ikstream
commented
1 month ago Here is your requested data. Sorry for the delay. The scan was performed against the badssl.com website.
# evidence
The following hosts have been analyzed:
* `104.154.89.105:443 (tcp)`
The following vulnerabilities and/or deviations from the recommended settings (`/recon/config/recommendations/tls/default.toml`) have been identified:
## 104.154.89.105:443 (tcp)
* protocol supported: TLS 1.0
* protocol supported: TLS 1.1
* protocol not supported: TLS 1.3
* certificate lifespan: 730 days
* cipher preference: None
* cipher suite supported: `TLS_RSA_WITH_CAMELLIA_128_CBC_SHA`
* cipher suite supported: `TLS_RSA_WITH_AES_256_CBC_SHA`
* cipher suite supported: `TLS_RSA_WITH_AES_256_GCM_SHA384`
* cipher suite supported: `TLS_DHE_RSA_WITH_AES_256_CBC_SHA`
* cipher suite supported: `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256`
* cipher suite supported: `TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA`
* cipher suite supported: `TLS_RSA_WITH_3DES_EDE_CBC_SHA`
* cipher suite supported: `TLS_RSA_WITH_CAMELLIA_256_CBC_SHA`
* cipher suite supported: `TLS_DHE_RSA_WITH_AES_128_CBC_SHA`
* cipher suite supported: `TLS_RSA_WITH_AES_128_CBC_SHA256`
* cipher suite supported: `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`
* cipher suite supported: `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`
* cipher suite supported: `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`
* cipher suite supported: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`
* cipher suite supported: `TLS_RSA_WITH_AES_128_GCM_SHA256`
* cipher suite supported: `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256`
* cipher suite supported: `TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA`
* cipher suite supported: `TLS_RSA_WITH_AES_256_CBC_SHA256`
* cipher suite supported: `TLS_RSA_WITH_AES_128_CBC_SHA`
* cipher suite supported: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`
* key exchange: RSA
* key exchange: group `secp256r1`
* extension not supported: `status_request`
# affected assets
* `104.154.89.105:443 (tcp)`
# recommendations
* remove support for TLS 1.0
* remove support for TLS 1.1
* support TLS 1.3
* limit the lifespan of the certificate to the recommended valuehere is the xml log file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.95 scan initiated Wed Aug 7 17:37:46 2024 as: nmap -Pn -sV -p 443 "--script=banner,ssl* and not (brute or broadcast or dos or external or fuzzer)" -oN /recon/test-data/87-recon/104.154.89.105/tls,tcp,443,badssl.com,nmap.log -oX /recon/test-data/87-recon/104.154.89.105/tls,tcp,443,badssl.com,nmap.xml 104.154.89.105 -->
<nmaprun scanner="nmap" args="nmap -Pn -sV -p 443 "--script=banner,ssl* and not (brute or broadcast or dos or external or fuzzer)" -oN /recon/test-data/87-recon/104.154.89.105/tls,tcp,443,badssl.com,nmap.log -oX /recon/test-data/87-recon/104.154.89.105/tls,tcp,443,badssl.com,nmap.xml 104.154.89.105" start="1723045066" startstr="Wed Aug 7 17:37:46 2024" version="7.95" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="443"/>
<verbose level="0"/>
<debugging level="0"/>
<host starttime="1723045067" endtime="1723045119"><status state="up" reason="user-set" reason_ttl="0"/>
<address addr="104.154.89.105" addrtype="ipv4"/>
<hostnames>
<hostname name="105.89.154.104.bc.googleusercontent.com" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="59"/><service name="http" product="nginx" version="1.10.3" extrainfo="Ubuntu" ostype="Linux" tunnel="ssl" method="probed" conf="10"><cpe>cpe:/a:igor_sysoev:nginx:1.10.3</cpe><cpe>cpe:/o:linux:linux_kernel</cpe></service><script id="ssl-cert" output="Subject: commonName=badssl-fallback-unknown-subdomain-or-no-sni/organizationName=BadSSL Fallback. Unknown subdomain or no SNI./stateOrProvinceName=California/countryName=US
Subject Alternative Name: DNS:badssl-fallback-unknown-subdomain-or-no-sni
Issuer: commonName=BadSSL Intermediate Certificate Authority/organizationName=BadSSL/stateOrProvinceName=California/countryName=US
