Comprehensive Security Analysis of "https://ifppm.org" - Overall Grade is "C-"

C-

weak

C-

weak

Protocol

https

Domain

ifppm.org

Checked IP

35.209.241.215

Check Time

2025-02-11T20:38:37+01:00

Cache Time

2025-02-07T15:25:12+00:00

Protocol HTTPS (TLS)

Transport Layer Security (TLS) is a secure data transfer protocol that creates secure communication to leverage higher privacy. Widely used on the Internet, it is the successor of the ancient SSL. Several versions of the protocol are used in applications and services, TLS 1.3 is the most recent, but TLS 1.2 is very common too. Many protocols rely on TLS, for instance, the HTTPS (Hypertext Transfer Protocol Secure) is a security layer over the unencrypted HTTP, but several e-mail protocols (eg: IMAPS, SMTPS, POP3S) use as well to get a secure connection.

▼

Cipher suites

C-

▼

Highlighted findings

10 total protocol related checks

C-

Weak Forward Secret Key Exchange Algorithm Preference (non-FS key exchange preferred over FS)

The cipher suite^[189]^[190] key exchange^[133] algorithm has no forward secrecy^[127]^[128]^[129]^[130] property, but it is preferred over a cipher suite which is forward secret.

Remove the cipher suite from the list of cipher suites supported by your server or set the cipher suite order explicitly where forward secret cipher suites are preferred over non-forawrd secret ones.

Weak Encryption Algorithm (ARIA)

Encryption algorithm ARIA^[313]^[314]^[315]^[316] is a block cipher^[78]^[79]^[80]^[81] which is considered secure^[317], but leading client applications do not use this algorithm. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry.

Remove the cipher suite from the list of cipher suites supported by your server.

Weak Forward Secrecy (non forward secret algorithm)

Key exchange method has no forward secrecy^[127]^[128]^[129]^[130], and does not protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past can be retrieved and decrypted.

Remove the cipher suite from the list of cipher suites supported by your server.

Weak Key Exchange Algorithm (RSA)

RSA^[443]^[444] key exchange is a key exchange^[133] that has no forward secrecy^[127]^[128]^[129]^[130], and does not protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past can be retrieved and decrypted. Throughout its history RSA encryption has had many security flaws^[445]^[446]^[447]^[448]^[449]^[450] and was affected by variety of attack types: chosen-ciphertext attack^[55] (eg: Bleichenbacher's attack^[1]^[2], ROBOT attack^[18]^[19]^[20]^[21]), side-channel attack^[69]^[70]^[71] (eg: padding oracle attack^[63]^[64]^[65]^[66], like Bleichenbacher's cat^[3]^[4]^[5]^[6]).

Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman^[432]^[433] over Ephemeral Diffie-Hellman^[405]^[406]^[407]^[408].

B-

Moderate Authenticated Encryption Preference (CBC preferred over CCM)

The cipher suite^[189]^[190] block cipher mode of operation^[82]^[83]^[84]^[85]^[86] is cipher block chaining^[28]^[29]^[30] is not an authenticated encryption^[74] algorithm, but it is preferred over an authenticated one (counter with CBC-MAC^[32]^[33]^[34], which provides integrity, and authenticity assurances on the data simultaneously.

Remove the cipher suite from the list of cipher suites supported by your server or set the cipher suite order explicitly and CCM cipher suites be preferred over CBC ones.

B-

Moderate Authenticated Encryption Preference (CBC preferred over GCM)

The cipher suite^[189]^[190] block cipher mode of operation^[82]^[83]^[84]^[85]^[86] is cipher block chaining^[28]^[29]^[30] is not an authenticated encryption^[74] algorithm, but it is preferred over an authenticated one (Galois/Counter Mode^[46]^[47]^[48]^[49], which provides integrity, and authenticity assurances on the data simultaneously.

Remove the cipher suite from the list of cipher suites supported by your server or set the cipher suite order explicitly and GCM cipher suites be preferred over CBC ones.

