SSL Report: fortuneo.fr (194.51.217.72)
Assessed on:  Wed Sep 17 15:53:51 UTC 2014 | Clear cache
Scan Another »

Summary
Overall Rating
B
0
20
40
60
80
100
Certificate
 
100
Protocol Support
 
70
Key Exchange
 
80
Cipher Strength
 
90

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.
Certificate uses SHA1. When renewing, ensure you upgrade to SHA256.  MORE INFO »
The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.  MORE INFO »
Authentication
Server Key and Certificate #1
Common names www.fortuneo.fr
Alternative names www.fortuneo.fr
Prefix handling Not valid for "fortuneo.fr"   CONFUSING
Valid from Mon Jan 06 00:00:00 UTC 2014
Valid until Mon Feb 16 23:59:59 UTC 2015 (expires in 4 months and 32 days)
Key RSA 2048 bits
Weak key (Debian) No
Issuer VeriSign Class 3 Secure Server CA - G3
Signature algorithm SHA1withRSA   WEAK
Extended Validation No
Revocation information CRL, OCSP
Revocation status Good (not revoked)
Trusted Yes


Additional Certificates (if supplied)
Certificates provided 3 (4100 bytes)
Chain issues None
#2
Subject VeriSign Class 3 Secure Server CA - G3
SHA1: 5deb8f339e264c19f6686f5f8f32b54a4c46b476
Valid until Fri Feb 07 23:59:59 UTC 2020 (expires in 5 years and 4 months)
Key RSA 2048 bits
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Signature algorithm SHA1withRSA   WEAK
#3
Subject VeriSign Class 3 Public Primary Certification Authority - G5
SHA1: f4a80a0cd1e6cf190b8cbc6fbc991711d482c9d0
Valid until Sun Nov 07 23:59:59 UTC 2021 (expires in 7 years and 1 month)
Key RSA 2048 bits
Issuer VeriSign / Class 3 Public Primary Certification Authority
Signature algorithm SHA1withRSA   WEAK


Certification Paths
Path #1: Trusted
1 Sent by server www.fortuneo.fr
SHA1: 68b4a2cb9c42d19e5ff46036374191b88e2c80b4
RSA 2048 bits / SHA1withRSA
WEAK SIGNATURE
2 Sent by server VeriSign Class 3 Secure Server CA - G3
SHA1: 5deb8f339e264c19f6686f5f8f32b54a4c46b476
RSA 2048 bits / SHA1withRSA
WEAK SIGNATURE
3 In trust store VeriSign Class 3 Public Primary Certification Authority - G5
SHA1: 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5
RSA 2048 bits / SHA1withRSA
Weak or insecure signature, but no impact on root certificates
Configuration
Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 Yes
SSL 2 No


Cipher Suites (sorted by strength; the server has no preference)
TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_IDEA_CBC_SHA (0x7) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 112
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 256
TLS_RSA_WITH_IDEA_CBC_SHA (0x7) 128


Handshake Simulation
Android 2.3.7   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Android 4.0.4 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Android 4.1.1 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Android 4.2.2 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Android 4.3 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Android 4.4.2 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
BingBot Dec 2013   No SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
BingPreview Jun 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Chrome 37 / OS X  R TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   FS 128
Firefox 24.2.0 ESR / Win 7 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Firefox 32 / OS X  R TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   FS 128
Googlebot Jun 2014 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5)   No FS   RC4 128
IE 6 / XP   No FS 1   No SNI 2 SSL 3 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
IE 8 / XP   No FS 1   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
IE 8-10 / Win 7  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
IE 11 / Win 7  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
IE 11 / Win 8.1  R TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   No FS 256
IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
IE Mobile 11 / Win Phone 8.1 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
Java 6u45   No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4)   No FS   RC4 128
Java 7u25 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
Java 8b132 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
OpenSSL 1.0.1h TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
Safari 6 / iOS 6.0.1  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
Safari 7 / iOS 7.1  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
Safari 8 / iOS 8.0 Beta  R TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Safari 6.0.4 / OS X 10.8.4  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
Safari 7 / OS X 10.9  R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   No FS 128
Yahoo Slurp Jun 2014   No SNI 2 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
YandexBot Sep 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).


Protocol Details
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info)   SSL 3: 0x7, TLS 1.0: 0x7
TLS compression No
RC4 Yes (not with TLS 1.1 and newer) (more info)
Heartbeat (extension) No
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) Inconclusive (requires investigation) (more info)
Forward Secrecy With some browsers (more info)
Next Protocol Negotiation No
Session resumption (caching) No (IDs empty)
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) No
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance TLS 2.98 
SSL 2 handshake compatibility Yes


Miscellaneous
Test date Wed Sep 17 15:52:24 UTC 2014
Test duration 86.537 seconds
HTTP status code 301
HTTP forwarding http://www.fortuneo.fr
HTTP server signature Apache
Server hostname WWW.FORTUNEO.FR
PCI compliant Yes
FIPS-ready No


SSL Report v1.10.31