Public Key type: rsa
Public Key bits: 2048
Signature Algorithm: sha256WithRSAEncryption
Not valid before: 2016-08-08T21:17:05
Not valid after: 2018-08-08T21:17:05
MD5: 8045:ad81:dc74:2d26:c1f8:2f59:a0dc:c599
SHA-1: 3e9c:ce49:eec1:7bf1:5bf8:91a3:ae9f:3712:e0ba:42e9"><table key="subject">
<elem key="commonName">badssl-fallback-unknown-subdomain-or-no-sni</elem>
<elem key="countryName">US</elem>
<elem key="localityName">San Francisco</elem>
<elem key="organizationName">BadSSL Fallback. Unknown subdomain or no SNI.</elem>
<elem key="stateOrProvinceName">California</elem>
</table>
<table key="issuer">
<elem key="commonName">BadSSL Intermediate Certificate Authority</elem>
<elem key="countryName">US</elem>
<elem key="localityName">San Francisco</elem>
<elem key="organizationName">BadSSL</elem>
<elem key="stateOrProvinceName">California</elem>
</table>
<table key="pubkey">
<elem key="type">rsa</elem>
<elem key="bits">2048</elem>
<elem key="modulus">C204ECF88CEE04C2B3D850D57058CC9318EB5CA86849B022B5F9959EB12B2C763E6CC04B604C4CEAB2B4C00F80B6B0F972C98602F95C415D132B7F71C44BBCE9942E5037A6671C618CF64142C546D31687279F74EB0A9D11522621736C844C7955E4D16BE8063D481552ADB328DBAAFF6EFF60954A776B39F124D131B6DD4DC0C4FC53B96D42ADB57CFEAEF515D23348E72271C7C2147A6C28EA374ADFEA6CB572B47E5AA216DC69B15744DB0A12ABDEC30F47745C4122E19AF91B93E6AD2206292EB1BA491C0C279EA3FB8BF7407200AC9208D98C5784538105CBE6FE6B5498402785C710BB7370EF6918410745557CF9643F3D2CC3A97CEB931A4C86D1CA85</elem>
<elem key="exponent">65537</elem>
</table>
<table key="extensions">
<table>
<elem key="name">X509v3 Basic Constraints</elem>
<elem key="value">CA:FALSE</elem>
</table>
<table>
<elem key="name">X509v3 Subject Alternative Name</elem>
<elem key="value">DNS:badssl-fallback-unknown-subdomain-or-no-sni</elem>
</table>
</table>
<elem key="sig_algo">sha256WithRSAEncryption</elem>
<table key="validity">
<elem key="notBefore">2016-08-08T21:17:05</elem>
<elem key="notAfter">2018-08-08T21:17:05</elem>
</table>
<elem key="md5">8045ad81dc742d26c1f82f59a0dcc599</elem>
<elem key="sha1">3e9cce49eec17bf15bf891a3ae9f3712e0ba42e9</elem>
<elem key="pem">-----BEGIN CERTIFICATE-----
MIIE8DCCAtigAwIBAgIJAM28Wkrsl2exMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMQ8wDQYDVQQKDAZCYWRTU0wxMjAwBgNVBAMMKUJhZFNTTCBJbnRlcm1lZGlh
dGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDgwODIxMTcwNVoXDTE4MDgw
ODIxMTcwNVowgagxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYw
FAYDVQQHDA1TYW4gRnJhbmNpc2NvMTYwNAYDVQQKDC1CYWRTU0wgRmFsbGJhY2su
IFVua25vd24gc3ViZG9tYWluIG9yIG5vIFNOSS4xNDAyBgNVBAMMK2JhZHNzbC1m
YWxsYmFjay11bmtub3duLXN1YmRvbWFpbi1vci1uby1zbmkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWe
sSssdj5swEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFC
xUbTFocnn3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNEx
tt1NwMT8U7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0Tb
ChKr3sMPR3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm
/mtUmEAnhccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjRTBDMAkG
A1UdEwQCMAAwNgYDVR0RBC8wLYIrYmFkc3NsLWZhbGxiYWNrLXVua25vd24tc3Vi
ZG9tYWluLW9yLW5vLXNuaTANBgkqhkiG9w0BAQsFAAOCAgEAsuFs0K86D2IB20nB
QNb+4vs2Z6kECmVUuD0vEUBR/dovFE4PfzTr6uUwRoRdjToewx9VCwvTL7toq3dd
oOwHakRjoxvq+lKvPq+0FMTlKYRjOL6Cq3wZNcsyiTYr7odyKbZs383rEBbcNu0N
c666/ozs4y4W7ufeMFrKak9UenrrPlUe0nrEHV3IMSF32iV85nXm95f7aLFvM6Lm
EzAGgWopuRqD+J0QEt3WNODWqBSZ9EYyx9l2l+KI1QcMalG20QXuxDNHmTEzMaCj
4Zl8k0szexR8rbcQEgJ9J+izxsecLRVp70siGEYDkhq0DgIDOjmmu8ath4yznX6A
pYEGtYTDUxIvsWxwkraBBJAfVxkp2OSg7DiZEVlMM8QxbSeLCz+63kE/d5iJfqde
cGqX7rKEsVW4VLfHPF8sfCyXVi5sWrXrDvJm3zx2b3XToU7EbNONO1C85NsUOWy4
JccoiguV8V6C723IgzkSgJMlpblJ6FVxC6ZX5XJ0ZsMI9TIjibM2L1Z9DkWRCT6D
QjuKbYUeURhScofQBiIx73V7VXnFoc1qHAUd/pGhfkCUnUcuBV1SzCEhjiwjnVKx
HJKvc9OYjJD0ZuvZw9gBrY7qKyBX8g+sglEGFNhruH8/OhqrV8pBXX/EWY0fUZTh
iywmc6GTT7X94Ze2F7iB45jh7WQ=
-----END CERTIFICATE-----
</elem>
</script><script id="ssl-enum-ciphers" output="
 TLSv1.0: 
 ciphers: 
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
 TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
 TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
 TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
 compressors: 
 NULL
 cipher preference: server
 warnings: 
 64-bit block cipher 3DES vulnerable to SWEET32 attack
 TLSv1.1: 
 ciphers: 
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
 TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
 TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
 TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
 compressors: 
 NULL
 cipher preference: server
 warnings: 
 64-bit block cipher 3DES vulnerable to SWEET32 attack
 TLSv1.2: 
 ciphers: 
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
 TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
 TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
 TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
 TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
 TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
 TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
 TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
 compressors: 
 NULL
 cipher preference: server
 warnings: 
 64-bit block cipher 3DES vulnerable to SWEET32 attack
 least strength: C"><table key="TLSv1.0">
<table key="ciphers">
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">C</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">C</elem>
<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_CAMELLIA_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_CAMELLIA_128_CBC_SHA</elem>
</table>
</table>
<table key="compressors">
<elem>NULL</elem>
</table>
<elem key="cipher preference">server</elem>
<table key="warnings">
<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
</table>
</table>
<table key="TLSv1.1">
<table key="ciphers">
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">C</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">C</elem>
<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_CAMELLIA_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_CAMELLIA_128_CBC_SHA</elem>
</table>
</table>
<table key="compressors">
<elem>NULL</elem>
</table>
<elem key="cipher preference">server</elem>
<table key="warnings">
<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
</table>
</table>
<table key="TLSv1.2">
<table key="ciphers">
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">secp256r1</elem>
<elem key="strength">C</elem>
<elem key="name">TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_128_GCM_SHA256</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_256_GCM_SHA384</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA256</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA256</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">C</elem>
<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_CAMELLIA_256_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">dh 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA</elem>
</table>
<table>
<elem key="kex_info">rsa 2048</elem>
<elem key="strength">A</elem>
<elem key="name">TLS_RSA_WITH_CAMELLIA_128_CBC_SHA</elem>
</table>
</table>
<table key="compressors">
<elem>NULL</elem>
</table>
<elem key="cipher preference">server</elem>
<table key="warnings">
<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
</table>
</table>
<elem key="least strength">C</elem>
</script><script id="http-server-header" output="nginx/1.10.3 (Ubuntu)"><elem>nginx/1.10.3 (Ubuntu)</elem>
</script><script id="ssl-date" output="TLS randomness does not represent time"></script></port>
</ports>
<times srtt="134485" rttvar="134485" to="672425"/>
</host>
<runstats><finished time="1723045119" timestr="Wed Aug 7 17:38:39 2024" summary="Nmap done at Wed Aug 7 17:38:39 2024; 1 IP address (1 host up) scanned in 52.82 seconds" elapsed="52.82" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>
see #85
in order for me to be able to look into and solve this issue i would kindly ask you (@ikstream or @Zeramo) to provide me the result files (i.e.
tls,*,nmap.xml).thank you