Moderate Encryption Algorithm (Camellia)

Encryption algorithm Camellia^[318]^[319]^[320]^[321] is a block cipher^[78]^[79]^[80]^[81] which is considered secure^[322]^[323], but leading client applications do not use this algorithm. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry.

Remove the cipher suite from the list of cipher suites supported by your server.

A-

Good MAC Algorithm (SHA-1)

message authentication code^[135]^[136]^[137]^[138] is a hashed message authentication code^[139]^[140]^[141]^[142]^[143]^[144]^[145] which is considered secure^[462], despite the fact that the underlayingcryptographic hash function^[94]^[95]^[96]^[97] (Secure Hash Algorithm 1^[202]^[203]^[204]) is considered insecure^[205]^[206]^[207]^[208]^[209]^[210]^[211].

If your application or requirements specifically call for the use of a message authentication code^[135]^[136]^[137]^[138] that does not provide authenticated encryption^[74] prefer block cipher mode of operation^[82]^[83]^[84]^[85]^[86] (eg: counter with CBC-MAC^[32]^[33]^[34], Galois/Counter Mode^[46]^[47]^[48]^[49] or message authentication code^[135]^[136]^[137]^[138] (eg: Poly1305^[458]^[459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code^[139]^[140]^[141]^[142]^[143]^[144]^[145] prefer message authentication code^[135]^[136]^[137]^[138] based on Secure Hash Algorithm 2^[212]^[213]^[214] over the ones based on Secure Hash Algorithm 1^[202]^[203]^[204].

A-

Good TLS Cipher Suite Preference (server cipher suites are preferred securely)

Server prefers it's own cipher suite^[189]^[190] order over client's cipher suite preference order. It may cause that less secure cipher suite is choosen in case of an improperly configured client. As not each cipher suite^[189]^[190] supported by the server is considered secure, this is the best possible configuration as long as server's preference order is correct. However it prevents the clients to choose their most preferred cipher suite, which may give them better performance (eg: ChaCha20/Poly1305 ChaCha20-Poly1305^[328]^[329]^[330]) on mobile devices under the same conditions of security.

Remove any intermediate or backward compatible cipher suite to make possible preferring client's cipher suite order without any security consideration.

A-

Good TLS Cipher Suite Preference (server cipher suites are preferred unnecessarily)

Each cipher suite^[189]^[190] supported by the server is considered secure, however it prefers its own cipher suite preference order client cipher suite preference order, which prevents the clients to choose their most preferred cipher suite, which may give them better performance (eg: ChaCha20/Poly1305 ChaCha20-Poly1305^[328]^[329]^[330]) on mobile devices under the same conditions of security.

Set preference of client cipher suite order.

▶

Checked facts

15 total protocol related checks

Good Key Exchange Algorithm (Ephemeral Diffie-Hellman)

Ephemeral Diffie-Hellman^[405]^[406]^[407]^[408] is a variant of Diffie-Hellman^[99]^[100]^[101]^[102]^[103] key exchange^[133] protocol that has forward secrecy^[127]^[128]^[129]^[130], and does protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted. However, there is a protocol flaw called D(HE)at attack^[581]^[582]^[583]^[584]^[585], a denial-of-service attack^[586]^[587]^[588]^[589]^[590], which can be exploited effectively when large key sizes are enabled.

Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman^[432]^[433] over Ephemeral Diffie-Hellman^[405]^[406]^[407]^[408] and D(HE)at attack^[581]^[582]^[583]^[584]^[585] implies using Diffie-Hellman ephemeral public key parameter^[409]^[410]^[411]s with a size greater or equal than 2048 bits but less or equal than 4096 bits.

Good TLS Cipher Suite Preference (cipher suite order is correct)

Server prefers it's own cipher suite^[189]^[190] order over client's cipher suite preference order and does it may cause that less secure cipher suite is choosen in case of an improperly configured client. As not each cipher suite^[189]^[190] supported by the server is considered secure, this is the best possible configuration as long as server's preference order is correct. However it prevents the clients to choose their most preferred cipher suite, which may give them better performance (eg: ChaCha20/Poly1305 ChaCha20-Poly1305^[328]^[329]^[330]) on mobile devices under the same conditions of security.

