New upstream version 2.0.9
Sophie Brun
3 years ago
0 | 0 | Changelog |
1 | 1 | ========= |
2 | Version: 2.0.9 | |
3 | Date : 24/03/2021 | |
4 | Author : rbsec <[email protected]> | |
5 | Changes: The following are a list of changes | |
6 | > Warn on TLSv1.1, as it's now deprecated by RFC 8996 | |
7 | ||
2 | 8 | Version: 2.0.8 |
3 | 9 | Date : 12/02/2021 |
4 | 10 | Author : rbsec <[email protected]> |
60 | 60 | * Display EC curve names and DHE key lengths with OpenSSL >= 1.0.2 `--no-cipher-details`. |
61 | 61 | * Flag weak DHE keys with OpenSSL >= 1.0.2 `--cipher-details`. |
62 | 62 | * Flag expired certificates. |
63 | * Flag TLSv1.0 ciphers in output as weak. | |
63 | * Flag TLSv1.0 and TLSv1.1 protocols in output as weak. | |
64 | 64 | * Experimental OS X support (static building only). |
65 | 65 | * Support for scanning PostgreSQL servers (credit nuxi). |
66 | 66 | * Check for TLS Fallback SCSV support. |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [31menabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 enabled | |
9 | TLSv1.1 [33menabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 | |
55 | 55 | Accepted TLSv1.2 [32m128[0m bits [33mRC4-SHA [0m |
56 | 56 | Accepted TLSv1.2 [32m128[0m bits [33mRC4-MD5 [0m |
57 | 57 | Accepted TLSv1.2 [32m112[0m bits [33mDES-CBC3-SHA [0m |
58 | [32mPreferred[0m TLSv1.1 [32m256[0m bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 | |
59 | Accepted TLSv1.1 [32m256[0m bits DHE-RSA-AES256-SHA DHE 2048 bits | |
60 | Accepted TLSv1.1 [32m256[0m bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits | |
61 | Accepted TLSv1.1 [32m128[0m bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 | |
62 | Accepted TLSv1.1 [32m128[0m bits DHE-RSA-AES128-SHA DHE 2048 bits | |
63 | Accepted TLSv1.1 [32m128[0m bits DHE-RSA-SEED-SHA DHE 2048 bits | |
64 | Accepted TLSv1.1 [32m128[0m bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits | |
65 | Accepted TLSv1.1 [32m128[0m bits [33mECDHE-RSA-RC4-SHA [0m Curve P-256 DHE 256 | |
66 | Accepted TLSv1.1 [32m112[0m bits [33mECDHE-RSA-DES-CBC3-SHA [0m Curve P-256 DHE 256 | |
67 | Accepted TLSv1.1 [32m112[0m bits [33mDHE-RSA-DES-CBC3-SHA [0m DHE 2048 bits | |
68 | Accepted TLSv1.1 [32m256[0m bits AES256-SHA | |
69 | Accepted TLSv1.1 [32m256[0m bits CAMELLIA256-SHA | |
70 | Accepted TLSv1.1 [32m128[0m bits AES128-SHA | |
71 | Accepted TLSv1.1 [32m128[0m bits SEED-SHA | |
72 | Accepted TLSv1.1 [32m128[0m bits CAMELLIA128-SHA | |
73 | Accepted TLSv1.1 [32m128[0m bits IDEA-CBC-SHA | |
74 | Accepted TLSv1.1 [32m128[0m bits [33mRC4-SHA [0m | |
75 | Accepted TLSv1.1 [32m128[0m bits [33mRC4-MD5 [0m | |
76 | Accepted TLSv1.1 [32m112[0m bits [33mDES-CBC3-SHA [0m | |
58 | [32mPreferred[0m [33mTLSv1.1[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 | |
59 | Accepted [33mTLSv1.1[0m [32m256[0m bits DHE-RSA-AES256-SHA DHE 2048 bits | |
60 | Accepted [33mTLSv1.1[0m [32m256[0m bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits | |
61 | Accepted [33mTLSv1.1[0m [32m128[0m bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 | |
62 | Accepted [33mTLSv1.1[0m [32m128[0m bits DHE-RSA-AES128-SHA DHE 2048 bits | |
63 | Accepted [33mTLSv1.1[0m [32m128[0m bits DHE-RSA-SEED-SHA DHE 2048 bits | |
64 | Accepted [33mTLSv1.1[0m [32m128[0m bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits | |
65 | Accepted [33mTLSv1.1[0m [32m128[0m bits [33mECDHE-RSA-RC4-SHA [0m Curve P-256 DHE 256 | |
