diff --git a/spec/html/multiple.html b/spec/html/multiple.html deleted file mode 100644 index a0480f9..0000000 --- a/spec/html/multiple.html +++ /dev/null @@ -1,189 +0,0 @@ - - - - - Qualys SSL Labs - Projects / SSL Server Test / www.fortuneo.fr - - - - - - - - - -
- - - - - - - - -
- -
SSL Report: fortuneo.fr
- -
- Assessed on:  Tue Oct 21 12:45:03 PDT 2014 - | Clear cache -
- -
Scan Another >>
-
- - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 ServerDomain(s)Test timeGrade
1 - 93.20.46.72 -
WWW.FORTUNEO.FR
- - Ready
-
-

- fortuneo.fr
- www.fortuneo.fr -

-
- Tue Oct 21 12:43:04 PDT 2014 -
- Duration: 96.945 sec -
-
C
-
2 - 93.20.42.72 -
WWW.FORTUNEO.FR
- - Certificate not valid for domain name
-
-

- fortuneo.fr
-

-
- Tue Oct 21 12:44:41 PDT 2014 -
- Duration: 11.335 sec -
- - -
3 - 194.51.217.72 -
WWW.FORTUNEO.FR
- - Certificate not valid for domain name
-
-

- fortuneo.fr
-

-
- Tue Oct 21 12:44:53 PDT 2014 -
- Duration: 10.465 sec -
- - -
- -
- Warning: Inconsistent server configuration -
- -

SSL Report v1.10.36

- -
- - - -
- -
- -
- - - - - \ No newline at end of file diff --git a/spec/html/perfect.html b/spec/html/perfect.html deleted file mode 100644 index 75b1aee..0000000 --- a/spec/html/perfect.html +++ /dev/null @@ -1,1806 +0,0 @@ - - - - - Qualys SSL Labs - Projects / SSL Server Test / imirhil.fr - - - - - - - - - - - - -
- - - - - - -
-
SSL Report: - imirhil.fr - (5.135.187.37)
-
- Assessed on:  Wed Sep 17 23:20:49 UTC 2014 - - | Clear cache -
- -
Scan Another »
-
- - - - - -
- - -
-
Summary
-
- -
-
Overall Rating
- -
- A+ -
- - - - - - -
- -
- -
-
-
-
-
-
-
-
-
0
-
20
-
40
-
60
-
80
-
100
-
-
- -
-
-
Certificate
-
 