Remove any intermediate or backward compatible cipher suite to make possible preferring client's cipher suite order without any security consideration.

A+

Excellent Block Cipher Mode of Operation (CCM)

block cipher mode of operation^[82]^[83]^[84]^[85]^[86] counter with CBC-MAC^[32]^[33]^[34] is considered secure. It provides provides authenticated encryption^[74] which simultaneously assure the confidentiality^[91]^[92]^[93] and authenticity^[75]^[76]^[77] of data.

If your application or requirements specifically call for the use of a message authentication code^[135]^[136]^[137]^[138] that does not provide authenticated encryption^[74] prefer block cipher mode of operation^[82]^[83]^[84]^[85]^[86] (eg: counter with CBC-MAC^[32]^[33]^[34], Galois/Counter Mode^[46]^[47]^[48]^[49] or message authentication code^[135]^[136]^[137]^[138] (eg: Poly1305^[458]^[459]) that proved authenticated encryption over the ones which does not provide it.

A+

Excellent Block Cipher Mode of Operation (GCM)

block cipher mode of operation^[82]^[83]^[84]^[85]^[86] Galois/Counter Mode^[46]^[47]^[48]^[49] is considered secure. It provides authenticated encryption^[74] which simultaneously assure the confidentiality^[91]^[92]^[93] and authenticity^[75]^[76]^[77] of data.

If your application or requirements specifically call for the use of a message authentication code^[135]^[136]^[137]^[138] that does not provide authenticated encryption^[74] prefer block cipher mode of operation^[82]^[83]^[84]^[85]^[86] (eg: counter with CBC-MAC^[32]^[33]^[34], Galois/Counter Mode^[46]^[47]^[48]^[49] or message authentication code^[135]^[136]^[137]^[138] (eg: Poly1305^[458]^[459]) that proved authenticated encryption over the ones which does not provide it.

A+

Excellent Digital Signature Algorithm (RSA)

Rivest–Shamir–Adleman^[275]^[276]^[277] is a digital signature^[107]^[108]^[109]^[110] algorithm, which is considered secure, however there are known weaknesses^[278]^[279]^[280]^[281]^[282].

A+

Excellent Encryption Algorithm (AES)

Encryption algorithm Advanced Encryption Standard^[302]^[303]^[304]^[305]^[306]^[307]^[308]^[309] is a block cipher^[78]^[79]^[80]^[81] for which there is no known practical attack that would allow the attacker to recover the encrypted text without knowledge of the key when the algorithm is implemented correctly. However improper implementations may lead to a side-channel attack^[69]^[70]^[71] as it has happened in case of OpenSSL^[395]^[396] ^[310]^[311]^[312].

Prefer cipher suites with greater key size of AES (eg: perfer AES-256 over AES-128).

A+

Excellent Encryption Algorithm (ChaCha20)

The stream cipher^[182]^[183] ChaCha20^[324]^[325]^[326]^[327] is a variant of the algorithm Salsa20^[380]^[381]^[382] is considered secure ^[331]^[332] and gives better performance for mobile devices.

Prefer stream cipher^[182]^[183] ChaCha20^[324]^[325]^[326]^[327] in case of mobile devices.

A+

Excellent Encryption Block Size (encryption block size > 64 bits)

The block cipher^[78]^[79]^[80]^[81] uses a block size^[87] larger than 64 bits, so it is not vulnerable to sweet32 attack^[22]^[23]^[24]^[25].

A+

Excellent Encryption Block Size (encryption key size ≥ 128 bits)

The symmetric key^[185]^[186]^[187] withkey size^[184] more than 128 bits as it is should be according to National Institute of Standards and Technology^[470]^[471] so it is not vulnerable to preimage attack^[67] and it cannreliably prove that message came from the stated sender (its authenticity) and has not been changed, so connection is not open for a man-in-the-middle attack^[61].

Remove the cipher suite from the list of cipher suites supported by your server.

A+

Excellent Authenticated Encryption (authenticated encryption)

Encryption mode is an authenticated encryption^[74] which provides confidentiality^[91]^[92]^[93], integrity, and authenticity assurances on the data.

