Report Summary

SSL Certificate

Is the certificate still valid?	NO
Certificate Issue Date	2024-06-09 19:13
Certificate Expiration Date	2034-06-07 19:13
Trust Chain Health	Incomplete Chain!
Certificate Issuer	localhost (CentOS Web Panel from HR)
Is the certificate valid for webapp.irimo.ir?	NO
This test checks if the server supports SSL‌v3 or not. SSLv3 is a broken, hence, unsafe protocol and must not be used.

HTTP Header Response

HTTP Status Code	200 OK ('/')
Strict Transport Security (HSTS)	not offered
Public Key Pinning (HPKP)	No support for HTTP Public Key Pinning
Server Banner	Apache/2.4.62 (Unix) OpenSSL/1.1.1k
Banner Application	No application banner found

Protocol Information

SSLv2	Your server does not support SSLv2 which is good since it is an insecure protocol.
This test checks if the server supports SSL‌v2 or not. SSLv2 is a broken, hence, unsafe protocol and must not be used.

SSLv3	Your server does not support SSLv3 which is good since it is an insecure protocol.
This test checks if the server supports SSL‌v3 or not. SSLv3 is a broken, hence, unsafe protocol and must not be used.

TLS1	Your server does not support TLS v1.0.
This test checks if the server supports SSL‌v3 or not. TLS1.0 is an almost two-decade old protocol. This protocol is vulnerable against attacks such as BEAST and POODLE. Additionally, TLSv.10 supports weak cipher suits which further makes it an insecure protocol. Starting June 30, 2018, websites will need to stop supporting TLS 1.0 to remain PCI compliant.

TLS1.1	Your server does not support TLSv1.1. In presence of stronger protocols (i.e. TLS‌ v1.2 and TLS v1.3), this would be considered a good configuration.
TLS1.1 does not have known major vulnerabilities. But, similar to TLS1.1 it supports weak cipher suits that are not proper for modern use.

TLS1.2	Your server supports TLSv1.2. Currently, this protocol is considered stable. But you'd better consider supporting TLS v1.3.
Currently, TLS1.2 is a stable and secure protocol to go with before TLS1.3 is officially announced as the only accepted protocol.

TLS1.3	Your server supports TLS v1.3. Currently, this protocol is considered the most robust protocol available.
TLS1.3 is going to be the stable secure protocol in the near future and it is recommended that every server shift to this protocol.

Cipher Suites

NULL	Your server does not support NULL ciphers.
Description: The cipher suites with a "NULL" do not offer data encryption, only integrity check. This means "not secure" for most usages. Validation Conditions: This test is passed if the certification is not expired.

aNULL	Your server does not support aNULL ciphers.
Description: For a certificate to be trusted and valid it should not be expired. Validation Conditions: This test is passed if the certification is not expired.

EXPORT

Your server does not support EXPORT ciphers.

Description: The cipher suites with "EXPORT" are, by design, weak. They are encrypted, but only with keys small enough to be cracked with even amateur hardware (say, a basic home PC -- symmetric encryption relying on 40-bit keys). These suites were defined to comply with the US export rules on cryptographic systems, rules which were quite strict before 2000. Nowadays, these restrictions have been lifted and there is little point in supporting the "EXPORT" cipher suites. Validation Conditions: This test is passed if the server does not support EXPORT ciphers.

LOW	Your server does not support LOW ciphers.
Description: For a certificate to be trusted and valid it should not be expired. Validation Conditions: This test is passed if the certification is not expired.

3DES_IDEA	Your server does not support 3DES ciphers.
Description: For a certificate to be trusted and valid it should not be expired. Validation Conditions: This test is passed if the certification is not expired.

AVERAGE	Your server does not support AVERAGE ciphers.
Description: For a certificate to be trusted and valid it should not be expired. Validation Conditions: This test is passed if the certification is not expired.

Strong	Your server support strong ciphers.
Description: For a certificate to be trusted and valid it should not be expired. Validation Conditions: This test is passed if the certification is not expired.

PFS Information

PFS‌ Overview	Your server supports Perfect Forward Secrecy (PFS)
Description: Perfect Forward Secrecy guarantees different encryption keys per session. Thus, if a session key is compromised, other previously recorded sessions (by attacker) will be safe. Validation Conditions: This test is passed if your server supports robust perfect forward secrecy.