-
100
-
- -
-
Protocol Support
-
 
-
95
-
- -
-
Key Exchange
-
 
-
80
-
- -
-
Cipher Strength
-
 
-
90
-
-
- -
- -
- -
- Visit our documentation page - for more information, configuration guides, and books. Known issues are documented - here. -
- - - - - - - - - - - - - - - - - -
- Intermediate certificate uses SHA1. When renewing, ensure you upgrade to an all-SHA256 chain. -  MORE INFO » -
- - - - - - - - -
- This server supports HTTP Strict Transport Security with long duration. - Grade set to A+.  MORE INFO » -
- - - - -
-
- - - - -
-
Authentication
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Server Key and Certificate #1
Common nameswww.imirhil.fr
Alternative names www.imirhil.fr imirhil.fr
Prefix handlingBoth (with and without WWW)
Valid fromSat Apr 26 18:46:02 UTC 2014
Valid untilMon Apr 27 08:00:17 UTC 2015 (expires in 7 months and 11 days)
KeyRSA 2048 bits
Weak key (Debian) No
IssuerStartCom Class 1 Primary Intermediate Server CA
Signature algorithmSHA256withRSA
Extended ValidationNo
Revocation information - CRL, OCSP
Revocation statusGood (not revoked)
TrustedYes
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Additional Certificates (if supplied)
Certificates provided2 (3187 bytes)
Chain issuesNone
#2
SubjectStartCom Class 1 Primary Intermediate Server CA
- SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf
Valid untilTue Oct 24 20:54:17 UTC 2017 (expires in 3 years and 1 month)
KeyRSA 2048 bits
IssuerStartCom Certification Authority
Signature algorithmSHA1withRSA -   WEAK
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certification Paths
Path #1: Trusted
1 - - Sent by server - www.imirhil.fr - - -
- SHA1: caa04d0b1d484aadb722262f877bc879e7720bb5 -
- - RSA 2048 bits - / - SHA256withRSA - - - - -
2 - - Sent by server - StartCom Class 1 Primary Intermediate Server CA - - -
- SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf -
- - RSA 2048 bits - / - SHA1withRSA - - - - -
WEAK SIGNATURE
3 - - In trust store - StartCom Certification Authority - - -
- SHA1: a3f1333fe242bfcfc5d14e8f394298406810d1a0 -
- - RSA 4096 bits - / - SHA256withRSA - - - - -
Path #2: Trusted
1 - - Sent by server - www.imirhil.fr - - -
- SHA1: caa04d0b1d484aadb722262f877bc879e7720bb5 -
- - RSA 2048 bits - / - SHA256withRSA - - - - -
2 - - Sent by server - StartCom Class 1 Primary Intermediate Server CA - - -
- SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf -
- - RSA 2048 bits - / - SHA1withRSA - - - - -
WEAK SIGNATURE
3 - - In trust store - StartCom Certification Authority - - -
- SHA1: 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f -
- - RSA 4096 bits - / - SHA1withRSA - - - - -
Weak or insecure signature, but no impact on root certificates
- -
-
- - -
-
Configuration
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Protocols
TLS 1.2Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3No
SSL 2No
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) - -   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) - -   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) - -   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) - - 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) - - 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) - - 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) - - 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) - -   ECDH 256 bits (eq. 3072 bits RSA)   FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) - -   ECDH 256 bits (eq. 3072 bits RSA)   FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) - -   ECDH 256 bits (eq. 3072 bits RSA)   FS 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) - - 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) - - 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) - - 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) - - 128
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) - - 128
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Handshake Simulation
- Android 2.3.7 -   No SNI 2 - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) -   - FS - - - 128 -
- Android 4.0.4 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Android 4.1.1 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Android 4.2.2 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Android 4.3 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Android 4.4.2 - - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) -   - FS - - - 256 -
- BingBot Dec 2013 -   No SNI 2 - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- BingPreview Jun 2014 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Chrome 37 / OS X -  R - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Firefox 24.2.0 ESR / Win 7 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Firefox 32 / OS X -  R - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Googlebot Jun 2014 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- IE 6 / XP -   No FS 1   No SNI 2 - Protocol or cipher suite mismatch - - Fail3 -
- IE 7 / Vista - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- IE 8 / XP -   No FS 1   No SNI 2 - Protocol or cipher suite mismatch - - Fail3 -
- IE 8-10 / Win 7 -  R - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- IE 11 / Win 7 -  R - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- IE 11 / Win 8.1 -  R - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) -   - FS - - - 256 -
- IE Mobile 10 / Win Phone 8.0 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- IE Mobile 11 / Win Phone 8.1 - - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Java 6u45 -   No SNI 2 - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) -   - FS - - - 128 -
- Java 7u25 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) -   - FS - - - 128 -
- Java 8b132 - - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) -   - FS - - - 128 -
- OpenSSL 0.9.8y - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- OpenSSL 1.0.1h - - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) -   - FS - - - 256 -
- Safari 5.1.9 / OS X 10.6.8 - - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Safari 6 / iOS 6.0.1 -  R - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) -   - FS - - - 256 -
- Safari 7 / iOS 7.1 -  R - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) -   - FS - - - 256 -
- Safari 8 / iOS 8.0 Beta -  R - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) -   - FS - - - 256 -
- Safari 6.0.4 / OS X 10.8.4 -  R - TLS 1.0 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) -   - FS - - - 256 -
- Safari 7 / OS X 10.9 -  R - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) -   - FS - - - 256 -
- Yahoo Slurp Jun 2014 -   No SNI 2 - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) -   - FS - - - 256 -
- YandexBot Sep 2014 - - TLS 1.2 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) -   - FS - - - 256 -
- (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. -
- (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. -
- (3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version. -
- (R) Denotes a reference browser or client, with which we expect better effective security. -
- (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). -
- - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Protocol Details
Secure RenegotiationSupported
Secure Client-Initiated RenegotiationNo
Insecure Client-Initiated RenegotiationNo
BEAST attack - Not mitigated server-side (more info) -   TLS 1.0: 0xc014 -
TLS compressionNo
RC4No
Heartbeat (extension)Yes
Heartbleed (vulnerability)No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)No (more info)
Forward SecrecyYes (with most browsers)   ROBUST (more info)
Next Protocol NegotiationNo
Session resumption (caching)Yes
Session resumption (tickets)Yes
OCSP staplingNo
Strict Transport Security (HSTS)Yes   max-age=31536000 -
Long handshake intoleranceNo
TLS extension intoleranceNo
TLS version intolerance - - - - - TLS 2.98  -
SSL 2 handshake compatibility Yes
- - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Miscellaneous
Test dateWed Sep 17 23:18:52 UTC 2014
Test duration117.399 seconds
HTTP status code - 302 -
HTTP forwardinghttps://blog.imirhil.fr
HTTP server signatureApache
Server hostname server.imirhil.fr
PCI compliant Yes
FIPS-ready No
- -