A+

Excellent Key Exchange Algorithm (ECDHE)

Ephemeral Elliptic-curve Diffie–Hellman^[432]^[433] is a variant of Elliptic-curve Diffie–Hellman^[114]^[115] key exchange that has forward secrecy^[127]^[128]^[129]^[130], and does protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted.

Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman^[432]^[433] over Ephemeral Diffie-Hellman^[405]^[406]^[407]^[408].

A+

Excellent Forward Secrecy (forward secret algorithm)

Key exchange method has forward secrecy^[127]^[128]^[129]^[130], and does protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted.

Always prefer cipher suites with FS property over the non-FS ones.

A+

Excellent MAC Algorithm (Poly1305)

message authentication code^[135]^[136]^[137]^[138] is a message authentication code based on universal hashing^[150]^[151]^[152]^[153] which is considered secure. It provides authenticated encryption^[74] which simultaneously assure the confidentiality^[91]^[92]^[93] and authenticity^[75]^[76]^[77] of data. Together with stream cipher^[182]^[183] ChaCha20ChaCha20-Poly1305^[328]^[329]^[330] gives better performance on mobile devices under the same conditions of security.

If your application or requirements specifically call for the use of a message authentication code^[135]^[136]^[137]^[138] that does not provide authenticated encryption^[74] prefer block cipher mode of operation^[82]^[83]^[84]^[85]^[86] (eg: counter with CBC-MAC^[32]^[33]^[34], Galois/Counter Mode^[46]^[47]^[48]^[49] or message authentication code^[135]^[136]^[137]^[138] (eg: Poly1305^[458]^[459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code^[139]^[140]^[141]^[142]^[143]^[144]^[145] prefer message authentication code^[135]^[136]^[137]^[138] based on Secure Hash Algorithm 2^[212]^[213]^[214] over the ones based on Secure Hash Algorithm 1^[202]^[203]^[204].

A+

Excellent MAC Algorithm (SHA-2)

message authentication code^[135]^[136]^[137]^[138] is a hashed message authentication code^[139]^[140]^[141]^[142]^[143]^[144]^[145] which is considered secure. The underlaying cryptographic hash function^[94]^[95]^[96]^[97] (Secure Hash Algorithm 2^[212]^[213]^[214]) is also considered secure.

If your application or requirements specifically call for the use of a message authentication code^[135]^[136]^[137]^[138] that does not provide authenticated encryption^[74] prefer block cipher mode of operation^[82]^[83]^[84]^[85]^[86] (eg: counter with CBC-MAC^[32]^[33]^[34], Galois/Counter Mode^[46]^[47]^[48]^[49] or message authentication code^[135]^[136]^[137]^[138] (eg: Poly1305^[458]^[459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code^[139]^[140]^[141]^[142]^[143]^[144]^[145] prefer message authentication code^[135]^[136]^[137]^[138] based on Secure Hash Algorithm 2^[212]^[213]^[214] over the ones based on Secure Hash Algorithm 1^[202]^[203]^[204].

A+

Excellent Block Cipher Mode of Operation (CBC used with EtM extension)

Encryption mode is cipher block chaining^[28]^[29]^[30]. However, it is vulnerable^[31] to timing attack^[188] (eg: Lucky Thirteen attack^[11]^[12]) and padding oracle attack^[63]^[64]^[65]^[66] (eg: POODLE attack^[13]^[14]^[15]) these problems are mitigated by Encrypt-then-MAC for Transport Layer Security^[575] extension uses the encrypt-then-MAC^[392]^[393]^[394] approach providesauthenticated encryption^[74].

