SSL Report: imirhil.fr (5.135.187.37)
Assessed on:  Wed Sep 17 23:20:49 UTC 2014 | Clear cache
Scan Another »

Summary
Overall Rating
A+
0
20
40
60
80
100
Certificate
 
100
Protocol Support
 
95
Key Exchange
 
80
Cipher Strength
 
90

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.
Intermediate certificate uses SHA1. When renewing, ensure you upgrade to an all-SHA256 chain.  MORE INFO »
This server supports HTTP Strict Transport Security with long duration. Grade set to A+.  MORE INFO »
Authentication
Server Key and Certificate #1
Common names www.imirhil.fr
Alternative names www.imirhil.fr imirhil.fr
Prefix handling Both (with and without WWW)
Valid from Sat Apr 26 18:46:02 UTC 2014
Valid until Mon Apr 27 08:00:17 UTC 2015 (expires in 7 months and 11 days)
Key RSA 2048 bits
Weak key (Debian) No
Issuer StartCom Class 1 Primary Intermediate Server CA
Signature algorithm SHA256withRSA
Extended Validation No
Revocation information CRL, OCSP
Revocation status Good (not revoked)
Trusted Yes


Additional Certificates (if supplied)
Certificates provided 2 (3187 bytes)
Chain issues None
#2
Subject StartCom Class 1 Primary Intermediate Server CA
SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf
Valid until Tue Oct 24 20:54:17 UTC 2017 (expires in 3 years and 1 month)
Key RSA 2048 bits
Issuer StartCom Certification Authority
Signature algorithm SHA1withRSA   WEAK


Certification Paths
Path #1: Trusted
1 Sent by server www.imirhil.fr
SHA1: caa04d0b1d484aadb722262f877bc879e7720bb5
RSA 2048 bits / SHA256withRSA
2 Sent by server StartCom Class 1 Primary Intermediate Server CA
SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf
RSA 2048 bits / SHA1withRSA
WEAK SIGNATURE
3 In trust store StartCom Certification Authority
SHA1: a3f1333fe242bfcfc5d14e8f394298406810d1a0
RSA 4096 bits / SHA256withRSA
Path #2: Trusted
1 Sent by server www.imirhil.fr
SHA1: caa04d0b1d484aadb722262f877bc879e7720bb5
RSA 2048 bits / SHA256withRSA
2 Sent by server StartCom Class 1 Primary Intermediate Server CA
SHA1: f691fc87efb3135354225a10e127e911d1c7f8cf
RSA 2048 bits / SHA1withRSA
WEAK SIGNATURE
3 In trust store StartCom Certification Authority
SHA1: 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f
RSA 4096 bits / SHA1withRSA
Weak or insecure signature, but no impact on root certificates
Configuration
Protocols
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No


Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH 256 bits (eq. 3072 bits RSA)   FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH 256 bits (eq. 3072 bits RSA)   FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH 256 bits (eq. 3072 bits RSA)   FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH 256 bits (eq. 3072 bits RSA)   FS 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a)   DH 1024 bits (p: 128, g: 1, Ys: 128)   FS 128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128


Handshake Simulation
Android 2.3.7   No SNI 2 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   FS 128
Android 4.0.4 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Android 4.1.1 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Android 4.2.2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Android 4.3 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Android 4.4.2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS 256
BingBot Dec 2013   No SNI 2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
BingPreview Jun 2014 TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
Chrome 37 / OS X  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Firefox 24.2.0 ESR / Win 7 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Firefox 32 / OS X  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Googlebot Jun 2014 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
IE 6 / XP   No FS 1   No SNI 2 Protocol or cipher suite mismatch Fail3
IE 7 / Vista TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
IE 8 / XP   No FS 1   No SNI 2 Protocol or cipher suite mismatch Fail3
IE 8-10 / Win 7  R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
IE 11 / Win 7  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
IE 11 / Win 8.1  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Java 6u45   No SNI 2 TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   FS 128
Java 7u25 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   FS 128
Java 8b132 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   FS 128
OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   FS 256
OpenSSL 1.0.1h TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS 256
Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Safari 6 / iOS 6.0.1  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
Safari 7 / iOS 7.1  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
Safari 8 / iOS 8.0 Beta  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
Safari 6.0.4 / OS X 10.8.4  R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   FS 256
Safari 7 / OS X 10.9  R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   FS 256
Yahoo Slurp Jun 2014   No SNI 2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS 256
YandexBot Sep 2014 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   FS 256
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).


Protocol Details
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation No
Insecure Client-Initiated Renegotiation No
BEAST attack Not mitigated server-side (more info)   TLS 1.0: 0xc014
TLS compression No
RC4 No
Heartbeat (extension) Yes
Heartbleed (vulnerability) No (more info)
OpenSSL CCS vuln. (CVE-2014-0224) No (more info)
Forward Secrecy Yes (with most browsers)   ROBUST (more info)
Next Protocol Negotiation No
Session resumption (caching) Yes
Session resumption (tickets) Yes
OCSP stapling No
Strict Transport Security (HSTS) Yes   max-age=31536000
Long handshake intolerance No
TLS extension intolerance No
TLS version intolerance TLS 2.98 
SSL 2 handshake compatibility Yes


Miscellaneous
Test date Wed Sep 17 23:18:52 UTC 2014
Test duration 117.399 seconds
HTTP status code 302
HTTP forwarding https://blog.imirhil.fr
HTTP server signature Apache
Server hostname server.imirhil.fr
PCI compliant Yes
FIPS-ready No


SSL Report v1.10.31