search

isvsecwatch / httpstracker

Our main issue tracker for ISV security issues, such as the SSL/TLS configuration of their online stores.
3 stars 0 forks source link

my.101domain.com - customer interface #50

Closed isvsecwatch-report closed 8 years ago

isvsecwatch-report commented 9 years ago

SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=my.101domain.com (B)

isvsecwatch-report commented 8 years ago

No change.

isvsecwatch-report commented 8 years ago

Cipherscan Results

Target: my.101domain.com:443

prio  ciphersuite                  protocols              pfs                 curves
1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits  prime256v1
2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
3     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                DH,1024bits         None
4     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,1024bits         None
5     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
6     ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
7     DHE-RSA-AES256-SHA256        TLSv1.2                DH,1024bits         None
8     DHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,1024bits         None
9     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
10    ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
11    DHE-RSA-AES128-SHA256        TLSv1.2                DH,1024bits         None
12    DHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,1024bits         None
13    ECDHE-RSA-DES-CBC3-SHA       TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
14    EDH-RSA-DES-CBC3-SHA         TLSv1,TLSv1.1,TLSv1.2  DH,1024bits         None
15    AES256-GCM-SHA384            TLSv1.2                None                None
16    AES128-GCM-SHA256            TLSv1.2                None                None
17    AES256-SHA256                TLSv1.2                None                None
18    AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
19    AES128-SHA256                TLSv1.2                None                None
20    AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
21    DES-CBC3-SHA                 TLSv1,TLSv1.1,TLSv1.2  None                None

Certificate: trusted, 2048 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 300
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes
isvsecwatch-report commented 8 years ago

Looks like they fixed their 1024-bit DH key issue;

arget: my.101domain.com:443

prio  ciphersuite                  protocols              pfs                 curves
1     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits  prime256v1
2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
3     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                DH,2048bits         None
4     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,2048bits         None
5     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
6     ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
7     DHE-RSA-AES256-SHA256        TLSv1.2                DH,2048bits         None
8     DHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
9     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
10    ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
11    DHE-RSA-AES128-SHA256        TLSv1.2                DH,2048bits         None
12    DHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
13    ECDHE-RSA-DES-CBC3-SHA       TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
14    EDH-RSA-DES-CBC3-SHA         TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
15    AES256-GCM-SHA384            TLSv1.2                None                None
16    AES128-GCM-SHA256            TLSv1.2                None                None
17    AES256-SHA256                TLSv1.2                None                None
18    AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
19    AES128-SHA256                TLSv1.2                None                None
20    AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
21    DES-CBC3-SHA                 TLSv1,TLSv1.1,TLSv1.2  None                None

Certificate: trusted, 2048 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: 7200
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes

Chain issue remains.

isvsecwatch-report commented 8 years ago

No change. Closing as unresolved.