▶

Detailed info

TLS 1.2
Grade	Order	Cipher suite name	Findings
A	1	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
A	2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
A	3	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
B-	4	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	Moderate Authenticated Encryption Preference (CBC preferred over GCM)
B-	5	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	Moderate Authenticated Encryption Preference (CBC preferred over GCM)
B-	6	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	Moderate Authenticated Encryption Preference (CBC preferred over GCM) Good MAC Algorithm (SHA-1)
B-	7	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	Moderate Authenticated Encryption Preference (CBC preferred over GCM) Good MAC Algorithm (SHA-1)
B-	8	TLS_DHE_RSA_WITH_AES_128_CBC_SHA	Moderate Authenticated Encryption Preference (CBC preferred over CCM) Good MAC Algorithm (SHA-1)
C-	9	TLS_RSA_WITH_AES_128_CBC_SHA	Weak Forward Secret Key Exchange Algorithm Preference (non-FS key exchange preferred over FS) Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA) Good MAC Algorithm (SHA-1)
A	10	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
A	11	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
A	12	TLS_DHE_RSA_WITH_AES_256_CCM
C	13	TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384	Weak Encryption Algorithm (ARIA)
C	14	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384	Weak Encryption Algorithm (ARIA)
A	15	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
A	16	TLS_DHE_RSA_WITH_AES_128_CCM
C	17	TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256	Weak Encryption Algorithm (ARIA)
C	18	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256	Weak Encryption Algorithm (ARIA)
A	19	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
B	20	TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384	Moderate Encryption Algorithm (Camellia)
B	21	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256	Moderate Encryption Algorithm (Camellia)
A	22	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
B	23	TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256	Moderate Encryption Algorithm (Camellia)
B	24	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256	Moderate Encryption Algorithm (Camellia)
A-	25	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	Good MAC Algorithm (SHA-1)
B	26	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	Moderate Encryption Algorithm (Camellia) Good MAC Algorithm (SHA-1)
B	27	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	Moderate Encryption Algorithm (Camellia) Good MAC Algorithm (SHA-1)
C	28	TLS_RSA_WITH_AES_256_GCM_SHA384	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA)
C	29	TLS_RSA_WITH_AES_256_CCM	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA)
C	30	TLS_RSA_WITH_ARIA_256_GCM_SHA384	Weak Encryption Algorithm (ARIA) Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA)
C	31	TLS_RSA_WITH_AES_128_GCM_SHA256	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA)
C	32	TLS_RSA_WITH_AES_128_CCM	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA)
C	33	TLS_RSA_WITH_ARIA_128_GCM_SHA256	Weak Encryption Algorithm (ARIA) Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA)
C	34	TLS_RSA_WITH_AES_256_CBC_SHA256	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA)
C	35	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA) Moderate Encryption Algorithm (Camellia)
C	36	TLS_RSA_WITH_AES_128_CBC_SHA256	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA)
C	37	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA) Moderate Encryption Algorithm (Camellia)
C	38	TLS_RSA_WITH_AES_256_CBC_SHA	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA) Good MAC Algorithm (SHA-1)
C	39	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA) Moderate Encryption Algorithm (Camellia) Good MAC Algorithm (SHA-1)
C	40	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	Weak Forward Secrecy (non forward secret algorithm) Weak Key Exchange Algorithm (RSA) Moderate Encryption Algorithm (Camellia) Good MAC Algorithm (SHA-1)

TLS 1.3
Grade	Order	Cipher suite name
A	1	TLS_AES_256_GCM_SHA384
A	2	TLS_CHACHA20_POLY1305_SHA256
A	3	TLS_AES_128_GCM_SHA256
A	4	TLS_AES_128_CCM_SHA256

▼

Key exchange

▼

Highlighted findings

0 total protocol related checks

Congratulations! We could not find any potential issues regarding your server configuration.

▶

Checked facts

7 total protocol related checks

Good Elliptic Curve Algorithm (elliptic curves designed by NIST)

The elliptic-curve cryptography^[118]^[119]^[120]^[121] is an approach to public-key cryptography^[164]^[165]^[166] based on the elliptic curve^[116]^[117]s. Note that there is controversy^[287]^[288]^[289]^[290]^[291] around some of the National Institute of Standards and Technology^[470]^[471] designed elliptic curveselliptic curves designed by NIST^[285]^[286].

Add at least one elliptic curve to the list of elliptic curves supported by your server designed by independent researchers and prefer them as server configuration makes it possible.

