######################################################### testssl.sh 2.5dev http://dev.testssl.sh (59299ce 2015-06-17 11:33:29 -- 1.279) This program is free software. Redistribution + modification under GPLv2 is permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK! Note: you can only check the server with what is available (ciphers/protocols) locally on your machine! ######################################################### Using "OpenSSL 1.0.2a 19 Mar 2015" [~141 ciphers] on adam-w530:/usr/bin/openssl (built: "reproducible build, date unspecified", platform: "Cygwin-x86_64") For now I am providing the config file in to have GOST support Testing now all MX records (on port 25): eugeni.torproject.org ------------------------------------------------------------------------------------------------------------------------- Testing now (2015-06-19 11:29) ---> 38.229.72.13:25 (eugeni.torproject.org) <--- rDNS (38.229.72.13): eugeni.torproject.org Service set: STARTTLS via SMTP --> Testing protocols (via native openssl) SSLv2 not offered (OK) SSLv3 offered (NOT ok) TLS 1 offered TLS 1.1 offered TLS 1.2 offered (OK) SPDY/NPN (SPDY is a HTTP protocol and thus not tested here) --> Testing ~standard cipher lists Null Ciphers not offered (OK) Anonymous NULL Ciphers not offered (OK) Anonymous DH Ciphers not offered (OK) 40 Bit encryption offered (NOT ok) 56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/bin/openssl Export Ciphers (general) offered (NOT ok) Low (<=64 Bit) offered (NOT ok) DES Ciphers offered (NOT ok) Medium grade encryption offered (NOT ok) Triple DES Ciphers offered (NOT ok) High grade encryption offered (OK) --> Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here PFS ciphers (OK): ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-RC4-SHA --> Testing server preferences Has server cipher order? nope (NOT ok) Negotiated protocol TLSv1.2 Negotiated cipher ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (limited sense as client will pick) Negotiated cipher per proto (limited sense as client will pick)(SPDY is a HTTP protocol and thus not tested here) ECDHE-RSA-AES256-SHA: SSLv3, TLSv1, TLSv1.1 ECDHE-RSA-AES256-GCM-SHA384: TLSv1.2 No further cipher order check as order is determined by the client --> Testing server defaults (Server Hello) TLS timestamp: (not yet implemented for STARTTLS) HTTP clock skew: not tested as we're not targeting HTTP TLS server extensions renegotiation info, EC point formats, session ticket, heartbeat Session Tickets RFC 5077 7200 seconds Server key size 2048 bit Signature Algorithm SHA1 with RSA Fingerprint / Serial SHA1 62D590B1F07257E21B08EB88D9295C0EF00F3EA2 / 01B8 SHA256 ED83D27364F556AEAAA066E4D35FB46E959C033C579E226D89A8850F9FDACB5C Common Name (CN) eugeni.torproject.org (matches certificate directly) subjectAltName (SAN) -- Issuer auto-ca.torproject.org (torproject.org) Certificate Expiration >= 60 days (2015-03-10 20:00 --> 2016-03-09 19:00 -0500) # of certificates provided 2 Certificate Revocation List -- OCSP URI -- OCSP stapling not offered --> Testing vulnerabilities Heartbleed (CVE-2014-0160) (not yet implemented for STARTTLS) CCS (CVE-2014-0224) (not yet implemented for STARTTLS) Secure Renegotiation (CVE 2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation likely not vulnerable (OK) (timed out) CRIME, TLS (CVE-2012-4929) VULNERABLE (NOT ok), but not using HTTP: probably no exploit known POODLE, SSL (CVE-2014-3566) VULNERABLE (NOT ok), uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below) TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention NOT supported FREAK (CVE-2015-0204), experimental VULNERABLE (NOT ok), uses EXPORT RSA ciphers LOGJAM (CVE-2015-4000), experimental VULNERABLE (NOT ok), uses DHE EXPORT ciphers BEAST (CVE-2011-3389) SSL3: ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA EDH-RSA-DES-CBC-SHA DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-RC2-CBC-MD5 TLS1: ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA EDH-RSA-DES-CBC-SHA DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-RC2-CBC-MD5 -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2 RC4 (CVE-2013-2566, CVE-2015-2808) VULNERABLE (NOT ok): ECDHE-RSA-RC4-SHA RC4-SHA RC4-MD5 RC4-MD5 EXP-RC4-MD5 EXP-RC4-MD5 --> Testing all locally available 141 ciphers against the server, ordered by encryption strength Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC) ----------------------------------------------------------------------------------------------------------------------- xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA x9f DHE-RSA-AES256-GCM-SHA384 DH 1024 AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 x6b DHE-RSA-AES256-SHA256 DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 x39 DHE-RSA-AES256-SHA DH 1024 AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA x88 DHE-RSA-CAMELLIA256-SHA DH 1024 Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA x9e DHE-RSA-AES128-GCM-SHA256 DH 1024 AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 x67 DHE-RSA-AES128-SHA256 DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 x33 DHE-RSA-AES128-SHA DH 1024 AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA x9a DHE-RSA-SEED-SHA DH 1024 SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA x45 DHE-RSA-CAMELLIA128-SHA DH 1024 Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA xc011 ECDHE-RSA-RC4-SHA ECDH 256 RC4 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA x05 RC4-SHA RSA RC4 128 TLS_RSA_WITH_RC4_128_SHA x04 RC4-MD5 RSA RC4 128 TLS_RSA_WITH_RC4_128_MD5 x010080 RC4-MD5 RSA RC4 128 SSL_CK_RC4_128_WITH_MD5 xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 256 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA x16 EDH-RSA-DES-CBC3-SHA DH 1024 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA x15 EDH-RSA-DES-CBC-SHA DH 1024 DES 56 TLS_DHE_RSA_WITH_DES_CBC_SHA x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA x14 EXP-EDH-RSA-DES-CBC-SHA DH(512) DES 40,export TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA x08 EXP-DES-CBC-SHA RSA(512) DES 40,export TLS_RSA_EXPORT_WITH_DES40_CBC_SHA x06 EXP-RC2-CBC-MD5 RSA(512) RC2 40,export TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 x040080 EXP-RC2-CBC-MD5 RSA(512) RC2 40,export SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 x03 EXP-RC4-MD5 RSA(512) RC4 40,export TLS_RSA_EXPORT_WITH_RC4_40_MD5 x020080 EXP-RC4-MD5 RSA(512) RC4 40,export SSL_CK_RC4_128_EXPORT40_WITH_MD5 Done now (2015-06-19 11:41) ---> 38.229.72.13:25 (eugeni.torproject.org) <--- ------------------------------------------------------------------------------------------------------------------------- Done testing now all MX records (on port 25): eugeni.torproject.org