Closed isvsecwatch-report closed 8 years ago
Cipherscan Results
Target: oneperiodic.com:443
prio ciphersuite protocols pfs
1 DHE-RSA-AES256-SHA SSLv3,TLSv1 DH,1024bits None
2 DHE-RSA-CAMELLIA256-SHA SSLv3,TLSv1 DH,1024bits None
3 AES256-SHA SSLv3,TLSv1 None None
4 CAMELLIA256-SHA SSLv3,TLSv1 None None
5 DHE-RSA-AES128-SHA SSLv3,TLSv1 DH,1024bits None
6 DHE-RSA-SEED-SHA SSLv3,TLSv1 DH,1024bits None
7 DHE-RSA-CAMELLIA128-SHA SSLv3,TLSv1 DH,1024bits None
8 AES128-SHA SSLv3,TLSv1 None None
9 SEED-SHA SSLv3,TLSv1 None None
10 CAMELLIA128-SHA SSLv3,TLSv1 None None
11 RC4-SHA SSLv3,TLSv1 None None
12 RC4-MD5 SSLv3,TLSv1 None None
13 EDH-RSA-DES-CBC3-SHA SSLv3,TLSv1 DH,1024bits None
14 DES-CBC3-SHA SSLv3,TLSv1 None None
15 EDH-RSA-DES-CBC-SHA SSLv3,TLSv1 DH,1024bits None
16 DES-CBC-SHA SSLv3,TLSv1 None None
Certificate: trusted, 2048 bits, sha1WithRSAEncryption signature
TLS ticket lifetime hint: None
OCSP stapling: not supported
Cipher ordering: client
Curves ordering: none - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: no
Fallbacks required:
big-SSLv3 no fallback req, connected: SSLv3 DHE-RSA-AES256-SHA
big-TLSv1.0 no fallback req, connected: TLSv1 DHE-RSA-AES256-SHA
big-TLSv1.1 no fallback req, connected: TLSv1 DHE-RSA-AES256-SHA
big-TLSv1.2 no fallback req, connected: TLSv1 DHE-RSA-AES256-SHA
Cipherscan Analysis
oneperiodic.com:443 has bad ssl/tls
Things that are bad:
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher EDH-RSA-DES-CBC-SHA
* remove cipher DES-CBC-SHA
Changes needed to match the intermediate level:
* remove cipher DHE-RSA-SEED-SHA
* remove cipher SEED-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher EDH-RSA-DES-CBC-SHA
* remove cipher DES-CBC-SHA
* disable SSLv3
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using a SHA-256 certificate
* consider using DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
* enforce server side ordering
Changes needed to match the modern level:
* remove cipher DHE-RSA-CAMELLIA256-SHA
* remove cipher AES256-SHA
* remove cipher CAMELLIA256-SHA
* remove cipher DHE-RSA-SEED-SHA
* remove cipher DHE-RSA-CAMELLIA128-SHA
* remove cipher AES128-SHA
* remove cipher SEED-SHA
* remove cipher CAMELLIA128-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher EDH-RSA-DES-CBC3-SHA
* remove cipher DES-CBC3-SHA
* remove cipher EDH-RSA-DES-CBC-SHA
* remove cipher DES-CBC-SHA
* disable TLSv1
* disable SSLv3
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use a SHA-256 certificate
* use DHE of at least 2048bits and ECC of at least 256bits
* consider enabling OCSP Stapling
* enforce server side ordering
No change. Notified via email; info@oneperiodic.com
No change. Re-notified via email; info@oneperiodic.com
No change.
No change. Closing as unresolved.
SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=oneperiodic.com (C)