Good Elliptic Curve Algorithm (elliptic curves not post-quantum safe)

The elliptic curve^[116]^[117] is not secure against a cryptanalytic attack by a quantum computer.

Add at least one quantum-safe elliptic curve to the list of elliptic curves supported by your server and prefer them as server configuration makes it possible.

A+

Excellent Elliptic Curve Algorithm (elliptic curve key size)

The elliptic-curve cryptography^[118]^[119]^[120]^[121] is an approach to public-key cryptography^[164]^[165]^[166] based on the elliptic curve^[116]^[117]s. The most important property in terms of encryption strength, beyond the designer is elliptic curve key size^[292]^[293]^[294]. All the key sizes available are considered secure, so there is no consideration about it.

A+

Excellent Diffie-Hellman Parameter Well-Know (custom DH parameter)

The Diffie-Hellman ephemeral public key parameter^[409]^[410]^[411] is a custom Diffie-Hellman ephemeral public key parameter^[412]^[413], so parameters are necessarily selected appropriately and the public keys are not necessarily validated appropriately, so they may vulnerable against small subgroup confinement attack^[72]^[73], however with appropriately choosen parameter size and validated parameters it is considered more security than the a well-known Diffie-Hellman ephemeral public key parameter^[426]^[427]^[428].

Use a well-known Diffie-Hellman ephemeral public key parameter^[426]^[427]^[428], or generate a custom Diffie-Hellman ephemeral public key parameter^[409]^[410]^[411] with a size greater or equal than 2048 bits but less or equal than 4096 bits. In the case of custom parameters, validate that the prime is a safe prime^[176] to avoid a small subgroup confinement attack^[72]^[73].

A+

Excellent Diffie-Hellman Parameter Reuse (DH param not reused)

The Diffie-Hellman ephemeral public key parameter^[409]^[410]^[411] is uniqe between key agreements. It prevents small subgroup confinement attack^[72]^[73] even if parameters are not appropriately selected or if public keys are not appropriately validated and also prevents Raccoon Attack^[16]^[17], which is a side-channel attack^[69]^[70]^[71] against Ephemeral Diffie-Hellman^[405]^[406]^[407]^[408].

A+

Excellent Diffie-Hellman Parameter Prime (Diffie-Hellman parameter safe prime)

Diffie-Hellman ephemeral public key parameter^[409]^[410]^[411] contains a safe prime^[176], so the connection is certainly not vulnerable to a small subgroup confinement attack^[72]^[73].

A+

Excellent Diffie-Hellman Parameter Size (>=2048)

The Diffie-Hellman ephemeral public key parameter^[409]^[410]^[411] with prime size greater than 2048^[422] is considered secure, not weakened against logjam attack^[7]^[8]^[9]^[10].

Use a well-known Diffie-Hellman ephemeral public key parameter^[426]^[427]^[428], or generate a custom Diffie-Hellman ephemeral public key parameter^[409]^[410]^[411] with a size greater or equal than 2048 bits but less or equal than 4096 bits. In the case of custom parameters, validate that the prime is a safe prime^[176] to avoid a small subgroup confinement attack^[72]^[73].

▶

Detailed info

Elliptic Curves
Grade	Name	Code	Key Size	Trusted Design	Post Quantum Safe	Findings
A	secp384r1	0x0018	384	No	No

DH Parameters
Grade	Key Size	Prime	Reused	Well Known	Findings
A+	4096	Safe Prime	No	No

▼

Public keys

▼

Highlighted findings

0 total protocol related checks

Congratulations! We could not find any potential issues regarding your server configuration.

▶

Checked facts

9 total protocol related checks

Good X.509 Public Key Subject (common name does not match)

A digital certificate^[104]^[105] must contain a field called subject^[509]^[510] and may contain certificate extensions^[506]^[507]^[508] including subject alternative name extension^[502]^[503]^[504]. During the hostname validation^[514]^[515] client applications (eg: browser, email client, ...) match common name^[511]^[512]^[513] part of the subject and values of subject alternative names against the domain name^[112]^[113] of the connected server. Either the value of the common name attribute or one of the values of subject alternative name extension should match to the domain name exactly at least by a wildcard character^[191]^[192] in case of a wildcrard certificate^[551]^[552]^[553]^[554]. The certificate provided by your server contains common names, but neither of its values matches the domain name.

