## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t ftp localhost:21" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:07:28 -->> 127.0.0.1:21 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:21.  Fatal error: Can't connect to "127.0.0.1:21" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:21" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:07:30 -->> 127.0.0.1:21 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:21.  Fatal error: Can't connect to "127.0.0.1:21" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t smtp localhost:465" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:07:32 -->> 127.0.0.1:465 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:465.  Fatal error: Can't connect to "127.0.0.1:465" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t smtp localhost:587" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:07:34 -->> 127.0.0.1:587 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): --  Oops: STARTTLS handshake failed (code: 1) Fatal error: repeated STARTTLS problems, giving up (1) ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:465" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:07:37 -->> 127.0.0.1:465 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:465.  Fatal error: Can't connect to "127.0.0.1:465" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:587" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:07:39 -->> 127.0.0.1:587 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): --  127.0.0.1:587 doesn't seem to be a TLS/SSL enabled server  The results might look ok but they could be nonsense. Really proceed ? ("yes" to continue) -->  Service detected: Couldn't determine what's running on port 587, assuming no HTTP service => skipping all HTTP checks  Testing protocols via native openssl  SSLv2 not offered (OK)  SSLv3 not offered (OK)  TLS 1 not offered  TLS 1.1 not offered  TLS 1.2 not offered  TLS 1.3 Local problem: timeout --preserve-status 10 ./bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3" You should not proceed as no protocol was detected. If you still really really want to, say "YES" -->  NPN/SPDY not offered  ALPN/HTTP2 not offered  Testing cipher categories   NULL ciphers (no encryption) not offered (OK)  Anonymous NULL Ciphers (no authentication) not offered (OK)  Export ciphers (w/o ADH+NULL) not offered (OK)  LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)  Triple DES Ciphers / IDEA not offered  Obsoleted CBC ciphers (AES, ARIA etc.) not offered  Strong encryption (AEAD ciphers) with no FS not offered  Forward Secrecy strong encryption (AEAD ciphers) not offered  Testing server's cipher preferences   Has server cipher order? Handshake error!no (NOT ok)  Negotiated protocol TLSv1.2  Negotiated cipher default cipher empty (Hint: if IIS6 give OpenSSL 1.0.1 a try) (limited sense as client will pick)  Cipher per protocol Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) ----------------------------------------------------------------------------------------------------------------------------- SSLv2 - SSLv3 - TLSv1 - TLSv1.1 - TLSv1.2 - TLSv1.3 -  Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4   No ciphers supporting Forward Secrecy (FS) offered  Testing server defaults (Server Hello)   TLS extensions (standard) (none)  Session Ticket RFC 5077 hint no -- no lifetime advertised  SSL Session ID support yes  Session Resumption Tickets no, ID resumption test failed  TLS clock skew SSLv3 through TLS 1.2 didn't return a timestamp Client problem, No server cerificate could be retrieved. Thus we can't continue with "server defaults".  Testing vulnerabilities   Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension  CCS (CVE-2014-0224) not vulnerable (OK)  Ticketbleed (CVE-2016-9244), experiment. -- (applicable only for HTTPS)  ROBOT Server does not support any cipher suites that use RSA key transport  Secure Renegotiation (RFC 5746) OpenSSL handshake didn't succeed  Secure Client-Initiated Renegotiation not vulnerable (OK)  CRIME, TLS (CVE-2012-4929) test failed (couldn't connect)  POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support  TLS_FALLBACK_SCSV (RFC 7507) test failed (couldn't connect)  SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK), 38/53 (SSLv2: 8/8) local ciphers  FREAK (CVE-2015-0204)  Oops: openssl s_client connect problem not vulnerable (OK)  DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK) no RSA certificate, thus certificate can't be used with SSLv2 elsewhere  LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2  BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1  LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK), 123/154 local ciphers  Winshock (CVE-2014-6321), experimental not vulnerable (OK) - no HTTP or RDP  RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK) Could not determine the protocol, only simulating generic clients.  