C-
weak
Protocol
https
Domain
www.cloudflare.com
Checked IP
104.16.123.96
Check Time
2024-11-22T03:58:38+01:00
Cache Time
2024-11-22T02:31:50+00:00

Protocol HTTPS (TLS)

Transport Layer Security (TLS) is a secure data transfer protocol that creates secure communication to leverage higher privacy. Widely used on the Internet, it is the successor of the ancient SSL. Several versions of the protocol are used in applications and services, TLS 1.3 is the most recent, but TLS 1.2 is very common too. Many protocols rely on TLS, for instance, the HTTPS (Hypertext Transfer Protocol Secure) is a security layer over the unencrypted HTTP, but several e-mail protocols (eg: IMAPS, SMTPS, POP3S) use as well to get a secure connection.
Cipher suites
C-
Highlighted findings
C-
Weak Forward Secret Key Exchange Algorithm Preference (non-FS key exchange preferred over FS)
The cipher suite[189][190] key exchange[133] algorithm has no forward secrecy[127][128][129][130] property, but it is preferred over a cipher suite which is forward secret.
Remove the cipher suite from the list of cipher suites supported by your server or set the cipher suite order explicitly where forward secret cipher suites are preferred over non-forawrd secret ones.
C
Weak Encryption Algorithm (3DES, officially TDEA or Triple DEA)
Encryption algorithm Triple DES[295][296][297] is a block cipher[78][79][80][81] which is still recognized as secure, but deprecated. It has multiple vulnerabilities[298][299][300][301] (eg: sweet32 attack[22][23][24][25], meet-in-the-middle attack[62], brute-force attack[54]) and it is considered as weak and disallowed by National Institute of Standards and Technology[470][471] after 2023.
Remove the cipher suite from the list of cipher suites supported by your server.
C
Weak Encryption Block Size (encryption block size ≤ 64 bits)
Any block cipher[78][79][80][81] uses a block size[87] of 64 bits is vulnerable to sweet32 attack[22][23][24][25].
Remove the cipher suite from the list of cipher suites supported by your server, or setup yout server to enforce changing session key regularly (rekeying[174]).
C
Weak Forward Secrecy (non forward secret algorithm)
Key exchange method has no forward secrecy[127][128][129][130], and does not protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past can be retrieved and decrypted.
Remove the cipher suite from the list of cipher suites supported by your server.
C
Weak Key Exchange Algorithm (RSA)
RSA[443][444] key exchange is a key exchange[133] that has no forward secrecy[127][128][129][130], and does not protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past can be retrieved and decrypted. Throughout its history RSA encryption has had many security flaws[445][446][447][448][449][450] and was affected by variety of attack types: chosen-ciphertext attack[55] (eg: Bleichenbacher's attack[1][2], ROBOT attack[18][19][20][21]), side-channel attack[69][70][71] (eg: padding oracle attack[63][64][65][66], like Bleichenbacher's cat[3][4][5][6]).
Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman[432][433] over Ephemeral Diffie-Hellman[405][406][407][408].
B-
Moderate Authenticated Encryption Preference (CBC preferred over GCM)
The cipher suite[189][190] block cipher mode of operation[82][83][84][85][86] is cipher block chaining[28][29][30] is not an authenticated encryption[74] algorithm, but it is preferred over an authenticated one (Galois/Counter Mode[46][47][48][49], which provides integrity, and authenticity assurances on the data simultaneously.
Remove the cipher suite from the list of cipher suites supported by your server or set the cipher suite order explicitly and GCM cipher suites be preferred over CBC ones.
B
Moderate Block Cipher Mode of Operation (CBC)
Encryption mode is cipher block chaining[28][29][30]. It is vulnerable[31] to timing attack[188] (eg: Lucky Thirteen attack[11][12]) and padding oracle attack[63][64][65][66] (eg: POODLE attack[13][14][15]).
Remove the cipher suite from the list of cipher suites supported by your server or at least set the cipher suite order explicitly and any cipher suite modes be preferred over ciphers suites with CBC modes.
A-
Good MAC Algorithm (SHA-1)
message authentication code[135][136][137][138] is a hashed message authentication code[139][140][141][142][143][144][145] which is considered secure[462], despite the fact that the underlayingcryptographic hash function[94][95][96][97] (Secure Hash Algorithm 1[202][203][204]) is considered insecure[205][206][207][208][209][210][211].
If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on Secure Hash Algorithm 1[202][203][204].
A-
Good TLS Cipher Suite Preference (server cipher suites are preferred securely)
Server prefers it's own cipher suite[189][190] order over client's cipher suite preference order. It may cause that less secure cipher suite is choosen in case of an improperly configured client. As not each cipher suite[189][190] supported by the server is considered secure, this is the best possible configuration as long as server's preference order is correct. However it prevents the clients to choose their most preferred cipher suite, which may give them better performance (eg: ChaCha20/Poly1305 ChaCha20-Poly1305[328][329][330]) on mobile devices under the same conditions of security.
Remove any intermediate or backward compatible cipher suite to make possible preferring client's cipher suite order without any security consideration.
Checked facts
Detailed info
Key exchange
A
Highlighted findings
Congratulations! We could not find any potential issues regarding your server configuration.
Checked facts
Detailed info
Public keys
A+
Highlighted findings
Congratulations! We could not find any potential issues regarding your server configuration.
Checked facts
Detailed info
Versions
C
Highlighted findings
C
Weak TLS/SSL Protocol Version (TLS 1.0)
The Transport Layer Security 1.0[235][236] is a deprecatedearly TLS versions[250][251][252][253][254] cryptography protocol[98]. Payment Card Industry Security Standards Council[472][473] suggests that organizations migrate from TLS 1.0 to TLS 1.1 or higher before June 30, 2018. In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020. In March 2021 Internet Engineering Task Force[467][468] deprecated TLS 1.0 and 1.1 in RFC 8996.
Remove the TLS 1.0 and 1.1 version from the list of TLS versions accepted by your server.
C
Weak TLS/SSL Protocol Version (TLS 1.1)
The Transport Layer Security 1.1[237][238] is a deprecatedearly TLS versions[250][251][252][253][254] cryptography protocol[98]. Payment Card Industry Security Standards Council[472][473] suggests that organizations migrate from TLS 1.0 to TLS 1.1 or higher before June 30, 2018. In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020. In March 2021 Internet Engineering Task Force[467][468] deprecated TLS 1.0 and 1.1 in RFC 8996.
Remove the Transport Layer Security 1.0[235][236] and 1.1 version from the list of TLS versions accepted by your server.
Checked facts
Detailed info