Ensure that one of the values of the subject alternative names extension of the certificate provided by your server matches to the domain name. Consider the fact that old client (eg: browsers released before 2003) may not support^[505] the subject alternative names extension.

A+

Excellent Digital Signature Algorithm (RSA)

Rivest–Shamir–Adleman^[275]^[276]^[277] is a digital signature^[107]^[108]^[109]^[110] algorithm, which is considered secure, however there are known weaknesses^[278]^[279]^[280]^[281]^[282].

A+

Excellent Public Key Size (RSA with key size ≤ 2048)

The asymmetric key size^[53] in cryptography defines the upper-bound on an algorithm's security. The Rivest–Shamir–Adleman cryptosystem^[478]^[479]^[480] is a cryptosystem, which provides both key distribution^[131], digital signature^[107]^[108]^[109]^[110]. The RSA keys with size greater than or equal to 2048 bits are considered secure according to National Institute of Standards and Technology^[470]^[471].

A+

Excellent Public Key Revocation Check (OCSP stapling supported)

Server supports revocation check mechanism Online Certificate Status Protocol (OCSP) stapling^[527]^[528]^[529]^[530]^[531]. Revocation check mechanisms of X.509 public key^[493]^[494]^[495]^[496]^[497] certificates have many flaws ^[518]^[519]^[520]^[521] and now, the only practically working and used vendor independent mechanisms is OCSP stapling.Without using a certificate revocation check mechanism a client applications (eg: browser, email client, ...), cannot determine whether X.509 public key the server provides still valid or it has already been revoked by the issuer of the certificate. Without this information it cannot be reliably proved that message caomes from the stated sender (its authenticity) or it has been changed, so connections could be open for a man-in-the-middle attack^[61].

Always chose certificate authority^[88]^[89]^[90]s which support Online Certificate Status Protocol (OCSP)^[522]^[523]^[524]^[525]^[526]. Prefer server implementations which support Online Certificate Status Protocol (OCSP) stapling^[527]^[528]^[529]^[530]^[531] or use a proxy application make up for this shortcomings.

A+

Excellent Public Key Signature Hash Algorithm (root CA signature algorithm)

A digital certificate^[104]^[105] which identifies a site can be signed by a certificate authority^[88]^[89]^[90] or can be a self-signed certificate^[111] (root certificate^[106]) having a digital signature^[107]^[108]^[109]^[110] in both cases, however it is needless to be verified in the latter case, so the security of the used cryptographic hash function^[94]^[95]^[96]^[97] does not matter.

A+

Excellent X.509 Public Key Subject (subject alternative names do match)

A digital certificate^[104]^[105] must contain a field called subject^[509]^[510] and may contain certificate extensions^[506]^[507]^[508] including subject alternative name extension^[502]^[503]^[504]. During the hostname validation^[514]^[515] client applications (eg: browser, email client, ...) match common name^[511]^[512]^[513] part of the subject and values of subject alternative names against the domain name^[112]^[113] of the connected server. Either the value of the common name attribute or one of the values of subject alternative name extension should match to the domain name exactly at least by a wildcard character^[191]^[192] in case of a wildcrard certificate^[551]^[552]^[553]^[554]. The certificate provided by your server contains subject alternative name extension and one of its values matches the domain name.

A+

Excellent X.509 Public Key Validation (domain-validated certificate)

The digital certificate^[104]^[105] identifies the site is a domain-validated certificate^[536], means that verification of the control over a DNS domain was required by the certificate authority^[88]^[89]^[90] to sign this certificate.

Take into consideration the advantages of a domain-validated certificate^[536] (eg: completely automated certificate renewal^[516]^[517] process, possibly short validation period^[518]^[519]^[520]^[521]) over minor user experience improvement of an extended validation in certain client applications and the risk of a potential service outage caused by the manual certificate renewal^[541]^[542].