- -
-
- - - -
- - -

SSL Report v1.10.31

- -
- - - -
- -
- -
- - - - - \ No newline at end of file diff --git a/spec/html/results.html b/spec/html/results.html deleted file mode 100644 index 97e1c9a..0000000 --- a/spec/html/results.html +++ /dev/null @@ -1,1699 +0,0 @@ - - - - - Qualys SSL Labs - Projects / SSL Server Test / fortuneo.fr - - - - - - - - - - - - -
- - - - - - -
-
SSL Report: - fortuneo.fr - (194.51.217.72)
-
- Assessed on:  Wed Sep 17 15:53:51 UTC 2014 - - | Clear cache -
- -
Scan Another »
-
- - - - - -
- - -
-
Summary
-
- -
-
Overall Rating
- -
- B -
- - - - - - -
- -
- -
-
-
-
-
-
-
-
-
0
-
20
-
40
-
60
-
80
-
100
-
-
- -
-
-
Certificate
-
 
-
100
-
- -
-
Protocol Support
-
 
-
70
-
- -
-
Key Exchange
-
 
-
80
-
- -
-
Cipher Strength
-
 
-
90
-
-
- -
- -
- -
- Visit our documentation page - for more information, configuration guides, and books. Known issues are documented - here. -
- - - - - - - - - - - - - - - - - -
- Certificate uses SHA1. When renewing, ensure you upgrade to SHA256. -  MORE INFO » -
- - -
- The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B. -
- - - - -
- The server does not support Forward Secrecy with the reference browsers. -  MORE INFO » -
- - - - - - -
-
- - - - -
-
Authentication
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Server Key and Certificate #1
Common nameswww.fortuneo.fr
Alternative names www.fortuneo.fr
Prefix handlingNot valid for "fortuneo.fr"   CONFUSING
Valid fromMon Jan 06 00:00:00 UTC 2014
Valid untilMon Feb 16 23:59:59 UTC 2015 (expires in 4 months and 32 days)
KeyRSA 2048 bits
Weak key (Debian) No
IssuerVeriSign Class 3 Secure Server CA - G3
Signature algorithmSHA1withRSA   WEAK
Extended ValidationNo
Revocation information - CRL, OCSP
Revocation statusGood (not revoked)
TrustedYes
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Additional Certificates (if supplied)
Certificates provided3 (4100 bytes)
Chain issuesNone
#2
SubjectVeriSign Class 3 Secure Server CA - G3
- SHA1: 5deb8f339e264c19f6686f5f8f32b54a4c46b476
Valid untilFri Feb 07 23:59:59 UTC 2020 (expires in 5 years and 4 months)
KeyRSA 2048 bits
IssuerVeriSign Class 3 Public Primary Certification Authority - G5
Signature algorithmSHA1withRSA -   WEAK
#3
SubjectVeriSign Class 3 Public Primary Certification Authority - G5
- SHA1: f4a80a0cd1e6cf190b8cbc6fbc991711d482c9d0
Valid untilSun Nov 07 23:59:59 UTC 2021 (expires in 7 years and 1 month)
KeyRSA 2048 bits
IssuerVeriSign / Class 3 Public Primary Certification Authority
Signature algorithmSHA1withRSA -   WEAK
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certification Paths
Path #1: Trusted
1 - - Sent by server - www.fortuneo.fr - - -
- SHA1: 68b4a2cb9c42d19e5ff46036374191b88e2c80b4 -
- - RSA 2048 bits - / - SHA1withRSA - - - - -
WEAK SIGNATURE
2 - - Sent by server - VeriSign Class 3 Secure Server CA - G3 - - -
- SHA1: 5deb8f339e264c19f6686f5f8f32b54a4c46b476 -
- - RSA 2048 bits - / - SHA1withRSA - - - - -
WEAK SIGNATURE
3 - - In trust store - VeriSign Class 3 Public Primary Certification Authority - G5 - - -
- SHA1: 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5 -
- - RSA 2048 bits - / - SHA1withRSA - - - - -
Weak or insecure signature, but no impact on root certificates
- -
-
- - -
-
Configuration
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Protocols
TLS 1.2No
TLS 1.1 No
TLS 1.0 Yes
SSL 3Yes
SSL 2No
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_MD5 (0x4) - - 128
TLS_RSA_WITH_RC4_128_SHA (0x5) - - 128
TLS_RSA_WITH_IDEA_CBC_SHA (0x7) - - 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) - - 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) - - 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 112
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) - - 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS - 256
TLS_RSA_WITH_IDEA_CBC_SHA (0x7) - - 128
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Handshake Simulation
- Android 2.3.7 -   No SNI 2 - TLS 1.0 - - TLS_RSA_WITH_RC4_128_MD5 (0x4) -   - No FS -   RC4 - - - 128 -