66 | Accepted [33mTLSv1.1[0m [32m112[0m bits [33mECDHE-RSA-DES-CBC3-SHA [0m Curve P-256 DHE 256 | |
67 | Accepted [33mTLSv1.1[0m [32m112[0m bits [33mDHE-RSA-DES-CBC3-SHA [0m DHE 2048 bits | |
68 | Accepted [33mTLSv1.1[0m [32m256[0m bits AES256-SHA | |
69 | Accepted [33mTLSv1.1[0m [32m256[0m bits CAMELLIA256-SHA | |
70 | Accepted [33mTLSv1.1[0m [32m128[0m bits AES128-SHA | |
71 | Accepted [33mTLSv1.1[0m [32m128[0m bits SEED-SHA | |
72 | Accepted [33mTLSv1.1[0m [32m128[0m bits CAMELLIA128-SHA | |
73 | Accepted [33mTLSv1.1[0m [32m128[0m bits IDEA-CBC-SHA | |
74 | Accepted [33mTLSv1.1[0m [32m128[0m bits [33mRC4-SHA [0m | |
75 | Accepted [33mTLSv1.1[0m [32m128[0m bits [33mRC4-MD5 [0m | |
76 | Accepted [33mTLSv1.1[0m [32m112[0m bits [33mDES-CBC3-SHA [0m | |
77 | 77 | [32mPreferred[0m [33mTLSv1.0[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 |
78 | 78 | Accepted [33mTLSv1.0[0m [32m256[0m bits DHE-RSA-AES256-SHA DHE 2048 bits |
79 | 79 | Accepted [33mTLSv1.0[0m [32m256[0m bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits |
97 | 97 | [1;34mServer Key Exchange Group(s):[0m |
98 | 98 | TLSv1.2 [32m128[0m bits secp256r1 (NIST P-256)[0m |
99 | 99 | |
100 | [1;34mServer Signature Algorithm(s):[0m | |
101 | TLSv1.2 [31mrsa_pkcs1_sha1[0m | |
102 | TLSv1.2 [31mdsa_sha1[0m | |
103 | TLSv1.2 [31mecdsa_sha1[0m | |
104 | TLSv1.2 [33mrsa_pkcs1_sha224[0m | |
105 | TLSv1.2 [31mdsa_sha224[0m | |
106 | TLSv1.2 [33mecdsa_sha224[0m | |
107 | TLSv1.2 rsa_pkcs1_sha256[0m | |
108 | TLSv1.2 [31mdsa_sha256[0m | |
109 | TLSv1.2 ecdsa_secp256r1_sha256[0m | |
110 | TLSv1.2 rsa_pkcs1_sha384[0m | |
111 | TLSv1.2 [31mdsa_sha384[0m | |
112 | TLSv1.2 ecdsa_secp384r1_sha384[0m | |
113 | TLSv1.2 rsa_pkcs1_sha512[0m | |
114 | TLSv1.2 [31mdsa_sha512[0m | |
115 | TLSv1.2 ecdsa_secp521r1_sha512[0m | |
116 | ||
117 | 100 | [1;34mSSL Certificate:[0m |
118 | 101 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
119 | 102 | RSA Key Strength: 2048 |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 enabled | |
9 | TLSv1.1 [33menabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | TLSv1.3 [32menabled[0m | |
11 | TLSv1.3 [33mdisabled[0m | |
12 | 12 | |
13 | 13 | [1;34mOCSP Stapling Request:[0m |
14 | 14 | OCSP Response Status: successful (0x0) |
6 | 6 | SSLv2 [31menabled[0m |
7 | 7 | SSLv3 [31menabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 disabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 | |
48 | 48 | [1;34mServer Key Exchange Group(s):[0m |
49 | 49 | TLSv1.0 [32m128[0m bits secp256r1 (NIST P-256)[0m |
50 | 50 | |
51 | [1;34mServer Signature Algorithm(s):[0m | |
52 | TLSv1.0[33m Server accepts all signature algorithms.[0m | |
53 | ||
54 | 51 | [1;34mSSL Certificate:[0m |
55 | 52 | Signature Algorithm: [31mmd5WithRSAEncryption[0m |
56 | 53 | RSA Key Strength: [31m512[0m |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 enabled | |
9 | TLSv1.1 [33menabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [32menabled[0m |
12 | 12 | |
48 | 48 | Accepted TLSv1.2 [32m128[0m bits AES128-CCM |
49 | 49 | Accepted TLSv1.2 [32m256[0m bits AES256-SHA |
50 | 50 | Accepted TLSv1.2 [32m128[0m bits AES128-SHA |
51 | [32mPreferred[0m TLSv1.1 [32m256[0m bits ECDHE-RSA-AES256-SHA Curve [32m25519[0m DHE 253 | |
52 | Accepted TLSv1.1 [32m256[0m bits DHE-RSA-AES256-SHA DHE 2048 bits | |
53 | Accepted TLSv1.1 [32m128[0m bits ECDHE-RSA-AES128-SHA Curve [32m25519[0m DHE 253 | |
54 | Accepted TLSv1.1 [32m128[0m bits DHE-RSA-AES128-SHA DHE 2048 bits | |
55 | Accepted TLSv1.1 [32m256[0m bits AES256-SHA | |
56 | Accepted TLSv1.1 [32m128[0m bits AES128-SHA | |
51 | [32mPreferred[0m [33mTLSv1.1[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve [32m25519[0m DHE 253 | |
52 | Accepted [33mTLSv1.1[0m [32m256[0m bits DHE-RSA-AES256-SHA DHE 2048 bits | |
53 | Accepted [33mTLSv1.1[0m [32m128[0m bits ECDHE-RSA-AES128-SHA Curve [32m25519[0m DHE 253 | |
54 | Accepted [33mTLSv1.1[0m [32m128[0m bits DHE-RSA-AES128-SHA DHE 2048 bits | |
55 | Accepted [33mTLSv1.1[0m [32m256[0m bits AES256-SHA | |
56 | Accepted [33mTLSv1.1[0m [32m128[0m bits AES128-SHA | |
57 | 57 | [32mPreferred[0m [33mTLSv1.0[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve [32m25519[0m DHE 253 |
58 | 58 | Accepted [33mTLSv1.0[0m [32m256[0m bits DHE-RSA-AES256-SHA DHE 2048 bits |
59 | 59 | Accepted [33mTLSv1.0[0m [32m128[0m bits ECDHE-RSA-AES128-SHA Curve [32m25519[0m DHE 253 |
76 | 76 | TLSv1.2 [32m260[0m bits secp521r1 (NIST P-521)[0m |
77 | 77 | TLSv1.2 [32m128[0m bits [32mx25519[0m |
78 | 78 | |
79 | [1;34mServer Signature Algorithm(s):[0m | |
80 | TLSv1.3 rsa_pss_rsae_sha256[0m | |
81 | TLSv1.3 rsa_pss_rsae_sha384[0m | |
82 | TLSv1.3 rsa_pss_rsae_sha512[0m | |
83 | TLSv1.2[33m Server accepts all signature algorithms.[0m | |
84 | ||
85 | 79 | [1;34mSSL Certificate:[0m |
86 | 80 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
87 | RSA Key Strength: 3072 | |
81 | RSA Key Strength: [32m3072[0m | |
88 | 82 | |
89 | 83 | Subject: lmgtfy.com |
90 | 84 | Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere[0m |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [32menabled[0m |
12 | 12 | |
52 | 52 | TLSv1.3 [32m192[0m bits ffdhe8192[0m |
53 | 53 | TLSv1.2 [32m260[0m bits secp521r1 (NIST P-521)[0m |
54 | 54 | |
55 | [1;34mServer Signature Algorithm(s):[0m | |
56 | TLSv1.3 rsa_pss_rsae_sha256[0m | |
57 | TLSv1.3 rsa_pss_rsae_sha384[0m | |
58 | TLSv1.3 rsa_pss_rsae_sha512[0m | |
59 | TLSv1.2[33m Server accepts all signature algorithms.[0m | |
60 | ||
61 | 55 | [1;34mSSL Certificate:[0m |
62 | 56 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
63 | RSA Key Strength: 3072 | |
57 | RSA Key Strength: [32m3072[0m | |
64 | 58 | |
65 | 59 | Subject: lmgtfy.com |
66 | 60 | Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere[0m |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 enabled | |
9 | TLSv1.1 [33menabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [32menabled[0m |
12 | 12 | |
37 | 37 | Accepted TLSv1.2 [32m128[0m bits ECDHE-ECDSA-AES128-CCM Curve [32m25519[0m DHE 253 |
38 | 38 | Accepted TLSv1.2 [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve [32m25519[0m DHE 253 |
39 | 39 | Accepted TLSv1.2 [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve [32m25519[0m DHE 253 |
40 | [32mPreferred[0m TLSv1.1 [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve [32m25519[0m DHE 253 | |
41 | Accepted TLSv1.1 [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve [32m25519[0m DHE 253 | |
40 | [32mPreferred[0m [33mTLSv1.1[0m [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve [32m25519[0m DHE 253 | |
41 | Accepted [33mTLSv1.1[0m [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve [32m25519[0m DHE 253 | |
42 | 42 | [32mPreferred[0m [33mTLSv1.0[0m [32m256[0m bits ECDHE-ECDSA-AES256-SHA Curve [32m25519[0m DHE 253 |
43 | 43 | Accepted [33mTLSv1.0[0m [32m128[0m bits ECDHE-ECDSA-AES128-SHA Curve [32m25519[0m DHE 253 |
44 | 44 | |
57 | 57 | TLSv1.2 [32m260[0m bits secp521r1 (NIST P-521)[0m |
58 | 58 | TLSv1.2 [32m128[0m bits [32mx25519[0m |
59 | 59 | |
60 | [1;34mServer Signature Algorithm(s):[0m | |
61 | TLSv1.3 ecdsa_secp256r1_sha256[0m | |
62 | TLSv1.2 [31mecdsa_sha1[0m | |
63 | TLSv1.2 ecdsa_secp256r1_sha256[0m | |
64 | TLSv1.2 ecdsa_secp384r1_sha384[0m | |
65 | TLSv1.2 ecdsa_secp521r1_sha512[0m | |
66 | ||
67 | 60 | [1;34mSSL Certificate:[0m |
68 | 61 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
69 | 62 | ECC Curve Name: prime256v1 |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 | |
49 | 49 | [1;34mServer Key Exchange Group(s):[0m |
50 | 50 | TLSv1.2 [31m81[0m bits [31msect163k1[0m |
51 | 51 | |
52 | [1;34mServer Signature Algorithm(s):[0m | |
53 | TLSv1.2 [31mrsa_pkcs1_sha1[0m | |
54 | TLSv1.2 [31mdsa_sha1[0m | |
55 | TLSv1.2 [31mecdsa_sha1[0m | |
56 | TLSv1.2 [33mrsa_pkcs1_sha224[0m | |
57 | TLSv1.2 [31mdsa_sha224[0m | |
58 | TLSv1.2 [33mecdsa_sha224[0m | |
59 | TLSv1.2 rsa_pkcs1_sha256[0m | |
60 | TLSv1.2 [31mdsa_sha256[0m | |
61 | TLSv1.2 ecdsa_secp256r1_sha256[0m | |
62 | TLSv1.2 rsa_pkcs1_sha384[0m | |
63 | TLSv1.2 [31mdsa_sha384[0m | |
64 | TLSv1.2 ecdsa_secp384r1_sha384[0m | |
65 | TLSv1.2 rsa_pkcs1_sha512[0m | |
66 | TLSv1.2 [31mdsa_sha512[0m | |
67 | TLSv1.2 ecdsa_secp521r1_sha512[0m | |
68 | ||
69 | 52 | [1;34mSSL Certificate:[0m |
70 | 53 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
71 | 54 | RSA Key Strength: [31m1024[0m |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 | |
40 | 40 | [1;34mServer Key Exchange Group(s):[0m |
41 | 41 | TLSv1.2 [32m256[0m bits brainpoolP512r1[0m |
42 | 42 | |
43 | [1;34mServer Signature Algorithm(s):[0m | |
44 | TLSv1.2 [31mrsa_pkcs1_sha1[0m | |
45 | TLSv1.2 [33mrsa_pkcs1_sha224[0m | |
46 | TLSv1.2 rsa_pkcs1_sha256[0m | |
47 | TLSv1.2 rsa_pkcs1_sha384[0m | |
48 | TLSv1.2 rsa_pkcs1_sha512[0m | |
49 | TLSv1.2 rsa_pss_rsae_sha256[0m | |
50 | TLSv1.2 rsa_pss_rsae_sha384[0m | |
51 | ||
52 | 43 | [1;34mSSL Certificate:[0m |
53 | 44 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
54 | 45 | RSA Key Strength: [31m1024[0m |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 | |
33 | 33 | TLSv1.2 [32m260[0m bits secp521r1 (NIST P-521)[0m |
34 | 34 | TLSv1.2 [32m128[0m bits [32mx25519[0m |
35 | 35 | |
36 | [1;34mServer Signature Algorithm(s):[0m | |
37 | TLSv1.2 [31mecdsa_sha1[0m | |
38 | ||
39 | 36 | [1;34mSSL Certificate:[0m |
40 | 37 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
41 | 38 | ECC Curve Name: prime256v1 |
6 | 6 | SSLv2 [31menabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 disabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [31menabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 disabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 enabled | |
9 | TLSv1.1 [33menabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [32menabled[0m |
12 | 12 | |
49 | 49 | Accepted TLSv1.2 [32m128[0m bits AES128-SHA256 |
50 | 50 | Accepted TLSv1.2 [32m256[0m bits AES256-SHA |
51 | 51 | Accepted TLSv1.2 [32m128[0m bits AES128-SHA |
52 | [32mPreferred[0m TLSv1.1 [32m256[0m bits ECDHE-RSA-AES256-SHA Curve [32m25519[0m DHE 253 | |
53 | Accepted TLSv1.1 [32m256[0m bits DHE-RSA-AES256-SHA DHE 3072 bits | |
54 | Accepted TLSv1.1 [32m128[0m bits ECDHE-RSA-AES128-SHA Curve [32m25519[0m DHE 253 | |
55 | Accepted TLSv1.1 [32m128[0m bits DHE-RSA-AES128-SHA DHE 3072 bits | |
56 | Accepted TLSv1.1 [32m256[0m bits AES256-SHA | |
57 | Accepted TLSv1.1 [32m128[0m bits AES128-SHA | |
52 | [32mPreferred[0m [33mTLSv1.1[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve [32m25519[0m DHE 253 | |
53 | Accepted [33mTLSv1.1[0m [32m256[0m bits DHE-RSA-AES256-SHA DHE 3072 bits | |
54 | Accepted [33mTLSv1.1[0m [32m128[0m bits ECDHE-RSA-AES128-SHA Curve [32m25519[0m DHE 253 | |
55 | Accepted [33mTLSv1.1[0m [32m128[0m bits DHE-RSA-AES128-SHA DHE 3072 bits | |
56 | Accepted [33mTLSv1.1[0m [32m256[0m bits AES256-SHA | |
57 | Accepted [33mTLSv1.1[0m [32m128[0m bits AES128-SHA | |
58 | 58 | [32mPreferred[0m [33mTLSv1.0[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve [32m25519[0m DHE 253 |
59 | 59 | Accepted [33mTLSv1.0[0m [32m256[0m bits DHE-RSA-AES256-SHA DHE 3072 bits |
60 | 60 | Accepted [33mTLSv1.0[0m [32m128[0m bits ECDHE-RSA-AES128-SHA Curve [32m25519[0m DHE 253 |
74 | 74 | TLSv1.2 [32m128[0m bits [32mx25519[0m |
75 | 75 | TLSv1.2 [32m224[0m bits [32mx448[0m |
76 | 76 | |
77 | [1;34mServer Signature Algorithm(s):[0m | |
78 | TLSv1.3 rsa_pss_rsae_sha256[0m | |
79 | TLSv1.3 rsa_pss_rsae_sha384[0m | |
80 | TLSv1.3 rsa_pss_rsae_sha512[0m | |
81 | TLSv1.2 [31mrsa_pkcs1_sha1[0m | |
82 | TLSv1.2 [33mrsa_pkcs1_sha224[0m | |
83 | TLSv1.2 rsa_pkcs1_sha256[0m | |
84 | TLSv1.2 rsa_pkcs1_sha384[0m | |
85 | TLSv1.2 rsa_pkcs1_sha512[0m | |
86 | TLSv1.2 rsa_pss_rsae_sha256[0m | |
87 | TLSv1.2 rsa_pss_rsae_sha384[0m | |
88 | TLSv1.2 rsa_pss_rsae_sha512[0m | |
89 | ||
90 | 77 | [1;34mSSL Certificate:[0m |
91 | 78 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
92 | RSA Key Strength: 3072 | |
79 | RSA Key Strength: [32m3072[0m | |
93 | 80 | |
94 | 81 | Subject: lmgtfy.com |
95 | 82 | Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere[0m |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [31menabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 enabled | |
9 | TLSv1.1 [33menabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 | |
76 | 76 | Accepted TLSv1.2 [31m56[0m bits [33mTLS_RSA_WITH_DES_CBC_SHA [0m |
77 | 77 | Accepted TLSv1.2 [31m56[0m bits [33mTLS_DHE_RSA_WITH_DES_CBC_SHA [0m |
78 | 78 | Accepted TLSv1.2 [31m56[0m bits [35mTLS_DH_anon_WITH_DES_CBC_SHA [0m |
79 | [32mPreferred[0m TLSv1.1 [32m256[0m bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 | |
80 | Accepted TLSv1.1 [32m256[0m bits DHE-RSA-AES256-SHA DHE [33m1024[0m bits | |
81 | Accepted TLSv1.1 [32m256[0m bits DHE-RSA-CAMELLIA256-SHA DHE [33m1024[0m bits | |
82 | Accepted TLSv1.1 [32m256[0m bits [35mAECDH-AES256-SHA [0m Curve P-256 DHE 256 | |
83 | Accepted TLSv1.1 [32m256[0m bits [35mADH-AES256-SHA [0m DHE [33m1024[0m bits | |
84 | Accepted TLSv1.1 [32m256[0m bits [35mADH-CAMELLIA256-SHA [0m DHE [33m1024[0m bits | |
85 | Accepted TLSv1.1 [32m128[0m bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 | |
86 | Accepted TLSv1.1 [32m128[0m bits DHE-RSA-AES128-SHA DHE [33m1024[0m bits | |
87 | Accepted TLSv1.1 [32m128[0m bits DHE-RSA-SEED-SHA DHE [33m1024[0m bits | |
88 | Accepted TLSv1.1 [32m128[0m bits DHE-RSA-CAMELLIA128-SHA DHE [33m1024[0m bits | |
89 | Accepted TLSv1.1 [32m128[0m bits [35mAECDH-AES128-SHA [0m Curve P-256 DHE 256 | |
90 | Accepted TLSv1.1 [32m128[0m bits [35mADH-AES128-SHA [0m DHE [33m1024[0m bits | |
91 | Accepted TLSv1.1 [32m128[0m bits [35mADH-SEED-SHA [0m DHE [33m1024[0m bits | |
92 | Accepted TLSv1.1 [32m128[0m bits [35mADH-CAMELLIA128-SHA [0m DHE [33m1024[0m bits | |
93 | Accepted TLSv1.1 [32m128[0m bits [33mECDHE-RSA-RC4-SHA [0m Curve P-256 DHE 256 | |
94 | Accepted TLSv1.1 [32m128[0m bits [35mAECDH-RC4-SHA [0m Curve P-256 DHE 256 | |
95 | Accepted TLSv1.1 [32m128[0m bits [35mADH-RC4-MD5 [0m DHE [33m1024[0m bits | |
96 | Accepted TLSv1.1 [32m112[0m bits [33mECDHE-RSA-DES-CBC3-SHA [0m Curve P-256 DHE 256 | |
97 | Accepted TLSv1.1 [32m112[0m bits [33mDHE-RSA-DES-CBC3-SHA [0m DHE [33m1024[0m bits | |
98 | Accepted TLSv1.1 [32m112[0m bits [35mAECDH-DES-CBC3-SHA [0m Curve P-256 DHE 256 | |
99 | Accepted TLSv1.1 [32m112[0m bits [35mADH-DES-CBC3-SHA [0m DHE [33m1024[0m bits | |
100 | Accepted TLSv1.1 [32m256[0m bits AES256-SHA | |
101 | Accepted TLSv1.1 [32m256[0m bits CAMELLIA256-SHA | |
102 | Accepted TLSv1.1 [32m128[0m bits AES128-SHA | |
103 | Accepted TLSv1.1 [32m128[0m bits SEED-SHA | |
104 | Accepted TLSv1.1 [32m128[0m bits CAMELLIA128-SHA | |
105 | Accepted TLSv1.1 [32m128[0m bits IDEA-CBC-SHA | |
106 | Accepted TLSv1.1 [32m128[0m bits [33mRC4-SHA [0m | |
107 | Accepted TLSv1.1 [32m128[0m bits [33mRC4-MD5 [0m | |
108 | Accepted TLSv1.1 [32m112[0m bits [33mDES-CBC3-SHA [0m | |
109 | Accepted TLSv1.1 [31m40[0m bits [31mTLS_RSA_EXPORT_WITH_RC4_40_MD5[0m | |
110 | Accepted TLSv1.1 [31m40[0m bits [31mTLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5[0m | |
111 | Accepted TLSv1.1 [31m40[0m bits [31mTLS_RSA_EXPORT_WITH_DES40_CBC_SHA[0m | |
112 | Accepted TLSv1.1 [31m56[0m bits [33mTLS_RSA_WITH_DES_CBC_SHA [0m | |
113 | Accepted TLSv1.1 [31m56[0m bits [33mTLS_DHE_RSA_WITH_DES_CBC_SHA [0m | |
114 | Accepted TLSv1.1 [31m56[0m bits [35mTLS_DH_anon_WITH_DES_CBC_SHA [0m | |
79 | [32mPreferred[0m [33mTLSv1.1[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 | |
80 | Accepted [33mTLSv1.1[0m [32m256[0m bits DHE-RSA-AES256-SHA DHE [33m1024[0m bits | |
81 | Accepted [33mTLSv1.1[0m [32m256[0m bits DHE-RSA-CAMELLIA256-SHA DHE [33m1024[0m bits | |
82 | Accepted [33mTLSv1.1[0m [32m256[0m bits [35mAECDH-AES256-SHA [0m Curve P-256 DHE 256 | |
83 | Accepted [33mTLSv1.1[0m [32m256[0m bits [35mADH-AES256-SHA [0m DHE [33m1024[0m bits | |
84 | Accepted [33mTLSv1.1[0m [32m256[0m bits [35mADH-CAMELLIA256-SHA [0m DHE [33m1024[0m bits | |
85 | Accepted [33mTLSv1.1[0m [32m128[0m bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256 | |
86 | Accepted [33mTLSv1.1[0m [32m128[0m bits DHE-RSA-AES128-SHA DHE [33m1024[0m bits | |
87 | Accepted [33mTLSv1.1[0m [32m128[0m bits DHE-RSA-SEED-SHA DHE [33m1024[0m bits | |
88 | Accepted [33mTLSv1.1[0m [32m128[0m bits DHE-RSA-CAMELLIA128-SHA DHE [33m1024[0m bits | |
89 | Accepted [33mTLSv1.1[0m [32m128[0m bits [35mAECDH-AES128-SHA [0m Curve P-256 DHE 256 | |
90 | Accepted [33mTLSv1.1[0m [32m128[0m bits [35mADH-AES128-SHA [0m DHE [33m1024[0m bits | |
91 | Accepted [33mTLSv1.1[0m [32m128[0m bits [35mADH-SEED-SHA [0m DHE [33m1024[0m bits | |
92 | Accepted [33mTLSv1.1[0m [32m128[0m bits [35mADH-CAMELLIA128-SHA [0m DHE [33m1024[0m bits | |
93 | Accepted [33mTLSv1.1[0m [32m128[0m bits [33mECDHE-RSA-RC4-SHA [0m Curve P-256 DHE 256 | |
94 | Accepted [33mTLSv1.1[0m [32m128[0m bits [35mAECDH-RC4-SHA [0m Curve P-256 DHE 256 | |
95 | Accepted [33mTLSv1.1[0m [32m128[0m bits [35mADH-RC4-MD5 [0m DHE [33m1024[0m bits | |
96 | Accepted [33mTLSv1.1[0m [32m112[0m bits [33mECDHE-RSA-DES-CBC3-SHA [0m Curve P-256 DHE 256 | |
97 | Accepted [33mTLSv1.1[0m [32m112[0m bits [33mDHE-RSA-DES-CBC3-SHA [0m DHE [33m1024[0m bits | |
98 | Accepted [33mTLSv1.1[0m [32m112[0m bits [35mAECDH-DES-CBC3-SHA [0m Curve P-256 DHE 256 | |
99 | Accepted [33mTLSv1.1[0m [32m112[0m bits [35mADH-DES-CBC3-SHA [0m DHE [33m1024[0m bits | |
100 | Accepted [33mTLSv1.1[0m [32m256[0m bits AES256-SHA | |
101 | Accepted [33mTLSv1.1[0m [32m256[0m bits CAMELLIA256-SHA | |
102 | Accepted [33mTLSv1.1[0m [32m128[0m bits AES128-SHA | |
103 | Accepted [33mTLSv1.1[0m [32m128[0m bits SEED-SHA | |
104 | Accepted [33mTLSv1.1[0m [32m128[0m bits CAMELLIA128-SHA | |
105 | Accepted [33mTLSv1.1[0m [32m128[0m bits IDEA-CBC-SHA | |
106 | Accepted [33mTLSv1.1[0m [32m128[0m bits [33mRC4-SHA [0m | |
107 | Accepted [33mTLSv1.1[0m [32m128[0m bits [33mRC4-MD5 [0m | |
108 | Accepted [33mTLSv1.1[0m [32m112[0m bits [33mDES-CBC3-SHA [0m | |
109 | Accepted [33mTLSv1.1[0m [31m40[0m bits [31mTLS_RSA_EXPORT_WITH_RC4_40_MD5[0m | |
110 | Accepted [33mTLSv1.1[0m [31m40[0m bits [31mTLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5[0m | |
111 | Accepted [33mTLSv1.1[0m [31m40[0m bits [31mTLS_RSA_EXPORT_WITH_DES40_CBC_SHA[0m | |
112 | Accepted [33mTLSv1.1[0m [31m56[0m bits [33mTLS_RSA_WITH_DES_CBC_SHA [0m | |
113 | Accepted [33mTLSv1.1[0m [31m56[0m bits [33mTLS_DHE_RSA_WITH_DES_CBC_SHA [0m | |
114 | Accepted [33mTLSv1.1[0m [31m56[0m bits [35mTLS_DH_anon_WITH_DES_CBC_SHA [0m | |
115 | 115 | [32mPreferred[0m [33mTLSv1.0[0m [32m256[0m bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256 |
116 | 116 | Accepted [33mTLSv1.0[0m [32m256[0m bits DHE-RSA-AES256-SHA DHE [33m1024[0m bits |
117 | 117 | Accepted [33mTLSv1.0[0m [32m256[0m bits DHE-RSA-CAMELLIA256-SHA DHE [33m1024[0m bits |
152 | 152 | [1;34mServer Key Exchange Group(s):[0m |
153 | 153 | TLSv1.2 [32m128[0m bits secp256r1 (NIST P-256)[0m |
154 | 154 | |
155 | [1;34mServer Signature Algorithm(s):[0m | |
156 | TLSv1.2 [31mrsa_pkcs1_sha1[0m | |
157 | TLSv1.2 [31mdsa_sha1[0m | |
158 | TLSv1.2 [31mecdsa_sha1[0m | |
159 | TLSv1.2 [33mrsa_pkcs1_sha224[0m | |
160 | TLSv1.2 [31mdsa_sha224[0m | |
161 | TLSv1.2 [33mecdsa_sha224[0m | |
162 | TLSv1.2 rsa_pkcs1_sha256[0m | |
163 | TLSv1.2 [31mdsa_sha256[0m | |
164 | TLSv1.2 ecdsa_secp256r1_sha256[0m | |
165 | TLSv1.2 rsa_pkcs1_sha384[0m | |
166 | TLSv1.2 [31mdsa_sha384[0m | |
167 | TLSv1.2 ecdsa_secp384r1_sha384[0m | |
168 | TLSv1.2 rsa_pkcs1_sha512[0m | |
169 | TLSv1.2 [31mdsa_sha512[0m | |
170 | TLSv1.2 ecdsa_secp521r1_sha512[0m | |
171 | ||
172 | 155 | [1;34mSSL Certificate:[0m |
173 | 156 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
174 | 157 | RSA Key Strength: [31m1024[0m |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 disabled |
11 | 11 | TLSv1.3 [32menabled[0m |
12 | 12 | |
36 | 36 | TLSv1.3 [32m128[0m bits [32mx25519[0m |
37 | 37 | TLSv1.3 [32m224[0m bits [32mx448[0m |
38 | 38 | |
39 | [1;34mServer Signature Algorithm(s):[0m | |
40 | TLSv1.3 rsa_pss_rsae_sha256[0m | |
41 | TLSv1.3 rsa_pss_rsae_sha384[0m | |
42 | TLSv1.3 rsa_pss_rsae_sha512[0m | |
43 | ||
44 | 39 | [1;34mSSL Certificate:[0m |
45 | 40 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
46 | RSA Key Strength: 3072 | |
41 | RSA Key Strength: [32m3072[0m | |
47 | 42 | |
48 | 43 | Subject: lmgtfy.com |
49 | 44 | Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere[0m |
6 | 6 | SSLv2 [31menabled[0m |
7 | 7 | SSLv3 [31menabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 disabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 | |
48 | 48 | [1;34mServer Key Exchange Group(s):[0m |
49 | 49 | TLSv1.0 [32m128[0m bits secp256r1 (NIST P-256)[0m |
50 | 50 | |
51 | [1;34mServer Signature Algorithm(s):[0m | |
52 | TLSv1.0[33m Server accepts all signature algorithms.[0m | |
53 | ||
54 | 51 | [1;34mSSL Certificate:[0m |
55 | 52 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
56 | RSA Key Strength: 3072 | |
53 | RSA Key Strength: [32m3072[0m | |
57 | 54 | |
58 | 55 | Subject: lmgtfy.com |
59 | 56 | Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere[0m |
6 | 6 | SSLv2 [31menabled[0m |
7 | 7 | SSLv3 [31menabled[0m |
8 | 8 | TLSv1.0 [33menabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 disabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 | |
70 | 70 | [1;34mServer Key Exchange Group(s):[0m |
71 | 71 | TLSv1.0 [32m128[0m bits secp256r1 (NIST P-256)[0m |
72 | 72 | |
73 | [1;34mServer Signature Algorithm(s):[0m | |
74 | TLSv1.0[33m Server accepts all signature algorithms.[0m | |
75 | ||
76 | 73 | [1;34mSSL Certificate:[0m |
77 | 74 | Signature Algorithm: [32msha256WithRSAEncryption[0m |
78 | RSA Key Strength: 3072 | |
75 | RSA Key Strength: 32m30720m | |
79 | 76 | |
80 | 77 | Subject: lmgtfy.com |
81 | 78 | Issuer: /C=XX/ST=Nowhere in particular/L=Nowhere[0m |
6 | 6 | SSLv2 [32mdisabled[0m |
7 | 7 | SSLv3 [32mdisabled[0m |
8 | 8 | TLSv1.0 [32mdisabled[0m |
9 | TLSv1.1 disabled | |
9 | TLSv1.1 [32mdisabled[0m | |
10 | 10 | TLSv1.2 enabled |
11 | 11 | TLSv1.3 [33mdisabled[0m |
12 | 12 |
1589 | 1589 | printf_xml(" sslversion=\"%s\"", cleanSslMethod); |
1590 | 1590 | if (strcmp(cleanSslMethod, "TLSv1.3") == 0) { |
1591 | 1591 | printf("%sTLSv1.3%s ", COL_GREEN, RESET); |
1592 | } | |
1593 | else if (strcmp(cleanSslMethod, "TLSv1.1") == 0) { | |
1594 | printf("%sTLSv1.1%s ", COL_YELLOW, RESET); | |
1592 | 1595 | } |
1593 | 1596 | else if (strcmp(cleanSslMethod, "TLSv1.0") == 0) { |
1594 | 1597 | printf("%sTLSv1.0%s ", COL_YELLOW, RESET); |
3343 | 3346 | |
3344 | 3347 | if ((options->sslVersion == ssl_all) || (options->sslVersion == tls_all) || (options->sslVersion == tls_v11)) { |
3345 | 3348 | if ((options->tls11_supported = checkIfTLSVersionIsSupported(options, TLSv1_1))) { |
3346 | printf("TLSv1.1 enabled\n"); | |
3349 | printf("TLSv1.1 %senabled%s\n", COL_YELLOW, RESET); | |
3347 | 3350 | printf_xml(" <protocol type=\"tls\" version=\"1.1\" enabled=\"1\" />\n"); |
3348 | 3351 | } else { |
3349 | printf("TLSv1.1 disabled\n"); | |
3352 | printf("TLSv1.1 %sdisabled%s\n", COL_GREEN, RESET); | |
3350 | 3353 | printf_xml(" <protocol type=\"tls\" version=\"1.1\" enabled=\"0\" />\n"); |
3351 | 3354 | } |
3352 | 3355 | } |
5717 | 5720 | |
5718 | 5721 | /* If the server accepted our bogus signature ID, then we can conclude that it will accept all of them (and not test any further). Some servers in the wild do this for some reason... */ |
5719 | 5722 | if (sig_id == BOGUS_SIG_ALG_ID) { |
5720 | printf("%s%s Server accepts all signature algorithms.%s\n", getPrintableTLSName(tls_version), COL_YELLOW, RESET); | |
5723 | printf("%s%s Server accepts all signature algorithms.%s\n", getPrintableTLSName(tls_version), COL_RED, RESET); | |
5721 | 5724 | printf_xml(" <connection-signature-algorithm sslversion=\"%s\" name=\"ANY\" id=\"0xfdff\" />\n", getPrintableTLSName(tls_version)); |
5722 | 5725 | goto done; |
5723 | 5726 | } else { |