},{
"id" : "key_exchange_score",
"severity" : "INFO",
"finding" : "0"
},{
"id" : "key_exchange_score_weighted",
"severity" : "INFO",
"finding" : "0"
},{
"id" : "cipher_strength_score",
"severity" : "INFO",
"finding" : "0"
},{
"id" : "cipher_strength_score_weighted",
"severity" : "INFO",
"finding" : "0"
},{
"id" : "final_score",
"severity" : "INFO",
"finding" : "0"
},{
"id" : "overall_grade",
"severity" : "CRITICAL",
"finding" : "T"
},{
"id" : "grade_cap_reason_1",
"severity" : "INFO",
"finding" : "Grade capped to T. Issues with the chain of trust (chain incomplete)"
},{
"id" : "grade_cap_reason_2",
"severity" : "INFO",
"finding" : "Grade capped to T. Encryption via STARTTLS is not mandatory (opportunistic)."
},{
"id" : "grade_cap_reason_3",
"severity" : "INFO",
"finding" : "Grade capped to B. TLS 1.1 offered"
},{
"id" : "grade_cap_reason_4",
"severity" : "INFO",
"finding" : "Grade capped to B. TLS 1.0 offered"
}
]
}
],
"scanTime" : 225
}
All we're doing with the JSON data atm is using These won't match If there's anything else needing clarification, please let me know. |
Member
Author
|
Assuming we stick with using docker image for Instead of cleaning up Finally, I reduced the testing scope with |
For the benefit of maintenance, added some more comments to clarify choices, along with `TODO` improvements once related linked github issues are resolved. Added `--overwrite --preference` options to the `testssl.sh` command. `--overwrite` avoids the need to clean up json logs between test runs, which is useful for inspection when not run via CI, they're stored in `/tmp` thus not persisted across boots. `--preference` provides a test speed up since we're only using `testssl.sh` presently to enumerate in server order the available cipher suites for a given TLS config. `mkdir`/`cd` commands can be dropped since interest to shift from the `testssl.sh` utility using docker hasn't been expressed. Running native would lose the ability to use `example.test` URI for testing, and instead use `0.0.0.0` IP to exposed ports. The non-docker version performs at 2x the speed.
polarathene
force-pushed
the
feat/use-best-practice-ciphers-2021
branch
from
046e290 to
1aeb83d
Compare
Member
|
Alright. This seems to be ready for merging. @polarathene do we have your Go? |
Member
Author
|
@aendeavor yep all good 👍 |
13 tasks
3 tasks
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Continuation of my original PR: #1475
See the original PR and/or commit messages for added details.
One major highlight is enabling ECDSA certificate support. Some users have previously had issues due to ECDSA cipher suites being excluded when their certificates were provisioned as ECDSA (ECC). It should be relatively safe to use, possibly with the exception of some very old clients. A related PR enables supporting an RSA certificate as a fallback for those legacy clients.
NOTE:
modernTLS_LEVEL has now dropped the AES-CBC cipher suites to prefer only AEAD ciphers (secure and modern, avoids many of the security issues CBC suites has ran into over the years). AEAD ciphers require TLS 1.2 minimum as a result (only when using mandatory TLS/STARTTLS ports, port 25 does not restrict cipher suites totls_high_cipherlist). Dropping these 4 additional cipher suites changes the reference OWASP cipher list from grade B to A, as the CBC ciphers are the only difference.While this PR does not cover everything I originally set out to do, I would like to get it reviewed and merged for the benefit of others. If time permits I'll contribute further additions in a future PR.
Type of change
ECDSA (fix.. and new feature?)
Revised cipherlists and exclude + review (improvement)
Dropping of AES-CBC cipher suites on
modern(possible breaking change?)Checklist: