17 KiB
17 KiB
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t ftp localhost:21"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:28 -->> 127.0.0.1:21 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:21.
Fatal error: Can't connect to "127.0.0.1:21"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:21"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:30 -->> 127.0.0.1:21 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:21.
Fatal error: Can't connect to "127.0.0.1:21"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t smtp localhost:465"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:32 -->> 127.0.0.1:465 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:465.
Fatal error: Can't connect to "127.0.0.1:465"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t smtp localhost:587"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:34 -->> 127.0.0.1:587 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): --
Oops: STARTTLS handshake failed (code: 1)
Fatal error: repeated STARTTLS problems, giving up (1)
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:465"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:37 -->> 127.0.0.1:465 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:465.
Fatal error: Can't connect to "127.0.0.1:465"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:587"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:39 -->> 127.0.0.1:587 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): --
127.0.0.1:587 doesn't seem to be a TLS/SSL enabled server
The results might look ok but they could be nonsense. Really proceed ? ("yes" to continue) --> Service detected: Couldn't determine what's running on port 587, assuming no HTTP service => skipping all HTTP checks
Testing protocols via native openssl
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 not offered
TLS 1.3 Local problem: timeout --preserve-status 10 ./bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3"
You should not proceed as no protocol was detected. If you still really really want to, say "YES" --> NPN/SPDY not offered
ALPN/HTTP2 not offered
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) with no FS not offered
Forward Secrecy strong encryption (AEAD ciphers) not offered
Testing server's cipher preferences
Has server cipher order? Handshake error!no (NOT ok)
Negotiated protocol TLSv1.2
Negotiated cipher default cipher empty (Hint: if IIS6 give OpenSSL 1.0.1 a try) (limited sense as client will pick)
Cipher per protocol
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1
-
TLSv1.1
-
TLSv1.2
-
TLSv1.3
-
Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
No ciphers supporting Forward Secrecy (FS) offered
Testing server defaults (Server Hello)
TLS extensions (standard) (none)
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID resumption test failed
TLS clock skew SSLv3 through TLS 1.2 didn't return a timestamp
Client problem, No server cerificate could be retrieved. Thus we can't continue with "server defaults".
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. -- (applicable only for HTTPS)
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (RFC 5746) OpenSSL handshake didn't succeed
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) test failed (couldn't connect)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) test failed (couldn't connect)
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK), 38/53 (SSLv2: 8/8) local ciphers
FREAK (CVE-2015-0204) Oops: openssl s_client connect problem
not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK), 123/154 local ciphers
Winshock (CVE-2014-6321), experimental not vulnerable (OK) - no HTTP or RDP
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Could not determine the protocol, only simulating generic clients.
Running client simulations via openssl -- pls note "--ssl-native" will return some false results
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 4.4.2 No connection
Android 5.0.0 No connection
Android 6.0 No connection
Android 7.0 (native) No connection
Android 8.1 (native) No connection
Android 9.0 (native) No connection
Android 10.0 (native) No connection
Chrome 74 (Win 10) No connection
Chrome 79 (Win 10) No connection
Firefox 66 (Win 8.1/10) No connection
Firefox 71 (Win 10) No connection
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 No connection
Edge 15 Win 10 No connection
Edge 17 (Win 10) No connection
Opera 66 (Win 10) No connection
Safari 9 iOS 9 No connection
Safari 9 OS X 10.11 No connection
Safari 10 OS X 10.12 No connection
Safari 12.1 (iOS 12.2) No connection
Safari 13.0 (macOS 10.14.6) No connection
Apple ATS 9 iOS 9 No connection
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 No connection
Java 11.0.2 (OpenJDK) No connection
Java 12.0.1 (OpenJDK) No connection
OpenSSL 1.0.2e No connection
OpenSSL 1.1.0l (Debian) No connection
OpenSSL 1.1.1d (Debian) No connection
Thunderbird (68.3) No connection
Rating (experimental)
Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Protocol Support (weighted) 50 (15)
Key Exchange (weighted) 100 (30)
Cipher Strength (weighted) 60 (24)
Final Score 69
Overall Grade C
Grade cap reasons Grade capped to C. TLS 1.2 or TLS 1.3 are not offered
Grade capped to B. Forward Secrecy (FS) is not supported
Done 2021-01-07 15:11:32 [ 235s] -->> 127.0.0.1:587 (localhost) <<--
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t pop3 localhost:110"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:34 -->> 127.0.0.1:110 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:110.
Fatal error: Can't connect to "127.0.0.1:110"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t pop3 localhost:995"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:36 -->> 127.0.0.1:995 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:995.
Fatal error: Can't connect to "127.0.0.1:995"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:110"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:39 -->> 127.0.0.1:110 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:110.
Fatal error: Can't connect to "127.0.0.1:110"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:995"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:41 -->> 127.0.0.1:995 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:995.
Fatal error: Can't connect to "127.0.0.1:995"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t imap localhost:993"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:43 -->> 127.0.0.1:993 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:993.
Fatal error: Can't connect to "127.0.0.1:993"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:993"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:45 -->> 127.0.0.1:993 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:993.
Fatal error: Can't connect to "127.0.0.1:993"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t postgres localhost:5432"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:48 -->> 127.0.0.1:5432 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:5432.
Fatal error: Can't connect to "127.0.0.1:5432"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:5432"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:50 -->> 127.0.0.1:5432 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:5432.
Fatal error: Can't connect to "127.0.0.1:5432"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t mysql localhost:3306"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:52 -->> 127.0.0.1:3306 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:3306.
Fatal error: Can't connect to "127.0.0.1:3306"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:3306"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:54 -->> 127.0.0.1:3306 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:3306.
Fatal error: Can't connect to "127.0.0.1:3306"
Make sure a firewall is not between you and your scanning target!
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:28 -->> 127.0.0.1:21 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:21.
Fatal error: Can't connect to "127.0.0.1:21"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:21"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:30 -->> 127.0.0.1:21 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:21.
Fatal error: Can't connect to "127.0.0.1:21"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t smtp localhost:465"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:32 -->> 127.0.0.1:465 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:465.
Fatal error: Can't connect to "127.0.0.1:465"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t smtp localhost:587"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:34 -->> 127.0.0.1:587 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): --
Oops: STARTTLS handshake failed (code: 1)
Fatal error: repeated STARTTLS problems, giving up (1)
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:465"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:37 -->> 127.0.0.1:465 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:465.
Fatal error: Can't connect to "127.0.0.1:465"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:587"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:07:39 -->> 127.0.0.1:587 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): --
127.0.0.1:587 doesn't seem to be a TLS/SSL enabled server
The results might look ok but they could be nonsense. Really proceed ? ("yes" to continue) --> Service detected: Couldn't determine what's running on port 587, assuming no HTTP service => skipping all HTTP checks
Testing protocols via native openssl
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 not offered
TLS 1.3 Local problem: timeout --preserve-status 10 ./bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3"
You should not proceed as no protocol was detected. If you still really really want to, say "YES" --> NPN/SPDY not offered
ALPN/HTTP2 not offered
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) not offered
Strong encryption (AEAD ciphers) with no FS not offered
Forward Secrecy strong encryption (AEAD ciphers) not offered
Testing server's cipher preferences
Has server cipher order? Handshake error!no (NOT ok)
Negotiated protocol TLSv1.2
Negotiated cipher default cipher empty (Hint: if IIS6 give OpenSSL 1.0.1 a try) (limited sense as client will pick)
Cipher per protocol
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1
-
TLSv1.1
-
TLSv1.2
-
TLSv1.3
-
Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4
No ciphers supporting Forward Secrecy (FS) offered
Testing server defaults (Server Hello)
TLS extensions (standard) (none)
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID resumption test failed
TLS clock skew SSLv3 through TLS 1.2 didn't return a timestamp
Client problem, No server cerificate could be retrieved. Thus we can't continue with "server defaults".
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. -- (applicable only for HTTPS)
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (RFC 5746) OpenSSL handshake didn't succeed
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) test failed (couldn't connect)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) test failed (couldn't connect)
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK), 38/53 (SSLv2: 8/8) local ciphers
FREAK (CVE-2015-0204) Oops: openssl s_client connect problem
not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK), 123/154 local ciphers
Winshock (CVE-2014-6321), experimental not vulnerable (OK) - no HTTP or RDP
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Could not determine the protocol, only simulating generic clients.
Running client simulations via openssl -- pls note "--ssl-native" will return some false results
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 4.4.2 No connection
Android 5.0.0 No connection
Android 6.0 No connection
Android 7.0 (native) No connection
Android 8.1 (native) No connection
Android 9.0 (native) No connection
Android 10.0 (native) No connection
Chrome 74 (Win 10) No connection
Chrome 79 (Win 10) No connection
Firefox 66 (Win 8.1/10) No connection
Firefox 71 (Win 10) No connection
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 No connection
Edge 15 Win 10 No connection
Edge 17 (Win 10) No connection
Opera 66 (Win 10) No connection
Safari 9 iOS 9 No connection
Safari 9 OS X 10.11 No connection
Safari 10 OS X 10.12 No connection
Safari 12.1 (iOS 12.2) No connection
Safari 13.0 (macOS 10.14.6) No connection
Apple ATS 9 iOS 9 No connection
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 No connection
Java 11.0.2 (OpenJDK) No connection
Java 12.0.1 (OpenJDK) No connection
OpenSSL 1.0.2e No connection
OpenSSL 1.1.0l (Debian) No connection
OpenSSL 1.1.1d (Debian) No connection
Thunderbird (68.3) No connection
Rating (experimental)
Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Protocol Support (weighted) 50 (15)
Key Exchange (weighted) 100 (30)
Cipher Strength (weighted) 60 (24)
Final Score 69
Overall Grade C
Grade cap reasons Grade capped to C. TLS 1.2 or TLS 1.3 are not offered
Grade capped to B. Forward Secrecy (FS) is not supported
Done 2021-01-07 15:11:32 [ 235s] -->> 127.0.0.1:587 (localhost) <<--
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t pop3 localhost:110"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:34 -->> 127.0.0.1:110 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:110.
Fatal error: Can't connect to "127.0.0.1:110"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t pop3 localhost:995"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:36 -->> 127.0.0.1:995 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:995.
Fatal error: Can't connect to "127.0.0.1:995"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:110"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:39 -->> 127.0.0.1:110 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:110.
Fatal error: Can't connect to "127.0.0.1:110"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:995"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:41 -->> 127.0.0.1:995 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:995.
Fatal error: Can't connect to "127.0.0.1:995"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t imap localhost:993"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:43 -->> 127.0.0.1:993 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:993.
Fatal error: Can't connect to "127.0.0.1:993"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:993"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:45 -->> 127.0.0.1:993 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:993.
Fatal error: Can't connect to "127.0.0.1:993"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t postgres localhost:5432"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:48 -->> 127.0.0.1:5432 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:5432.
Fatal error: Can't connect to "127.0.0.1:5432"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:5432"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:50 -->> 127.0.0.1:5432 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:5432.
Fatal error: Can't connect to "127.0.0.1:5432"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t mysql localhost:3306"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:52 -->> 127.0.0.1:3306 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:3306.
Fatal error: Can't connect to "127.0.0.1:3306"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:3306"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
Start 2021-01-07 15:11:54 -->> 127.0.0.1:3306 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:3306.
Fatal error: Can't connect to "127.0.0.1:3306"
Make sure a firewall is not between you and your scanning target!