Remove the cipher suite from the list of cipher suites supported by your server.
Remove the cipher suite from the list of cipher suites supported by your server.
Remove the cipher suite from the list of cipher suites supported by your server.
Remove the cipher suite from the list of cipher suites supported by your server.
Set preference of server cipher suite order or remove any intermediate or backward compatible cipher suite.
If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on Secure Hash Algorithm 1[202][203][204].
If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it.
If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it.
Prefer cipher suites with greater key size of AES (eg: perfer AES-256 over AES-128).
Remove the cipher suite from the list of cipher suites supported by your server.
Always prefer cipher suites with FS property over the non-FS ones.
If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on Secure Hash Algorithm 1[202][203][204].
If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on Secure Hash Algorithm 1[202][203][204].
Remove any intermediate or backward compatible cipher suite to make possible preferring client's cipher suite order without any security consideration.
Grade | Order | Cipher suite name | Findings |
---|---|---|---|
C
|
|
TLS_RSA_WITH_AES_128_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Good MAC Algorithm (SHA-1)
|
A-
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
Good MAC Algorithm (SHA-1)
|
C
|
|
TLS_RSA_WITH_AES_256_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Good MAC Algorithm (SHA-1)
|
A-
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
Good MAC Algorithm (SHA-1)
|
C
|
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Moderate Encryption Algorithm (Camellia)
Good MAC Algorithm (SHA-1)
|
B
|
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
Moderate Encryption Algorithm (Camellia)
Good MAC Algorithm (SHA-1)
|
C
|
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Moderate Encryption Algorithm (Camellia)
Good MAC Algorithm (SHA-1)
|
B
|
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
Moderate Encryption Algorithm (Camellia)
Good MAC Algorithm (SHA-1)
|
C
|
|
TLS_RSA_WITH_SEED_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Moderate Encryption Algorithm (SEED)
Good MAC Algorithm (SHA-1)
|
B
|
|
TLS_DHE_RSA_WITH_SEED_CBC_SHA
|
Moderate Encryption Algorithm (SEED)
Good MAC Algorithm (SHA-1)
|
A-
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
Good MAC Algorithm (SHA-1)
|
A-
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
Good MAC Algorithm (SHA-1)
|
Total records: 12 |
Grade | Order | Cipher suite name | Findings |
---|---|---|---|
C
|
|
TLS_RSA_WITH_AES_128_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Good MAC Algorithm (SHA-1)
|
A-
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
|
Good MAC Algorithm (SHA-1)
|
C
|
|
TLS_RSA_WITH_AES_256_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Good MAC Algorithm (SHA-1)
|
A-
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
|
Good MAC Algorithm (SHA-1)
|
C
|
|
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Moderate Encryption Algorithm (Camellia)
Good MAC Algorithm (SHA-1)
|
B
|
|
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
Moderate Encryption Algorithm (Camellia)
Good MAC Algorithm (SHA-1)
|
C
|
|
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Moderate Encryption Algorithm (Camellia)
Good MAC Algorithm (SHA-1)
|
B
|
|
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
Moderate Encryption Algorithm (Camellia)
Good MAC Algorithm (SHA-1)
|
C
|
|
TLS_RSA_WITH_SEED_CBC_SHA
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
Moderate Encryption Algorithm (SEED)
Good MAC Algorithm (SHA-1)
|
B
|
|
TLS_DHE_RSA_WITH_SEED_CBC_SHA
|
Moderate Encryption Algorithm (SEED)
Good MAC Algorithm (SHA-1)
|
A-
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
|
Good MAC Algorithm (SHA-1)
|
A-
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
Good MAC Algorithm (SHA-1)
|
Total records: 12 |
Grade | Order | Cipher suite name | Findings |
---|---|---|---|
C
|
|
TLS_RSA_WITH_AES_128_CBC_SHA256
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
C
|
|
TLS_RSA_WITH_AES_256_CBC_SHA256
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
A+
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
|
A+
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
|
C
|
|
TLS_RSA_WITH_AES_128_GCM_SHA256
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
C
|
|
TLS_RSA_WITH_AES_256_GCM_SHA384
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
A+
|
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
|
A+
|
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
|
A+
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