Running client simulations via openssl  -- pls note "--ssl-native" will return some false results Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy ------------------------------------------------------------------------------------------------ Android 4.4.2 No connection Android 5.0.0 No connection Android 6.0 No connection Android 7.0 (native) No connection Android 8.1 (native) No connection Android 9.0 (native) No connection Android 10.0 (native) No connection Chrome 74 (Win 10) No connection Chrome 79 (Win 10) No connection Firefox 66 (Win 8.1/10) No connection Firefox 71 (Win 10) No connection IE 6 XP No connection IE 8 Win 7 No connection IE 8 XP No connection IE 11 Win 7 No connection IE 11 Win 8.1 No connection IE 11 Win Phone 8.1 No connection IE 11 Win 10 No connection Edge 15 Win 10 No connection Edge 17 (Win 10) No connection Opera 66 (Win 10) No connection Safari 9 iOS 9 No connection Safari 9 OS X 10.11 No connection Safari 10 OS X 10.12 No connection Safari 12.1 (iOS 12.2) No connection Safari 13.0 (macOS 10.14.6) No connection Apple ATS 9 iOS 9 No connection Java 6u45 No connection Java 7u25 No connection Java 8u161 No connection Java 11.0.2 (OpenJDK) No connection Java 12.0.1 (OpenJDK) No connection OpenSSL 1.0.2e No connection OpenSSL 1.1.0l (Debian) No connection OpenSSL 1.1.1d (Debian) No connection Thunderbird (68.3) No connection  Rating (experimental)   Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)  Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide  Protocol Support (weighted) 50 (15)  Key Exchange  (weighted) 100 (30)  Cipher Strength  (weighted) 60 (24)  Final Score 69  Overall Grade C  Grade cap reasons Grade capped to C. TLS 1.2 or TLS 1.3 are not offered Grade capped to B. Forward Secrecy (FS) is not supported  Done 2021-01-07 15:11:32 [ 235s] -->> 127.0.0.1:587 (localhost) <<-- ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t pop3 localhost:110" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:34 -->> 127.0.0.1:110 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:110.  Fatal error: Can't connect to "127.0.0.1:110" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t pop3 localhost:995" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:36 -->> 127.0.0.1:995 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:995.  Fatal error: Can't connect to "127.0.0.1:995" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:110" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:39 -->> 127.0.0.1:110 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:110.  Fatal error: Can't connect to "127.0.0.1:110" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:995" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:41 -->> 127.0.0.1:995 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:995.  Fatal error: Can't connect to "127.0.0.1:995" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t imap localhost:993" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:43 -->> 127.0.0.1:993 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:993.  Fatal error: Can't connect to "127.0.0.1:993" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:993" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:45 -->> 127.0.0.1:993 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:993.  Fatal error: Can't connect to "127.0.0.1:993" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t postgres localhost:5432" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:48 -->> 127.0.0.1:5432 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:5432.  Fatal error: Can't connect to "127.0.0.1:5432" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:5432" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:50 -->> 127.0.0.1:5432 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:5432.  Fatal error: Can't connect to "127.0.0.1:5432" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t mysql localhost:3306" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:52 -->> 127.0.0.1:3306 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:3306.  Fatal error: Can't connect to "127.0.0.1:3306" Make sure a firewall is not between you and your scanning target! ## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:3306" ## at ubuntu-20:./bin/openssl.Linux.x86_64 ## version testssl: 3.1dev 477bd13 from 2021-01-07 ## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")  Start 2021-01-07 15:11:54 -->> 127.0.0.1:3306 (localhost) <<-- A record via: /etc/hosts rDNS (127.0.0.1): -- Oops: TCP connect problem Unable to open a socket to 127.0.0.1:3306.  Fatal error: Can't connect to "127.0.0.1:3306" Make sure a firewall is not between you and your scanning target!