- Android 4.0.4 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Android 4.1.1 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Android 4.2.2 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Android 4.3 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Android 4.4.2 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- BingBot Dec 2013 -   No SNI 2 - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- BingPreview Jun 2014 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Chrome 37 / OS X -  R - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) -   - FS - - - 128 -
- Firefox 24.2.0 ESR / Win 7 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Firefox 32 / OS X -  R - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) -   - FS - - - 128 -
- Googlebot Jun 2014 - - TLS 1.0 - - TLS_RSA_WITH_RC4_128_SHA (0x5) -   - No FS -   RC4 - - - 128 -
- IE 6 / XP -   No FS 1   No SNI 2 - SSL 3 - - TLS_RSA_WITH_RC4_128_MD5 (0x4) -   - No FS -   RC4 - - - 128 -
- IE 7 / Vista - - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- IE 8 / XP -   No FS 1   No SNI 2 - TLS 1.0 - - TLS_RSA_WITH_RC4_128_MD5 (0x4) -   - No FS -   RC4 - - - 128 -
- IE 8-10 / Win 7 -  R - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- IE 11 / Win 7 -  R - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- IE 11 / Win 8.1 -  R - TLS 1.0 - - TLS_RSA_WITH_AES_256_CBC_SHA (0x35) -   - No FS - - - 256 -
- IE Mobile 10 / Win Phone 8.0 - - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- IE Mobile 11 / Win Phone 8.1 - - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- Java 6u45 -   No SNI 2 - TLS 1.0 - - TLS_RSA_WITH_RC4_128_MD5 (0x4) -   - No FS -   RC4 - - - 128 -
- Java 7u25 - - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- Java 8b132 - - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- OpenSSL 0.9.8y - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- OpenSSL 1.0.1h - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Safari 5.1.9 / OS X 10.6.8 - - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- Safari 6 / iOS 6.0.1 -  R - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- Safari 7 / iOS 7.1 -  R - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- Safari 8 / iOS 8.0 Beta -  R - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- Safari 6.0.4 / OS X 10.8.4 -  R - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- Safari 7 / OS X 10.9 -  R - TLS 1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) -   - No FS - - - 128 -
- Yahoo Slurp Jun 2014 -   No SNI 2 - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- YandexBot Sep 2014 - - TLS 1.0 - - TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) -   - FS - - - 256 -
- (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. -
- (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. -
- (R) Denotes a reference browser or client, with which we expect better effective security. -
- (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). -
- - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Protocol Details
Secure RenegotiationSupported
Secure Client-Initiated RenegotiationNo
Insecure Client-Initiated RenegotiationNo
BEAST attack - Not mitigated server-side (more info) -   SSL 3: 0x7, TLS 1.0: 0x7 -
TLS compressionNo
RC4Yes (not with TLS 1.1 and newer) (more info) -
Heartbeat (extension)No
Heartbleed (vulnerability)No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)Inconclusive (requires investigation) (more info)
Forward SecrecyWith some browsers (more info)
Next Protocol NegotiationNo
Session resumption (caching)No (IDs empty)
Session resumption (tickets)Yes
OCSP staplingNo
Strict Transport Security (HSTS)No
Long handshake intoleranceNo
TLS extension intoleranceNo
TLS version intolerance - - - - - TLS 2.98  -
SSL 2 handshake compatibility Yes
- - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Miscellaneous
Test dateWed Sep 17 15:52:24 UTC 2014
Test duration86.537 seconds
HTTP status code - 301 -
HTTP forwardinghttp://www.fortuneo.fr
HTTP server signatureApache
Server hostname WWW.FORTUNEO.FR
PCI compliant Yes
FIPS-ready No
- -

