search

isvsecwatch / httpstracker

Our main issue tracker for ISV security issues, such as the SSL/TLS configuration of their online stores.
3 stars 0 forks source link

marmonconnect.com - customer login #75

Closed isvsecwatch-report closed 8 years ago

isvsecwatch-report commented 9 years ago

SSL Server Test Results https://www.ssllabs.com/ssltest/analyze.html?d=marmonconnect.com (F)

isvsecwatch-report commented 9 years ago

Related to #74

isvsecwatch-report commented 8 years ago

Cipherscan Results

Target: marmonconnect.com:443

prio  ciphersuite           protocols          pubkey_size  signature_algoritm     trusted  ticket_hint  ocsp_staple  pfs                 curves  curves_ordering
1     ECDHE-RSA-AES256-SHA  TLSv1              2048         sha1WithRSAEncryption  True     None         True         ECDH,P-256,256bits  server
2     ECDHE-RSA-AES128-SHA  TLSv1              2048         sha1WithRSAEncryption  True     None         True         ECDH,P-256,256bits  server
3     AES256-SHA            TLSv1              2048         sha1WithRSAEncryption  True     None         True         None                None    server
4     AES128-SHA            TLSv1              2048         sha1WithRSAEncryption  True     None         True         None                None    server
5     DES-CBC3-SHA          SSLv3,TLSv1        2048         sha1WithRSAEncryption  True     None         True         None                None    server
6     RC4-SHA               SSLv3,TLSv1        2048         sha1WithRSAEncryption  True     None         True         None                None    server
7     RC4-MD5               SSLv2,SSLv3,TLSv1  2048         sha1WithRSAEncryption  True     None         True         None                None    server
8     DES-CBC3-MD5          SSLv2              2048         sha1WithRSAEncryption  False    None         False        None                None    server

OCSP stapling: supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE

TLS Tolerance: no
Fallbacks required:
big-SSLv3 no fallback req, connected: SSLv3 DES-CBC3-SHA
big-TLSv1.0 no fallback req, connected: TLSv1 ECDHE-RSA-AES256-SHA
big-TLSv1.1 no fallback req, connected: TLSv1 ECDHE-RSA-AES256-SHA
big-TLSv1.2 no fallback req, connected: TLSv1 ECDHE-RSA-AES256-SHA

Cipherscan Analysis

marmonconnect.com:443 has bad ssl/tls

Things that are bad:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC3-MD5
* disable SSLv2
* don't use an untrusted or self-signed certificate

Changes needed to match the old level:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC3-MD5
* disable SSLv2
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider enabling OCSP Stapling

Changes needed to match the intermediate level:
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC3-MD5
* disable SSLv3
* disable SSLv2
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* consider using a SHA-256 certificate
* consider enabling OCSP Stapling

Changes needed to match the modern level:
* remove cipher AES256-SHA
* remove cipher AES128-SHA
* remove cipher DES-CBC3-SHA
* remove cipher RC4-SHA
* remove cipher RC4-MD5
* remove cipher DES-CBC3-MD5
* disable TLSv1
* disable SSLv3
* disable SSLv2
* consider enabling TLSv1.1
* consider enabling TLSv1.2
* use a SHA-256 certificate
* consider enabling OCSP Stapling
isvsecwatch-report commented 8 years ago

No change.

isvsecwatch-report commented 8 years ago

Notified WHOIS contact via email; jlindeman@marmon.com

isvsecwatch-report commented 8 years ago

No change.

isvsecwatch-report commented 8 years ago

No change. Closing as unresolved.