SSL Report: o6asan.com (xxx.xxx.x.xxx)
Assessed on:  Tue, 25 Oct 2016 08:59:29 UTC | HIDDEN | Clear cache

Due to a recently discovered bug in Apple's code, your browser is exposed to MITM attacks. Click here for more information.

Summary
Overall Rating
A+
0
20
40
60
80
100
Certificate
 
Protocol Support
 
Key Exchange
 
Cipher Strength
 

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.
HTTP Strict Transport Security (HSTS) with long duration deployed on this server.  MORE INFO »
Authentication
Server Key and Certificate #1
Subject o6asan.com
Fingerprint SHA1: 522dc12b856e558ddaeee9e7b5b3d95b63280b1d
Pin SHA256: Bvdk4l2PoTTcbWrUP34dIcJPMtC/kljAvQmR7kPsQoc=
Common names o6asan.com
Alternative names o6asan.com test.o6asan.com www.o6asan.com
Valid from Tue, 25 Oct 2016 05:13:00 UTC
Valid until Mon, 23 Jan 2017 05:13:00 UTC (expires in 2 months and 28 days)
Key EC 384 bits
Weak key (Debian) No
Issuer Let's Encrypt Authority X3
AIA: http://cert.int-x3.letsencrypt.org/
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency No
OCSP Must Staple Supported
Revocation information OCSP
OCSP: http://ocsp.int-x3.letsencrypt.org/
Revocation status Good (not revoked)
Trusted Yes


Additional Certificates (if supplied)
Certificates provided 2 (2328 bytes)
Chain issues None
#2
Subject Let's Encrypt Authority X3
Fingerprint SHA1: e6a3b45b062d509b3382282d196efe97d5956ccb
Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
Valid until Wed, 17 Mar 2021 16:40:46 UTC (expires in 4 years and 4 months)
Key RSA 2048 bits (e 65537)
Issuer DST Root CA X3
Signature algorithm SHA256withRSA


Certification Paths
Path #1: Trusted
1 Sent by server o6asan.com
Fingerprint SHA1: 522dc12b856e558ddaeee9e7b5b3d95b63280b1d
Pin SHA256: Bvdk4l2PoTTcbWrUP34dIcJPMtC/kljAvQmR7kPsQoc=

EC 384 bits / SHA256withRSA
2 Sent by server Let's Encrypt Authority X3
Fingerprint SHA1: e6a3b45b062d509b3382282d196efe97d5956ccb
Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=

RSA 2048 bits (e 65537) / SHA256withRSA
3 In trust store DST Root CA X3   Self-signed
Fingerprint SHA1: dac9024f54d8f6df94935fb1732638ca6ad77c13
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=

RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate
Configuration
Protocols
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No


Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites at the end)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   ECDH secp384r1 (eq. 7680 bits RSA)   FS 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   ECDH secp384r1 (eq. 7680 bits RSA)   FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)   ECDH secp384r1 (eq. 7680 bits RSA)   FS 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)   ECDH secp384r1 (eq. 7680 bits RSA)   FS 128


Handshake Simulation
Android 2.3.7   No SNI 2 Server sent fatal alert: protocol_version
Android 4.0.4 Server sent fatal alert: protocol_version
Android 4.1.1 Server sent fatal alert: protocol_version
Android 4.2.2 Server sent fatal alert: protocol_version
Android 4.3 Server sent fatal alert: protocol_version
Android 4.4.2 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Android 5.0.0 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp384r1  FS
Android 6.0 EC 384 (SHA256)   TLS 1.2 > http/1.1   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp384r1  FS
Android 7.0 EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Baidu Jan 2015 Server sent fatal alert: protocol_version
BingPreview Jan 2015 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Chrome 49 / XP SP3 Server sent fatal alert: handshake_failure
Chrome 51 / Win 7  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Firefox 31.3.0 ESR / Win 7 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp384r1  FS
Firefox 47 / Win 7  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp384r1  FS
Firefox 49 / XP SP3 EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Firefox 49 / Win 7  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Googlebot Feb 2015 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp384r1  FS
IE 6 / XP   No FS 1   No SNI 2 Server closed connection
IE 7 / Vista Server sent fatal alert: protocol_version
IE 8 / XP   No FS 1   No SNI 2 Server sent fatal alert: protocol_version
IE 8-10 / Win 7  R Server sent fatal alert: protocol_version
IE 11 / Win 7  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
IE 11 / Win 8.1  R EC 384 (SHA256)   TLS 1.2 > http/1.1   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
IE 10 / Win Phone 8.0 Server sent fatal alert: protocol_version
IE 11 / Win Phone 8.1  R EC 384 (SHA256)   TLS 1.2 > http/1.1   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
IE 11 / Win Phone 8.1 Update  R EC 384 (SHA256)   TLS 1.2 > http/1.1   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
IE 11 / Win 10  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Edge 13 / Win 10  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Edge 13 / Win Phone 10  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Java 6u45   No SNI 2 Server closed connection
Java 7u25 Server sent fatal alert: protocol_version
Java 8u31 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp384r1  FS
OpenSSL 0.9.8y Server sent fatal alert: protocol_version
OpenSSL 1.0.1l  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
OpenSSL 1.0.2e  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Safari 5.1.9 / OS X 10.6.8 Server sent fatal alert: protocol_version
Safari 6 / iOS 6.0.1 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Safari 6.0.4 / OS X 10.8.4  R Server sent fatal alert: protocol_version
Safari 7 / iOS 7.1  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Safari 7 / OS X 10.9  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Safari 8 / iOS 8.4  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Safari 8 / OS X 10.10  R EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Safari 9 / iOS 9  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Safari 9 / OS X 10.11  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Safari 10 / iOS 10  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Safari 10 / OS X 10.12  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Apple ATS 9 / iOS 9  R EC 384 (SHA256)   TLS 1.2 > h2   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
Yahoo Slurp Jan 2015 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
YandexBot Jan 2015 EC 384 (SHA256)   TLS 1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDH secp384r1  FS
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).


Protocol Details
DROWN (experimental) Check failed
(1) For a better understanding of this test, please read this longer explanation
(2) Key usage data kindly provided by the Censys network search engine; original DROWN test here
(3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete
ERROR: Connection refused
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Mitigated server-side (more info)  
POODLE (SSLv3) No, SSL 3 not supported (more info)
POODLE (TLS) No (more info)
Downgrade attack prevention Unknown (requires support for at least two protocols, excl. SSL2)
SSL/TLS compression No
RC4 No
Heartbeat (extension) Yes
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107)
No (more info)
Forward Secrecy Yes (with most browsers)   ROBUST (more info)
ALPN Yes
NPN No
Session resumption (caching) Yes
Session resumption (tickets) No
OCSP stapling Yes
Strict Transport Security (HSTS) Yes
max-age=15768000; includeSubdomains; preload
HSTS Preloading Chrome  Edge  Firefox  IE   
Public Key Pinning (HPKP) No
Public Key Pinning Report-Only No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance No
Incorrect SNI alerts No
Uses common DH primes No, DHE suites not supported
DH public server param (Ys) reuse No, DHE suites not supported
SSL 2 handshake compatibility No


Miscellaneous
Test date Tue, 25 Oct 2016 08:58:13 UTC
Test duration 76.225 seconds
HTTP status code 200
HTTP server signature Apache
Server hostname xxx-xxx-xxx-xxx.ppp.bbiq.jp


SSL Report v1.24.4