- -
-
- - - -
- - -

SSL Report v1.10.31

- -
- - - -
- -
- -
- - - - - \ No newline at end of file diff --git a/spec/html/waiting.html b/spec/html/waiting.html deleted file mode 100644 index 24dcc59..0000000 --- a/spec/html/waiting.html +++ /dev/null @@ -1,474 +0,0 @@ - - - - - Qualys SSL Labs - Projects / SSL Server Test / imirhil.fr - - - - - - - - - - - - - - - -
- - - - - - -
-
SSL Report: - imirhil.fr - (5.135.187.37)
- - - - - -
- Please wait... - 98% complete - (1 seconds to go)
Determining cipher suite preference
-
- - - -
- - - -
- - - - -
-
Authentication
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Server Key and Certificate #1
Common nameswww.imirhil.fr
Alternative names www.imirhil.fr imirhil.fr
Prefix handlingBoth (with and without WWW)
Valid fromSat Apr 26 18:46:02 UTC 2014
Valid untilMon Apr 27 08:00:17 UTC 2015 (expires in 7 months and 11 days)
KeyRSA 2048 bits
Weak key (Debian) No
IssuerStartCom Class 1 Primary Intermediate Server CA
Signature algorithmSHA256withRSA
Extended ValidationNo
Revocation information - CRL, OCSP
Revocation statusGood (not revoked)
TrustedYes
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Additional Certificates (if supplied)
Certificates provided2 (3187 bytes)
Chain issuesNone
#2
SubjectStartCom Class 1 Primary Intermediate Server CA
- SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf
Valid untilTue Oct 24 20:54:17 UTC 2017 (expires in 3 years and 1 month)
KeyRSA 2048 bits
IssuerStartCom Certification Authority
Signature algorithmSHA1withRSA -   WEAK
- -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certification Paths
Path #1: Trusted
1 - - Sent by server - www.imirhil.fr - - -
- SHA1: caa04d0b1d484aadb722262f877bc879e7720bb5 -
- - RSA 2048 bits - / - SHA256withRSA - - - - -
2 - - Sent by server - StartCom Class 1 Primary Intermediate Server CA - - -
- SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf -
- - RSA 2048 bits - / - SHA1withRSA - - - - -
WEAK SIGNATURE
3 - - In trust store - StartCom Certification Authority - - -
- SHA1: 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f -
- - RSA 4096 bits - / - SHA1withRSA - - - - -
Weak or insecure signature, but no impact on root certificates
Path #2: Trusted
1 - - Sent by server - www.imirhil.fr - - -
- SHA1: caa04d0b1d484aadb722262f877bc879e7720bb5 -
- - RSA 2048 bits - / - SHA256withRSA - - - - -
2 - - Sent by server - StartCom Class 1 Primary Intermediate Server CA - - -
- SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf -
- - RSA 2048 bits - / - SHA1withRSA - - - - -
WEAK SIGNATURE
3 - - In trust store - StartCom Certification Authority - - -
- SHA1: a3f1333fe242bfcfc5d14e8f394298406810d1a0 -
- - RSA 4096 bits - / - SHA256withRSA - - - - -
- -
-
- - - -
- - -

SSL Report v1.10.31

- -
- - - -
- -
- -
- - - - -