Ciphers that support PFS.

List of ciphers that support perfect forward secrecy (PFS).

Description: This test derives the ciphers that your server uses and depicts the ones that support perfect forward secrecy. TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-CAMELLIA256-SHA384 ECDHE-ARIA256-GCM-SHA384 TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-CAMELLIA128-SHA256 ECDHE-ARIA128-GCM-SHA256

Analysis of ECDH‌ Curves

Your server uses strong ECDHE keys for key exchange.

Description: Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric-key cipher. It is a variant of the Diffie–Hellman protocol using elliptic-curve cryptography. Validation Conditions: This test will pass if ECDH is correctly implemented.

Vulnerabilities

Analyzing Heartbleed Vulnerability	Your connection is immune against heartbleed attack.
Description: 'Heartbleed' was a critical vulnerability in SSL which would enable an adversary to retrieve sensitive information from the corresponding server. Validation Conditions: This test passes if the server is not vulnerable to this attack.

Analyzing CCS Vulnerability

Your connection is immune against CCS attack.

Description: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of 'ChangeCipherSpec' messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.

Analyzing Ticketbleed Vulnerability	Your connection is immune against ticketbleed attack.
Description: 'The Ticketbleed-Bug' was a programming error in enterprise-level hardware. This bug allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time. This memory can potentially contain key material or sensitive data from other connections. Validation Conditions: This test passes if the server is not vulnerable to 'ticketbleed-bug'.

Analyzing ROBOT vulnerability

Your connection is immune to ROBOT attack.

Description: ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 v1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption. Validation Conditions: This test passes if the sever is not vulnerable to the ROBOT‌ attack.

Analyzing Secure Renegotiation

Your connection is immune against secure_renego attack.

Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Validation Conditions: This test passes if the server is not vulnerable to this bug. not vulnerable

Analyzing Client-initiated Secure Connection

Your server is properly configured to support Secure Client Renegotiation.

Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, while implemented on many different products, cannot perform a renegotiation handshake correctly. This allows attackers to use a man-in-the-middle attack to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Validation Conditions: This test passes if the server does not have this vulnerability.

Analyzing protection against CRIME Attack

Your connection is immune against CRIME_TLS attack.

Description: CRIME (Compression Ratio Info-leak Made Easy) is a security exploit against secret web cookies over connections using the HTTPS and SPDY protocols that also use data compression. When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks. Validation Conditions: This test passes if the server is not vulnerable to CRIME attack.

Analyzing protection against poodle attacks

Your connection is immune against poodle_ssl attack.

Description: The POODLE attack (which stands for 'Padding Oracle On Downgraded Legacy Encryption') is a man-in-the-middle exploit which takes advantage of Internet and security software client's fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Validation Conditions: This test passes if the server is not vulnerable to poodle attacks

Analyzing fallback_SCSV vulnerability

Your connection is immune against fallback_SCSV attack.

Description: FALLBACK_SCSV is a cipher suite advertised in the Client Hello, which starts the SSL/TLS handshake. SCSV stands for 'Signaling Cipher Suite Value'. The process of successively downgrading the protocol version was put in place because browsers wanted to ensure they could connect to servers that were buggy. The TLS_FALLBACK_SCSV mechanism ensures that this downgrade only happens with the client's blessing. Validation Conditions: This test passes if the server is immune to tls fallback attacks.

Analyzing SWEET32 Attack

Your connection is immune against SWEET32 attack.

Description: The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating a collision. With this collision, the attacker is able to retrieve information from a session cookie. This attack is known as SWEET32 which could lead to leakage of sensitive data. Validation Conditions: This test passes if the server is immune to SWEET32 attacks.

Analyzing Protection Against Freak Attack	Your connection is immune against FREAK attack.
Description: FREAK ("Factoring RSA Export Keys") is a security exploit of a cryptographic weakness in the SSL/TLS protocols. A man-in-the-middle, with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. Validation Conditions: This test is passed it the server is not vulnerable to this attack.

Analyzing protection against DROWN Attacks.

Your connection is immune against DROWN attack.

Description: The DROWN attack is a cross-protocol security bug that attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSLv2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure. DROWN can affect all types of servers that offer services encrypted with TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols. Validation Conditions: This test passes if the server is not vulnerable to DROWN attacks.