A+

Excellent X.509 Public Key Validity (certficate is valid)

A digital certificate^[104]^[105] identifies a site is signed by a certificate authority^[88]^[89]^[90] certifies the ownership of a public key within a limited time period, called validity^[543]^[544]^[545]. The current date and time is within the validity period of the public key provided by your server.

Restore the certificate, provided by your server, to the latest one, if it is available and its validity period has not ended yet, or initiate renewal^[516]^[517] process if its validity period has ended yet. If there no available certificate create a completely new one and get is signed with a certificate authority.

A+

Excellent Public Key Signature Hash Algorithm (SHA-2)

The digital certificate^[104]^[105] which identifies the site is signed by a certificate authority^[88]^[89]^[90] having digital signature^[107]^[108]^[109]^[110] with signature hash algorithm SHA-2^[565] which uses Secure Hash Algorithm 2^[212]^[213]^[214] as cryptographic hash function^[94]^[95]^[96]^[97] considered secure.

Always provide certificate by your server to use signature algorithms with hash functions that are strong just like SHA-2 signature algorithms.

▶

Detailed info

Server Certificate

*.ifppm.org

+1 alternative name(s)

Valid From: 2024-12-13T21:07:18+00:00

Valid Until: 2025-03-13T21:07:17+00:00

A+

Intermediate CA

R11

2024-03-13

2027-03-13

A+

Root CA

ISRG Root X1

2015-06-04

2035-06-04

Subject Info

Common Names

*.ifppm.org

Subject Alternative Names

*.ifppm.org ifppm.org

A+

Validity

Not Before

2024-12-13T21:07:18+00:00

Not After

2025-03-13T21:07:17+00:00

N/A

Issuer

Common Name

R11

Organization Name

Let's Encrypt

Country Name

A+

Fingerprints

MD5

FB:2D:91:82:26:40:1C:21:FE:2A:D7:C5:6C:E1:84:15

SHA1

6E:8C:B5:BB:9E:DD:09:0D:FE:F4:B3:11:C4:B5:C3:12:BE:56:1C:D8

SHA2_256

72:DA:B2:CB:D0:73:5F:6F:02:76:BB:07:80:8C:27:8A:DC:6A:A4:A6:7A:18:6A:9F:7C:5C:DD:29:85:D0:4F:22

A+

Public Key

Key Type

RSA

Key Size

2048

A+

Subject Info

Common Name

R11

Organization Name

Let's Encrypt

Country Name

A+

Validity

Not Before

2024-03-13T00:00:00+00:00

Not After

2027-03-12T23:59:59+00:00

N/A

Issuer

Common Name

ISRG Root X1

Organization Name

Internet Security Research Group

Country Name

A+

Fingerprints

MD5

2F:AC:04:55:31:47:F4:6A:49:DF:9B:4E:BE:A6:DF:43

SHA1

69:6D:B3:AF:0D:FF:C1:7E:65:C6:A2:0D:92:5C:5A:7B:D2:4D:EC:7E

SHA2_256

59:1E:9C:E6:C8:63:D3:A0:79:E9:FA:BE:14:78:C7:33:9A:26:B2:12:69:DD:E7:95:21:13:61:02:4A:E3:1A:44

A+

Public Key

Key Type

RSA

Key Size

2048

A+

Subject Info

Common Name

ISRG Root X1

Organization Name

Internet Security Research Group

Country Name

A+

Validity

Not Before

2015-06-04T11:04:38+00:00

Not After

2035-06-04T11:04:38+00:00

N/A

Issuer

Common Name

ISRG Root X1

Organization Name

Internet Security Research Group

Country Name

A+

Fingerprints

MD5

0C:D2:F9:E0:DA:17:73:E9:ED:86:4D:A5:E3:70:E7:4E

SHA1

CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8

SHA2_256

96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6

A+

Public Key

Key Type

RSA

Key Size

4096

▼

Versions

A+

▼

Highlighted findings

0 total protocol related checks

Congratulations! We could not find any potential issues regarding your server configuration.

▶

Checked facts

2 total protocol related checks

▶

Detailed info

Grade	Enabled Protocol	Findings
A+	TLS 1.3
A+	TLS 1.2