|
A+
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
|
|
A+
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
A+
|
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
C
|
|
TLS_RSA_WITH_ARIA_128_GCM_SHA256
|
Weak Encryption Algorithm (ARIA)
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
C
|
|
TLS_RSA_WITH_ARIA_256_GCM_SHA384
|
Weak Encryption Algorithm (ARIA)
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
C
|
|
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
|
Weak Encryption Algorithm (ARIA)
|
C
|
|
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
|
Weak Encryption Algorithm (ARIA)
|
C
|
|
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
|
Weak Encryption Algorithm (ARIA)
|
C
|
|
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
|
Weak Encryption Algorithm (ARIA)
|
B
|
|
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
|
Moderate Encryption Algorithm (Camellia)
|
B
|
|
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
|
Moderate Encryption Algorithm (Camellia)
|
C
|
|
TLS_RSA_WITH_AES_128_CCM
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
C
|
|
TLS_RSA_WITH_AES_256_CCM
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
A+
|
|
TLS_DHE_RSA_WITH_AES_128_CCM
|
|
A+
|
|
TLS_DHE_RSA_WITH_AES_256_CCM
|
|
C
|
|
TLS_RSA_WITH_AES_128_CCM_8
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
C
|
|
TLS_RSA_WITH_AES_256_CCM_8
|
Weak Forward Secrecy (non forward secret algorithm)
Weak Key Exchange Algorithm (RSA)
|
A+
|
|
TLS_DHE_RSA_WITH_AES_128_CCM_8
|
|
A+
|
|
TLS_DHE_RSA_WITH_AES_256_CCM_8
|
|
A+
|
|
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
|
A+
|
|
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
|
Total records: 30 |
Grade | Order | Cipher suite name | Findings |
---|---|---|---|
A+
|
|
TLS_AES_128_GCM_SHA256
|
|
A+
|
|
TLS_AES_256_GCM_SHA384
|
|
A+
|
|
TLS_CHACHA20_POLY1305_SHA256
|
|
Total records: 3 |
Add at least one elliptic curve to the list of elliptic curves supported by your server designed by independent researchers and prefer them as server configuration makes it possibel.
Add at least one elliptic curve to the list of elliptic curves supported by your server designed by independent researchers and prefer them as server configuration makes it possibel.
Generate custom Diffie-Hellman ephemeral public key parameter[409][410][411] with size greater or equal than 2048 bits and validate that the prime in parameter is safe prime[176] or use a well-known Diffie-Hellman ephemeral public key parameter[426][427][428] with size greater or equal than 2048 bits.
Generate custom Diffie-Hellman ephemeral public key parameter[409][410][411] with size greater or equal than 2048 bits and validate that the prime in parameter is safe prime[176] or use a well-known Diffie-Hellman ephemeral public key parameter[426][427][428] with size greater or equal than 2048 bits.
Grade | Name | Code | Key Size | Trusted Designer | Findings |
---|---|---|---|---|---|
A
|
prime256v1
|
0x0017
|
256
|
No
|
|
A
|
secp384r1
|
0x0018
|
384
|
No
|
|
A
|
secp521r1
|
0x0019
|
521
|
No
|
|
A+
|
Curve25519
|
0x001D
|
256
|
No
|
|
A+
|
Curve448
|
0x001E
|
448
|
No
|
|
Total records: 5 |
Grade | Key Size | Prime | Reused | Well Known | Findings |
---|---|---|---|---|---|
A+
|
2048
|
Safe Prime
|
No
|
No
|
|
Total records: 1 |
Always chose certificate authority[88][89][90]s which support Online Certificate Status Protocol (OCSP)[522][523][524][525][526]. Prefer server implementations which support Online Certificate Status Protocol (OCSP) stapling[527][528][529][530][531] or use a proxy application make up for this shortcomings.
Take into consideration the advantages of a domain-validated certificate[536] (eg: completely automated certificate renewal[516][517] process, possibly short validation period[518][519][520][521]) over minor user experience improvement of an extended validation in certain client applications and the risk of a potential service outage caused by the manual certificate renewal[541][542].
Restore the certificate, provided by your server, to the latest one, if it is available and its validity period has not ended yet, or initiate renewal[516][517] process if its validity period has ended yet. If there no available certificate create a completely new one and get is signed with a certificate authority.
Always provide certificate by your server to use signature algorithms with hash functions that are strong just like SHA-2 signature algorithms.
Remove the TLS 1.0 and 1.1 version from the list of TLS versions accepted by your server.
Grade | Enabled Protocol | Findings |
---|---|---|
A+
|
TLS 1.3
|
|
A+
|
TLS 1.2
|
|
C
|
TLS 1.1
|
Weak TLS/SSL Protocol Version (TLS 1.1)
|
C
|
TLS 1.0
|
Weak TLS/SSL Protocol Version (TLS 1.0)
|
Total records: 4 |