Analyzing protection against LOGJAM Attack

Your connection is immune against LOGJAM attack.

Description: The LOGJAM attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. Validation Conditions: This test passes if the server is not vulnerable to LOGJAM attacks

Analyzing existence of common primes in public/private encryption key pairs.

Your connection is immune to LOGJAM-Common_Primes attack.

Description: Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve, the most efficient algorithm for breaking a Diffie-Hellman connection is dependent only on this prime. After this first step, an attacker can quickly break individual connections. Validation Conditions: This test passes if the server is not using common prime numbers that would make it vulnerable.

Analyzing BEAST vulnerability

Your connection is immune to BEAST attack.

Description: Short for Browser Exploit Against SSL/TLS, SSL Beast is an exploit first, revealed in late September 2011, that leverages weaknesses in cipher block chaining (CBC) to exploit the Secure Sockets Layer (SSL) protocol. The CBC vulnerability can enable man-in-the-middle (MITM) attacks against SSL in order to silently decrypt and obtain authentication tokens, providing hackers with access to the data passed between a Web server and the Web browser accessing the server. Validation Conditions: This test passes if the server is not vulnerable to BEAST attacks.

Analyzing luck13 vulnerability	Your connection is vulnerable to LUCKY13 attack.
Description: The Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol that use the CBC mode of operation. Validation Conditions: This test passes if the sever is not vulnerable to this bug. potentially vulnerable, uses TLS CBC ciphers

Analyzing RC4 vulnerability

Your connection is immune against RC4 attack.

Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. Validation Conditions: This test passes if the server does not utilize RC4 in its cipher suits.

Cipher Suite Assessments

TLSv1.2

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA

TLSv1.3

TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256 TLS-AES-128-GCM-SHA256 TLS-AES-128-CCM-SHA256

Browser Simulations

Client	Cipher Suite	Protocol
ANDROID-442	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
ANDROID-500	TLSv1.2	ECDHE-RSA-AES128-GCM-SHA256
ANDROID-60	TLSv1.2	ECDHE-RSA-AES128-GCM-SHA256
ANDROID-70	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
ANDROID-81	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
ANDROID-90	TLSv1.3	TLS_AES_256_GCM_SHA384
ANDROID-X	TLSv1.3	TLS_AES_256_GCM_SHA384
CHROME-74-WIN10	TLSv1.3	TLS_AES_256_GCM_SHA384
CHROME-79-WIN10	TLSv1.3	TLS_AES_256_GCM_SHA384
FIREFOX-66-WIN81	TLSv1.3	TLS_AES_256_GCM_SHA384
FIREFOX-71-WIN10	TLSv1.3	TLS_AES_256_GCM_SHA384
IE-6-XP	N/A	No Connection
IE-8-WIN7	N/A	No Connection
IE-8-XP	N/A	No Connection
IE-11-WIN7	TLSv1.2	ECDHE-RSA-AES256-SHA384
IE-11-WIN81	TLSv1.2	ECDHE-RSA-AES256-SHA384
IE-11-WINPHONE81	TLSv1.2	ECDHE-RSA-AES128-SHA256
IE-11-WIN10	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
EDGE-15-WIN10	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
EDGE-17-WIN10	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
OPERA-66-WIN10	TLSv1.3	TLS_AES_256_GCM_SHA384
SAFARI-9-IOS9	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
SAFARI-9-OSX1011	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
SAFARI-10-OSX1012	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
SAFARI-121-IOS-122	TLSv1.3	TLS_AES_256_GCM_SHA384
SAFARI-130-OSX-10146	TLSv1.3	TLS_AES_256_GCM_SHA384
APPLE-ATS-9-IOS9	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
JAVA-6U45	N/A	No Connection
JAVA-7U25	N/A	No Connection
JAVA-8U161	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
JAVA1102	TLSv1.3	TLS_AES_256_GCM_SHA384
JAVA1201	TLSv1.3	TLS_AES_256_GCM_SHA384
OPENSSL-102E	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
OPENSSL-110L	TLSv1.2	ECDHE-RSA-AES256-GCM-SHA384
OPENSSL-111D	TLSv1.3	TLS_AES_256_GCM_SHA384
THUNDERBIRD-68-3-1	TLSv1.3	TLS_AES_256_GCM_SHA384