2020-03-08 website test - mailbox.org

From annawiki
Revision as of 2020-03-08T21:45:18 by Tobiasco (talk | contribs)


ssllabs.com

https://www.ssllabs.com/ssltest/analyze.html?d=mailbox.org&s=80.241.60.194&latest

  • Key Exchange 90/100
  • Cipher Strength 90/100

ssllabs.com - Protocols

  • TLS 1.3 - no

ssllabs.com - Cipher Suites - Handshake Simulation

4x WEAK

  1. TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 4096 bits FS WEAK 256
    1. Safari 6 / iOS 6.0.1 RSA 4096 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 4096 FS
    2. Safari 7 / iOS 7.1 R RSA 4096 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 4096 FS
    3. Safari 7 / OS X 10.9 R RSA 4096 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 4096 FS
    4. Safari 8 / iOS 8.4 R RSA 4096 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 4096 FS
    5. Safari 8 / OS X 10.10 RSA 4096 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 4096 FS
  2. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 256
    1. IE 11 / Win Phone 8.1 R RSA 4096 (SHA256) TLS 1.2 > http/1.1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDH secp256r1
  3. TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 4096 bits FS WEAK 128
  4. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK 128

The last two do not appear in the handshake simulation.

tls.imirhil.fr

https://tls.imirhil.fr/https/mailbox.org

  • Cipher 90/100
  • Keys : Diffie Hellman : ECC 256 bits

TLSv1_2:

DHE-RSA-AES128-GCM-SHA256 DH 4096 RSA 4096 AES 128 128 GCM SHA256 256 PFS
DHE-RSA-AES128-SHA DH 4096 RSA 4096 AES 128 128 CBC SHA1 160 PFS
ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 RSA 4096 AES 128 128 GCM SHA256 256 PFS
ECDHE-RSA-AES128-SHA ECDH 256 RSA 4096 AES 128 128 CBC SHA1 160 PFS


hstspreload.org

https://hstspreload.org/?domain=mailbox.org

Serve an HSTS header on the base domain for HTTPS requests:
The max-age must be at least 31536000 seconds (1 year).

https://observatory.mozilla.org/analyze/mailbox.org#third-party:

  • "The max-age must be at least 31536000 seconds (≈ 1 year), but the header currently only has max-age=15768000."

observatory.mozilla.org

https://observatory.mozilla.org/analyze/mailbox.org

  • Content Security Policy (CSP) implemented with unsafe sources inside style-src.

Content Security Policy Analysis:

  • Blocks inline styles by not allowing 'unsafe-inline' inside style-src - NO
  • Deny by default, using default-src 'none' - NO
  • Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins - NO
  • Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs - NO

https://observatory.mozilla.org/analyze/mailbox.org#tls Cipher Suites : 4x no AEAD

securityheaders.com

https://securityheaders.com/?followRedirects=on&hide=on&q=mailbox.org

  • Grade capped at A, please see warnings below.
  • Set-Cookie csrf_https-contao_csrf_token=...; path=/; secure; httponly; samesite=lax; httpOnly; secure
  • Content-Security-Policy This policy contains 'unsafe-inline' which is dangerous in the style-src directive.
  • Set-Cookie There is no Cookie Prefix on this cookie.